Cybersecurity is one of the fastest-growing and most sought-after fields in technology, with a global skills gap of 4 million+ professionals. Salaries for experienced security engineers range from £55,000 to £120,000+ in the UK, with penetration testers and security architects among the highest earners. This structured learning path takes you from zero to job-ready.
On this page
Foundation Phase (0–3 Months)
0/6 complete
Specialisation Paths
| Path | Key Role | Core Skills | Entry-Level UK Salary | Top Certification |
|---|---|---|---|---|
| Blue Team / Defensive | SOC Analyst, Security Engineer | SIEM (Splunk), IR, threat hunting, log analysis, SOAR | £30,000–£50,000 | CompTIA CySA+ → GCIA |
| Red Team / Offensive | Pen Tester, Red Team Operator | Web app testing (Burp Suite), network pen test, Active Directory attacks, Metasploit | £35,000–£60,000 | CEH → eJPT → OSCP |
| Cloud Security | Cloud Security Engineer | AWS/Azure/GCP security, IAM, CSPM, IaC security scanning | £50,000–£80,000 | AWS Security Specialty / AZ-500 |
| GRC (Governance, Risk, Compliance) | GRC Analyst, DPO, Compliance Manager | ISO 27001, GDPR, risk assessment, audit, policy writing | £35,000–£60,000 | CISM / ISO 27001 Lead Implementer |
| Threat Intelligence | Threat Intel Analyst, Malware Analyst | MITRE ATT&CK, malware analysis (REMnux), threat reporting, dark web monitoring | £40,000–£65,000 | GREM → CTI certifications |
Blue Team / Defensive
- Key Role
- SOC Analyst, Security Engineer
- Core Skills
- SIEM (Splunk), IR, threat hunting, log analysis, SOAR
- Entry-Level UK Salary
- £30,000–£50,000
- Top Certification
- CompTIA CySA+ → GCIA
Red Team / Offensive
- Key Role
- Pen Tester, Red Team Operator
- Core Skills
- Web app testing (Burp Suite), network pen test, Active Directory attacks, Metasploit
- Entry-Level UK Salary
- £35,000–£60,000
- Top Certification
- CEH → eJPT → OSCP
Cloud Security
- Key Role
- Cloud Security Engineer
- Core Skills
- AWS/Azure/GCP security, IAM, CSPM, IaC security scanning
- Entry-Level UK Salary
- £50,000–£80,000
- Top Certification
- AWS Security Specialty / AZ-500
GRC (Governance, Risk, Compliance)
- Key Role
- GRC Analyst, DPO, Compliance Manager
- Core Skills
- ISO 27001, GDPR, risk assessment, audit, policy writing
- Entry-Level UK Salary
- £35,000–£60,000
- Top Certification
- CISM / ISO 27001 Lead Implementer
Threat Intelligence
- Key Role
- Threat Intel Analyst, Malware Analyst
- Core Skills
- MITRE ATT&CK, malware analysis (REMnux), threat reporting, dark web monitoring
- Entry-Level UK Salary
- £40,000–£65,000
- Top Certification
- GREM → CTI certifications
Free Labs & Platforms
- TryHackMe (tryhackme.com) — guided learning paths, browser-based labs. Best for beginners. Free tier covers most content.
- Hack The Box (hackthebox.com) — retired machines free after release. Industry standard for intermediate/advanced practice.
- PentesterLab (pentesterlab.com) — excellent web application security labs. Free badges; Pro tier for advanced content.
- PortSwigger Web Academy (portswigger.net/web-security) — best web security labs, covering all OWASP categories. Completely free.
- Vulnhub (vulnhub.com) — downloadable VMs for local exploitation practice. Great for offline lab work.
- SANS Cyber Aces (cyberaces.org) — free foundational security course by SANS.
- Cybrary (cybrary.it) — structured video courses; some free, some paid. Good for SOC analyst fundamentals.
Building a Security Portfolio
0/5 complete