What should I study for cybersecurity?

What to study is less about a syllabus and more about a sequence. Cybersecurity layers concepts on top of each other, and skipping a layer creates blind spots that show up later as missed interview questions or bungled incident calls. The NICE Framework (NIST SP 800-181, Rev. 1, 2020) lists three prerequisite knowledge areas for nearly every entry-level cybersecurity role: networking, operating systems, and core security concepts. Sequence them in that order.

Start with networking because most attacks and most defenses traverse a network at some point. Learn the OSI model, TCP/IP, DNS, DHCP, ARP, HTTP/HTTPS, common ports, firewall logic, and packet capture. CyberSeek (2024) lists network security as the most commonly requested skill in U.S. entry-level cybersecurity postings. Free resources: Professor Messer's Network+ video series on YouTube and the practical packet captures available through Malware-Traffic-Analysis.net for read-along exercises.

Next, build operating system fluency on both Linux and Windows. You need command-line confidence (bash on Linux, PowerShell on Windows), an understanding of file permissions, account and group management, scheduled tasks, and system logging (syslog, journald, Windows Event Log). The OverTheWire Bandit wargame teaches Linux fundamentals through gameplay. For Windows, Microsoft Learn's free Windows Server administration paths cover the relevant skills.

Then study core security concepts. The CIA triad (confidentiality, integrity, availability), authentication versus authorization, symmetric and asymmetric encryption, hashing, digital certificates, and the OWASP Top 10 (2021) common web vulnerabilities. CompTIA Security+ (SY0-701, $404 per CompTIA, April 2026) covers this material in its six-domain syllabus and produces a recognized credential at the end of the study cycle. Most candidates pass after 8 to 16 weeks of one-to-two-hour daily study.

Practice with actual tools, not just videos. Wireshark for packet capture and protocol analysis. Nmap for network reconnaissance. Splunk Free or Elastic for SIEM operations. Suricata or Snort for IDS rule writing. A Kali Linux VM for hands-on exposure to penetration testing tools. CyberSeek (2024) lists SIEM operation as the second-most requested entry-level skill, but hiring managers can tell within five minutes of an interview whether a candidate has actually used the tool or only watched someone else use it.

Decision logic for what to study deeper. Pick the SOC analyst study track (deep SIEM, network forensics, incident response playbooks, MITRE ATT&CK familiarity) if you are detail-oriented and want a clear technical ladder. Pick the GRC track (NIST CSF, SOC 2, ISO 27001, risk frameworks, policy writing) if you have business or audit background. Pick the offensive track (web application security, Linux privilege escalation, scripting in Python and Bash, OSCP-style methodology) if you can sit with frustration for hours and enjoy puzzle-solving.

Tradeoffs to acknowledge. The field is wide enough that you will never be fluent in all of it. Senior practitioners typically own one domain deeply and stay literate in three or four adjacent ones. Trying to study everything at once means studying nothing well. Pick the lane that fits your strengths and study the adjacent material at survey depth, not mastery depth.

For role-specific study maps, see the related career entries for soc-analyst, penetration-tester, and security-engineer, the certification entry for comptia-security-plus, and the glossary entry for cia-triad. Each entry breaks down the precise tools and concepts a hiring manager actually expects on day one.