Two weeks into a structured cybersecurity learning journey. This is the Week 2 review. Week 1 review and daily posts are on my profile.
What changed between Week 1 and Week 2
Week 1 was building a mental model — understanding networking protocols, Linux commands, and basic Python.
Week 2 was applying that model — studying for a real certification, building tools that do real things, and seeing real evidence of attacks.
Security+ — 7 days of study
Booked CompTIA Security+ SY0-701 exam for June 9, 2026. Using Professor Messer's free course.
Domain 1 — General Security Concepts
CIA triad: three genuinely distinct properties that fail independently. Confidentiality fails in data breaches. Integrity fails when data is modified in transit. Availability fails during DDoS attacks.
Authentication (proving identity) and authorization (granting permissions) are separate systems. Both must work correctly. Broken access control — where authorization fails — is in the OWASP Top 10 every year.
Security control types: preventive, detective, corrective, deterrent, compensating. The exam tests which type applies to a given scenario.
Domain 2 — Threats and Vulnerabilities
Eight malware categories. Key distinction: the virus requires human action to spread. Worm spreads automatically through vulnerability exploitation. Different propagation, different defenses.
Eight social engineering attack types. Pretexting — creating a fabricated scenario to manipulate a target — is the one most people underestimate. It bypasses all technical controls.
Domain 3 — Security Architecture
Zero Trust replaces perimeter security. Never trust, always verify. Every access request is authenticated regardless of source. Required by government contracts and increasingly standard in enterprise.
First practice test score: Tracking weekly to measure improvement toward the exam.
Three tools built this week
Port Scanner v2 — upgraded with service name dictionary. Port numbers display with protocol names.
Password Generator — cryptographically random passwords using Python string and random libraries.
Log Analyzer — this one produced something real. Reads auth.log, ranks source IPs by failed SSH attempts. Ran on my own Kali machine. Found 10 failed login attempts from 30 unique external IP addresses in less than two weeks of uptime.
Writing a tool that finds real attacks on a real system you own is a different experience than reading about what attacks look like.
OverTheWire Bandit — levels 8 through 15
Level 10 reinforced an important point: base64 is encoding, not encryption. Looks mysterious, decodes instantly. Attackers use it for obfuscation. Recognizing it is a basic skill.
Level 12 was the most complex — a file compressed multiple times with different algorithms. The file command at each step identified the next compression type. The same technique is used when analyzing obfuscated malware payloads.
Level 14 introduced netcat — raw TCP connections to any host and port. One of the most versatile tools in network security.
Level 15 introduced OpenSSL for testing SSL connections.
Resume drafted
First draft complete. No cybersecurity job experience. Portfolio evidence instead: three Python tools with GitHub links, Security+ exam date, 14 days of public documentation. Any recruiter who clicks the GitHub links can verify working code with documentation.
Week 3
Security+ Domains 4 and 5 — Security Operations and Security Program Management — account for 48% of the exam combined. Domain 4 alone is 28%. This is where incident response, SIEM, threat intelligence, and vulnerability management live. The most relevant domain for a SOC analyst role.
First job applications are being sent this week.
Everything is public. GitHub repositories are linked on my profile.
Top comments (0)