Cybersecurity Career Roadmap for Beginners in India — No Degree Needed (2026 Guide)

Let me start with a number that genuinely floored me when I first came across it.

India needs approximately 1 million cybersecurity professionals to meet its current demand. The number of qualified experts available right now? Around 80,000.

Read that again. The demand is 1 million. The supply is 80,000. That’s not a talent gap — that’s a canyon. And that canyon is widening every single year as India digitises faster, as UPI and fintech grow, as government systems go online, as every company from a Bangalore startup to a Mumbai bank builds out its digital infrastructure.

Now here’s the part that should actually excite you if you’re reading this as someone trying to figure out your next move: you don’t need a computer science degree to get into cybersecurity in India. You don’t need to have been coding since you were twelve. You don’t need an expensive college admission or four years of tuition fees.

What you need is the right roadmap, the right certifications in the right order, the willingness to build hands-on skills, and the patience to grind through the early stage when the money isn’t great yet.

This article is that roadmap. Written honestly, for beginners, with real numbers and real steps — not vague career advice that sounds good but leaves you no clearer on what to actually do Monday morning.

Let’s get into it.

Why Cybersecurity in India Is a Once-in-a-Generation Opportunity

I want you to understand the structural reasons this field is booming — because when you understand why the demand is exploding, you make smarter decisions about where to position yourself within it.

Reason 1: India is digitising at an unprecedented pace, and every digital surface is an attack surface.

Every UPI transaction, every Aadhaar-linked service, every hospital that switched to digital records, every manufacturing plant that added IoT sensors, every government portal — all of it needs to be secured. Cyberattacks on Indian organisations have grown dramatically year over year. Banks are getting hit. Hospitals are getting hit. Even AIIMS Delhi suffered a major ransomware attack. The threats are real, frequent, and growing.

Reason 2: Regulation is creating jobs.

India’s Digital Personal Data Protection (DPDP) Act Rules were notified in November 2025, and 2026 is the execution year — meaning companies need to be compliant now. Organizations need Data Protection Officers, compliance analysts, and security architects immediately to meet these new requirements. RBI and SEBI have also tightened cybersecurity frameworks for financial services, driving dedicated cyber risk team expansion. Regulation doesn’t create optional jobs — it creates mandatory ones. Accountability Now

Reason 3: 93% of Indian companies are increasing their cybersecurity budgets.

93% of Indian companies are increasing their cybersecurity budgets, with 17% planning increases of 15% or more — directly translating into more jobs, higher salaries, and accelerated career growth. When companies open their wallets this consistently, the money flows downstream to the professionals who do the actual work. Accountability Now

Reason 4: AI is making cybersecurity more important, not less.

There’s a common fear that AI will kill tech jobs. In cybersecurity, the opposite is happening. AI-powered cyberattacks are becoming more sophisticated, which means AI-powered defences are needed. AI-driven threat detection is replacing repetitive monitoring tasks in Security Operations Centres, but creating demand for analysts skilled in AI and machine learning — the net effect is more need for skilled professionals, not less. Innowise

Reason 5: The salary trajectory is steep.

The cybersecurity salary in India can range from ₹4 LPA for entry-level professionals to ₹1 crore annually for senior leadership roles such as Chief Information Security Officer (CISO). That’s a range that rewards people who stay in the field and build depth over time. Fintechmagazine

The Honest Reality Check First

Before I give you the roadmap, I want to be straight with you about a few things — because most career guides skip the uncomfortable parts.

The early money isn’t great. Fresher salaries are modest — ₹3.5–6 LPA without an internship. The ₹15+ LPA roles need 3–5 years of focused grinding through certifications and real incidents. If you’re looking for a get-rich-quick career switch, this isn’t it. If you’re looking for a career that compounds significantly over 5–7 years and becomes one of the most financially rewarding tech paths available — this absolutely is it. Miquido

The learning never stops. Cyber threats evolve every week. New vulnerabilities are discovered daily. A tool that was cutting-edge 18 months ago might be obsolete. This is not a field where you learn something once and coast. If you’re someone who genuinely enjoys figuring out how things work, that’s energising. If you hate constant learning, that’s important self-knowledge.

