student@hack3rs:~$ cat entry-level-network-security-roadmap-canada.md
Entry-Level Network Security Roadmap in Canada (0-12 Months)
A realistic 0-12 month roadmap for Canadian learners building toward entry-level network security, SOC, or blue-team-adjacent roles with a fundamentals-first, white-hat approach.
prerequisites
- $Beginner interest in network security or cybersecurity learning.
1. Months 0-3: Build Protocol and Logging Literacy
Learn TCP/IP, DNS, HTTP and HTTPS, TLS, routing basics, subnetting, NAT, and firewall policy logic. At the same time, learn where Linux and Windows logs live and how to read basic auth, service, and system events.
Most beginner mistakes happen because every unfamiliar event looks suspicious when you have no baseline. Spend this stage observing normal traffic and normal logs repeatedly until the patterns become familiar.
By the end of month three, you should be able to trace a normal web request end-to-end, explain a basic firewall decision, and correlate at least one network event with a host log entry.
2. Months 4-8: Add Packet Analysis, Detection, and Validation
Add Wireshark and TShark, tcpdump, Nmap, Zeek, and Suricata to your study rotation. Each answers a different question: packet evidence, fast capture, exposure validation, protocol telemetry, and detection signals. Learn what each tool is for before trying to master it.
Write short analyst-style notes for every exercise. Document the question you were trying to answer, the command you ran, what the output showed, and what evidence would increase or decrease your confidence. That habit is the difference between interview-ready skill and a pile of copied commands.
Start reading threat pages and connect them to tools. Example: phishing and credential theft maps to auth logs, Sigma rules, Wazuh, and packet validation together.
3. Months 9-12: Portfolio, Role Focus, and Interview Prep
Choose a direction: network operations and SOC, wireless defense, web application defense support, or AD and Windows. Follow one guided path deeply and complete labs that demonstrate you can collect and explain evidence, not just run commands.
Build a portfolio of defensive lab notes: packet investigations, exposure validation writeups, triage worksheets, and post-incident improvement exercises. Keep everything white-hat and authorized. Do not publish offensive instructions or scan results from third-party systems.
Prepare for interviews by practicing explanations out loud. Employers remember candidates who can describe what a tool is for, how they confirmed the output, and what they would do next in a real incident — not the candidate who can recite the most flags.
12-month-roadmap-checkpoints
- $Finish core fundamentals and logging basics before adding detection tools.
- $Run one packet analysis exercise and one log correlation exercise each week.
- $Set up a small lab and document every experiment: setup, expected output, actual output, conclusion.
- $Follow one role-based tool path deeply rather than skimming several.
- $Build a defensive portfolio where every entry shows evidence and reasoning, not just screenshots.