skill roadmap

overview

This isn’t all inclusive, but a way for me to keep track of some of the more impactful items that are publicly available for free or for a reasonable price for the item itself.

formal education

1. Bachelor of Science in Cyber Operations - Dakota State University (DSU) - ✅
2. Master of Science in Cyber Defense - Dakota State University (DSU) - ✅
3. (Maybe) PhD - New York University (NYU) (Part-Time) - 🛑

web app pentesting / source code review

1. PortSwigger Academy - ✅

2. HackTheBox Certified Bug Bounty Hunter (HTB CBBH) - ✅

3. PentesterLab - Assorted Badges - 🔄

4. SecureCodeWarrior:

   • Go - 🔄
   • C# - 🔄
   • GitHub Actions - 🛑

5. HackTheBox Certified Web Exploitation Expert (HTB CWEE) - 🛑

6. OffSec OSWE - 🛑

7. Certified Secure Software Lifecycle Professional (CSSLP) - 🛑

programming

go

1. A Tour of Go - ✅
2. Let’s Go by Alex Edwards - ✅
3. Learn Go with Tests by quii - 🔄
4. Effective Go Recipes
5. Building Microservices in Go (Pluralsight) - 🔄
6. Grind 75 - 🛑
7. Let’s Go Further by Alex Edwards - 🛑
8. Ardan Labs Go Bundle - 🛑
9. 100 Mistakes in Go
10. Go By Example (with accompanying github repo)
11. Ultimate Go Notebook
12. How I Write HTTP Services in Go After 13 Years
13. Go Secure Coding Practices
14. Go with the Domain (Book)
15. Building Event-Driven Applications in Go

golang packages / tools to get familiar with

1. net/http
2. zap
3. pgx (overview, yt video)
4. testify
5. temporal
6. validator
7. chi

golang web app repos to study, to see how things are handled (actions, releases, etc.)

• usememos/memo: devon wiki & github

systems / devops / ci/cd / scr

• how git internally works

ai agents, MCP, automation, durable execution

temporal (with Go)

1. Read the Zine on Durable Execution - 🛑
2. Temporal 101: Introducing the Temporal Platform - 🛑
3. Temporal 102: Exploring Durable Execution - 🛑
4. Crafting an Error Handling Strategy - 🛑
5. Versioning Workflows - 🛑
6. Build an eCommerce App with Temporal - 🛑
7. Build an Email Drip Campaign - 🛑
8. Create Audiobooks from Text - 🛑
9. Build a Background Check Application - 🛑
10. Give a Presentation - Build Invincible Apps with Durable Execution - Go - 🛑

orbstack & docker

c#

1. C# Documentation (All of it) - 🛑
2. ASP.NET Core Documentation (All of it) - 🛑
3. ISE Engineering Fundamentals Playbook - 🛑
4. OWASP DotNet Cheat Sheet - 🛑

SAST

CodeQL

• Trail of Bits - CodeQL Guide
• Discover Vulnerabilities with CodeQL
• CodeQL Zero to Hero: Part 1 & Part 2 & Part 3 & Part 4 (and perform the exercises that go along with them)
• CodeQL Documentation
• Code Scanning via Codespaces & Private Vulnerability Reporting
• BugCrowd CodeQL Roundtable
• CNCF: Security as Code - A DevSecOps Approach
• CodeQL CTFs to Practice With
• Use CodeQL in a repo of your own - ✅
• How to secure your GitHub Actions workflows with CodeQL
• How GitHub uses CodeQL to secure GitHub

Need help or running into a problem? Use the GitHub Security Lab’s Discussions. Sometimes updates to CodeQL contain breaking changes (like to the dataflow API) and the relevant documentation for specific languages isn’t updated, so don’t be afraid to ask.

Semgrep

1. Semgrep 101 via Semgrep Academy, then the other relevant courses - 🛑
   • Semgrep Custom Rules Level 1 - 🔄
2. Use Semgrep in a repo of your own - ✅

not 100% necessary, but still completed

other certs

• CompTIA CySA+ - ✅

policy

• PCI - 🛑
• HIPAA - 🛑
• ISO 27001 - 🛑
• SOC 1 & SOC 2 - 🛑