It’s not all Hollywood hacking. SOC analysts spend a significant portion of their early career doing alert triage — investigating whether a security alert is a real threat or a false positive. It’s important, unglamorous work. The exciting parts — penetration testing, incident response, threat hunting — come later, after you’ve built the foundational skills.

The on-call reality is real. Cybersecurity is incident-driven. A bad month means a Friday-night data breach response. Security incidents don’t respect business hours. Most SOC roles involve shift work and on-call responsibilities for the first 2–3 years. Miquido

I’m telling you this not to discourage you — but because people who enter this career with accurate expectations stay and succeed. People who enter expecting something different leave within 18 months.

If you read all of that and still want in: welcome. The roadmap starts here.

The Cybersecurity Career Landscape: What Roles Actually Exist in India

Most beginners think cybersecurity means “ethical hacking” or “penetration testing.” Those are real and well-paid roles — but they’re not the only ones, and they’re not the best starting point for everyone.

Here’s the actual map of cybersecurity roles in India and where they sit in the career arc:

Entry-Level Roles (Where Most People Start)

SOC Analyst (Level 1) The Security Operations Centre is the frontline of defence. SOC Analysts monitor security dashboards, investigate alerts, and escalate genuine threats to senior team members. This is the most common entry point in India. You’re essentially the first responder — you see everything, you learn fast, and you build the pattern recognition that more advanced roles require. Bangalore alone has 25,000+ active cybersecurity job postings as of April 2026, and fresher SOC L1 roles start at ₹3.5 LPA, rising significantly with certifications and experience. Miquido

Cybersecurity Analyst A broader role than pure SOC work — Cybersecurity Analysts assess an organisation’s security posture, run vulnerability scans, analyse threat intelligence reports, and help implement security policies. Entry-level salary: ₹4–8 LPA depending on location and certifications.

Network Security Engineer Configures and manages firewalls, intrusion detection systems, VPNs, and network monitoring tools. This role is ideal for people coming from a networking background (those with CCNA or similar knowledge have a natural advantage here).

IT Security Support The most accessible entry point — helping organisations manage security tools, handle basic incident tickets, and support the security team operationally. Lower pay but a stepping stone into more specialised roles.

Mid-Level Roles (Year 3–6)

Penetration Tester / Ethical Hacker The role most people picture when they think cybersecurity. Pen testers are paid to try to break into organisations’ systems — finding vulnerabilities before real attackers do. This is a mid-career role in India, not an entry-level one. You need solid networking, Linux, and scripting foundations before you can do this effectively. Salary range: ₹8–25 LPA depending on experience and specialisation.

Incident Response Analyst When a breach happens, IR analysts are the ones who contain it, investigate it, and help the organisation recover. High-pressure, high-skill, high-pay. Requires deep understanding of how attacks actually work.

Cloud Security Engineer As companies move to AWS, Azure, and GCP, someone needs to ensure those environments are configured securely. This role is growing faster than almost any other cybersecurity specialisation in India right now, because cloud adoption is accelerating and cloud misconfigurations are one of the leading causes of data breaches.

Application Security Engineer (AppSec) Embedded in software development teams, AppSec engineers identify and fix security vulnerabilities in code and software systems before they reach production. Requires programming knowledge alongside security skills.

GRC Analyst (Governance, Risk, Compliance) Manages an organisation’s compliance with security frameworks and regulations — ISO 27001, SOC 2, DPDP Act, RBI guidelines, PCI-DSS. Less technical than other roles but critically important, especially post-DPDP Act. Good entry point for people who come from non-technical backgrounds but have an eye for process and documentation.

Senior Roles (Year 6+)

Security Architect — Designs the overall security framework for an organisation. ₹25–60 LPA.

Threat Intelligence Analyst — Tracks advanced threat actors, analyses attack patterns, and helps organisations prepare for emerging threats. ₹15–35 LPA.

