Year 1 — Foundations
1.1 CS50: Intro to Computer Science (Harvard)
Audit free via edX. Algorithms, memory, abstraction at real depth.
Gate: pset8 + final project on GitHub
1.2 CS50P: Intro to Programming with Python (Harvard)
Free audit — finishes the "In Progress" line already on the resume.
Gate: all 9 psets passing
1.3 Computer Networks (Stanford CS144 equiv.)
Stanford CS144 archive + Georgia Tech CS 6250 backup. Kurose & Ross as reference text.
Gate: diagram TCP handshake, DNS resolution, subnetting from memory
1.4 CompTIA Network+ (paid)
Professor Messer free course + pfSense/VLAN home lab.
Gate: pass Network+ — $369 voucher
Checkpoint #1 — internship-eligible once Network+ is certified and CS50/CS50P are on GitHub.
Year 2 — Core Security
2.1 Cryptography I (Stanford, Dan Boneh)
Audit free on Coursera. Cipher-breaking exercises in Python, pushed to GitHub.
2.2 Computer Systems Security (MIT 6.858)
MIT OpenCourseWare — fully free, no certificate to buy. OS/web security, buffer overflows, web exploitation labs.
Gate: labs 2 & 3 documented on GitHub
2.3 CompTIA Security+ (paid)
Professor Messer / Jason Dion free content.
Gate: pass Security+ SY0-701 — $404 voucher
2.4 Web Security (Stanford CS253 equiv.)
CS253 archive + official OWASP Top 10 docs. OverTheWire "Natas" wargame.
Gate: clear Natas levels 0–15
Checkpoint #2 — networking + security fundamentals + real labs on GitHub.
Year 3 — Applied Specialization
3.1 Applied Offensive Security
TryHackMe "Jr Penetration Tester" path + HackTheBox Academy free tiers.
Gate: 25+ machines rooted & written up
3.2 Applied Defensive Security (Blue Team)
Wazuh or Security Onion, free docs/training. SIEM deployed in the home lab.
Gate: SIEM detecting simulated attacks
3.3 Specialization Cert (paid — pick one, only when job-targeted)
CySA+ (best fit given the systems background), eJPT/CPTS ($100–500), or CEH v13 (~$1,199, only if a listing names it). Don't buy until a role calls for it.
3.4 Cloud Security Foundations
AWS Skill Builder or Microsoft Learn AZ-500 path — free to learn; sit the paid exam only once employed in a cloud-touching role.
Checkpoint #3 — junior SOC / security-analyst-ready portfolio.
Year 4 — Capstone
Cappyworks Security Audit & Hardening Report
Full pentest of your own ProPHBot/Gym Depot infrastructure, a written vulnerability assessment in industry format, remediation, and SIEM monitoring on production Cappyworks infra — network eng + security eng + real deployment in one project, and a sellable service line.