Roadmap

After studying IT for 8 years and working as a functional manager, I decided to pivot my career toward cybersecurity — specifically ethical hacking and pentesting. In this page, I’ll share my personal roadmap for becoming a professional pentester, including my short- and long-term goals.

📍 Current Focus (0–6 months)

Courses I’m following:

Hands-On Learning:

  • I have been granted permission to ethically hack and test internal systems at my workplace.
  • This allows me to directly practice security testing in a real-world, legal environment, focusing on:
    • API vulnerability testing
    • Web application security
    • Internal network reconnaissance

Current role: Functional Manager with responsibilities that include technical process management and now hands-on security testing as part of my career development..

📍 Skills Development Plan (6–12 months)

Goals:

  • Continue practicing on internal systems with increasing depth (focusing on APIs, Web Apps, Networks).
  • Learn advanced API vulnerability hunting techniques.
  • Participate in internal security improvement projects.
  • Deepen skills with tools like Burp Suite, Postman, and OWASP ZAP.

📚 Current Skills

Over the past 8 years of working and studying in IT, I have developed the following skills:

  • Database Knowledge: SQL programming (reading, writing queries, basic optimization)
  • Code Analysis: Ability to read and understand code (various languages including Java, Python, and PHP at a basic level)
  • Networking Fundamentals: Understanding of TCP/IP, routing, switching, and firewalls
  • Security Foundations:
    • Completed the CEH Foundation course
    • Knowledge of common vulnerabilities (OWASP Top 10)
    • Basic experience with vulnerability scanning tools (e.g., Nessus, OpenVAS)
  • System Management:
    • Windows Server and Active Directory management
    • Linux basics (Ubuntu server management, shell scripting)
  • API Knowledge:
    • Understanding of REST APIs
    • Experience interacting with APIs (Postman, basic manual testing)