Red Team Lead — Leads advanced adversary simulation exercises. ₹12–40 LPA.

CISO (Chief Information Security Officer) — The top of the mountain. Responsible for an organisation’s entire security strategy, reporting to the board. Cybersecurity salaries reach up to ₹1 crore annually for CISO roles at large enterprises. Fintechmagazine

The Step-by-Step Roadmap: From Zero to Hired

Step 1: Build the Foundation (Months 1–2)

Before any cybersecurity-specific learning makes sense, you need to be comfortable with a few fundamentals. If you already have a CS or IT background, some of this will be review — but don’t skip it, because these concepts appear constantly in actual security work.

Networking — the non-negotiable foundation

Almost every cyberattack travels across a network. Defending against attacks or simulating them requires understanding how networks actually work. You need to know:

• How IP addressing and subnetting works
• What TCP/IP, UDP, and the OSI model are and why they matter
• How DNS resolution works (this is involved in a surprising number of attacks)
• What HTTP/HTTPS actually does under the hood
• What firewalls, routers, and switches do
• How common protocols like FTP, SSH, SMTP, and DHCP operate

The best free resource for this is Professor Messer’s CompTIA Network+ study materials on YouTube — free, clear, and complete. If you want a structured paid path, the CCNA from Cisco covers networking in depth and is well-respected by Indian employers.

Linux — your operating environment

Most cybersecurity tools run on Linux. Most servers that need protecting run Linux. Most attack platforms (Kali Linux) run Linux. Being comfortable in a Linux terminal is non-negotiable. Spend 2–3 weeks learning:

• File system navigation and basic commands (ls, cd, cat, grep, find, chmod)
• User and permission management
• Networking commands (ping, netstat, nmap basics, curl)
• Basic scripting in Bash

OverTheWire’s “Bandit” wargame is a free, gamified way to learn Linux terminal skills in a context that’s directly relevant to security. Start there.

Basic programming — Python specifically

You don’t need to become a developer. But you need to be able to write simple scripts that automate tasks, parse log files, and interact with APIs. Python is the language of choice in cybersecurity tooling. 4–6 weeks learning Python basics puts you in a much stronger position than someone who only knows tools without being able to script around them.

Step 2: Get Your First Certification — CompTIA Security+ (Months 2–4)

CompTIA Security+ is the universally recognised entry-level cybersecurity certification. It covers the core concepts you need to understand the field: network security, threats and vulnerabilities, identity and access management, cryptography, compliance, and incident response.

It does not require any prior experience or certifications. It’s vendor-neutral, meaning it’s not AWS-specific or Microsoft-specific — it covers security principles that apply everywhere. And it is widely accepted by Indian employers as proof that a candidate has foundational cybersecurity knowledge.

Entry-level professionals with recognised certifications like CEH or CompTIA Security+ earn 15–25% more than uncertified peers. A fresher with just a degree might start at ₹4–5 LPA, while someone with CEH certification starts closer to ₹6–8 LPA. Innowise

How to prepare:

Professor Messer’s Security+ course on his website (free) is the gold standard for preparation. Jason Dion’s practice exams on Udemy are the most highly rated practice tests available. Aim to take 3–5 full-length practice exams and consistently scoring above 85% before booking the real exam. Exam fee in India is approximately ₹25,000–₹27,000.

Study time: 6–10 weeks of consistent daily study (1–2 hours per day) is realistic for someone with basic IT knowledge.

Step 3: Build Practical, Hands-On Skills (Months 3–6, Parallel to Certification Prep)

Here’s the thing most people don’t tell you: getting certified proves you know the theory. Getting hired proves you can do the work. Indian employers — especially at product companies and GCCs — want both.

The best platforms to build hands-on skills for free or near-free:

TryHackMe The most beginner-friendly hands-on cybersecurity learning platform in existence. It walks you through virtual labs — real attack and defence scenarios in a browser — starting from absolute basics and progressing to intermediate penetration testing, SOC analysis, and specific tool training. The paid subscription is approximately ₹800–1,000/month, and worth every rupee for the first 6 months. Complete the “SOC Level 1” and “Pre-Security” learning paths as your foundation.

