Over 90% of all cybersecurity jobs are defensive (blue team). If you want to dramatically increase the odds of getting a job, you MUST have a solid foundation in the Blue Arts. Having degrees and certifications make for a better resume, but if you can’t get past the technical portion of a job interview, it’s just a ticked box. Sometimes those boxes are required, but it just gets your foot in the door. To land the job, you need experience. But how does one break that Catch-22… How do I get the job if I don’t have experience, and how do I get experience without a job? Hands-on training.
With over 80 items in our technical cybersecurity training catalog, we often get asked, “Where do I begin?” Then, “What do I do next?” As the Just Hacking Training (JHT) platform expands and our Blue Team offerings begin to fill out from beginner to advanced, we thought it was time to start recommending roadmaps of what courses to take, when AND offer guidance on what might fit you best to have a fulfilling career.
Start HERE!
๐ท Toe in the Water! There are many paths one can take to begin their cybersecurity career, but most recommend being a Jr. SOC Analyst first. That’s not to say that there are many professionals who can jump right into forensics, pentesting or many other higher skill-level jobs. But for most, SOC Analyst 101 is a great place to start. In this $25 NameYourPrice course, you get to build a basic open source SOC (Elastic) then play with real-world case studies. If you like what you learned, maybe this security stuff really is for you!
๐ท Next Stepโฆ Blue Team Buffet with Constructing Defense 2025. Try a little of everything to see what fits you best in this 3-Course Path including a massive cyber range. Windows, Linux, Kubernetes, AD, Splunk, AWS, Azure and so much more. Attack and defend an entire corporate enterprise in a cloud-based, pre-setup virtual environment to break the experience Catch-22 and GET. THE. JOB! Only $375 (25% Off) with code CYBER25!
Specializeโฆ but Start Slow. No Blue Team Experience Required!
JHT provides a few options to avoid all the boring theory and get right down to learning the basics of a new skill. We still recommend learning everything you can, but let’s see if you like a topic first AND help you and your organization right away. Try these:
๐ท Windows Log Analysis โ SIEMless Threat Hunting – Learn hunting basics using only built-in Windows & open source tools. NO extensive security infrastructure needed. Just $45 with code CYBER25!
๐ท Ransomware Analysis Basics – Hack the attackersโ process & learn the tools of Forensic Investigators while possibly saving your org millions. Another $25 NameYourPrice course!
๐ท Script-Based Malware Analysis – John Hammond teaches easy malware analysis without learning IDA or GHIDRA. Only $45 with code CYBER25!
Ramp It Up!
When you go back to the buffet for seconds and only have a tiny amount of room left for a second helping, you usually go right to those things that you love. So, after trying a little of all cybersecurity tasks in ConDef, what grabbed you? What could you not stop thinking about? What would you do even if you weren’t paid to do it? That’s when you specialize with more than just toe in the water.
๐ท Incident Response 101 – Name says it all! Labs are also included for only $75 with code CYBER25.
๐ท Threat Hunting Basics (Coming Soon!)
๐ท Forensics Library (Numerous courses launching in 2026)
๐ท OS Hardening and Deception
Prerequisites for Blue Team Success
I know it may be an unpopular thing to say, but one should really have a technical foundation before venturing into cybersecurity. Is it 100% absolutely required? No. But your odds of getting and keeping a job improve dramatically if you do.
๐ท Must. Know. NETWORKING! At least the basics. Lots of great free resources out there. Network Chuck, David Bombal and Professor Messer and just a few suggestions. Self-study on CCNA or Network+ is plenty.
๐ท Be comfy in Windows AND Linux especially the command line. SysAdmin work is a definite plus.
๐ท Know how to play with Virtual Machines.
๐ท Programming. Yes… programming! You don’t have to be a full-on developer, but you should know scripting and the basic concepts of coding.
Did You Say FREE!?!?
You can also get an overview of a given tool, topic or concept with our Free Upskill Challenges (UCs), small bite-sized lessons meant for quick wins. Try these defensive-focused UCs from the JHT All-Stars:
๐ท UC – APIs (Katie Paxton-Fear)
๐ท UC – Cloud Security Series (AWS, Azure, GCP) (Carlos Polop)
๐ท UC – Cyber Threat Intelligence (JennFunk)
๐ท UC – Detection via Deception (Adrian Sanabria)
๐ท UC – Sysmon (Anton Ovrutsky)
๐ท UC – Virtualization (seclilc)
๐ท UC – Visual Studio Code (Joe Helle)
๐ท UC – Vulnerability Management (Eric Johnson)
๐ท UC – Wi-Fi Basics (Ross Flynn)
๐ท UC – Windows Internals (Pat Gorman)
๐ท UC – Windows System Administrator (Shikata)
We hope that helps guide you on your career journey here at JHT or even elsewhere. We don’t offer everything… yet! ;-P But there are lots of great instructors and platforms, so use whatever works best for you.
To continue the conversation, head over to our Discord, get the “Engage with the JHT Student Community” Role, and start networking (the other type)!
Thx and Happy Hacking,
Don
PS – As we round out our offensive training options, look for a Red Team Training Roadmap in Q1 of 2026.