Hack The Box (HTB) More challenging than TryHackMe and beloved in the professional cybersecurity community. HTB Machines are intentionally vulnerable systems that you practice breaking into. The free tier has enough content to keep you busy for months. A “Hacker” rank on HTB is a genuine signal of skill that hiring managers at security-focused companies recognise.

OWASP WebGoat and DVWA Deliberately vulnerable web applications you can install locally and practice attacking. Essential for anyone interested in application security or web penetration testing.

Wireshark Learn to capture and analyse network traffic. Understanding what normal traffic looks like — and being able to spot what looks wrong — is a core SOC skill. Wireshark is free and has excellent official documentation.

Build a home lab This one matters more than most courses. Set up VirtualBox or VMware on your laptop and create a small virtual network: a Kali Linux machine (attacker), a Windows machine (target), and a basic networking setup between them. Practice the things you’re learning in a real environment you control. Document everything in a blog or Notion document — this becomes your portfolio.

Step 4: Choose Your Specialisation Path (Month 4 Onward)

By month 4, you should have a clearer sense of which direction within cybersecurity genuinely interests you. The field is broad enough that you need to choose a direction — trying to know everything equally leads to knowing nothing deeply enough to get hired.

Here are the three most accessible and in-demand paths for beginners in India:

Path A: SOC Analyst → Security Operations

This is the widest hiring funnel in India right now. SOC roles exist at almost every large company, bank, IT services firm, and Managed Security Service Provider (MSSP).

Skills to build: SIEM tools (Splunk, Microsoft Sentinel, IBM QRadar), log analysis, threat intelligence feeds, incident triage, malware analysis basics, Wireshark.

Certifications to target after Security+:

• CompTIA CySA+ (Cybersecurity Analyst) — designed specifically for SOC and threat analyst roles, widely recognised in India
• Splunk Core Certified User — Splunk appears in SOC job listings constantly; the certification is free to attempt and carries real weight

Where this leads: SOC L1 → SOC L2 → Threat Hunter → Incident Response Lead → SOC Manager

Path B: Ethical Hacking → Penetration Testing

The path most romanticised in popular culture — and for good reason. Ethical hackers are paid well, their work is genuinely interesting, and the skill set is highly portable.

The honest caveat: this is not an easy first job to land. Most penetration testing roles in India require 2–3 years of foundational experience first. Career advice for 2026 entrants: aim for SOC L2/L3, cloud security, or pen-testing by year 3 — but don’t try to start there as a complete fresher. Miquido

Skills to build: Network penetration testing, web application attacks (OWASP Top 10), Active Directory exploitation, report writing, Metasploit, Burp Suite, Nmap, privilege escalation techniques.

Certifications to target:

• CEH (Certified Ethical Hacker) — the most widely named certification in Indian job listings for ethical hacking roles. It’s more theory-heavy than practical, but it’s a signal Indian employers recognise. Exam fee approximately ₹35,000–₹40,000.
• OSCP (Offensive Security Certified Professional) — the gold standard for pen testers globally. It’s a 24-hour practical exam where you hack real machines under exam conditions. Significantly harder to earn than CEH, but significantly more respected by serious security hiring managers. Once you have OSCP, your resume opens doors that CEH alone cannot.
• eJPT (eLearnSecurity Junior Penetration Tester) — a practical, affordable starter certification for ethical hacking beginners. ₹8,000–₹10,000. Good stepping stone toward OSCP.

Where this leads: Junior Pen Tester → Penetration Tester → Senior Pen Tester → Red Team Lead

Path C: GRC → Compliance and Risk

This path is dramatically undervalued by most beginners — and that’s exactly why it’s an opportunity.

GRC (Governance, Risk, Compliance) professionals help organisations understand their security posture, meet regulatory requirements, and manage risk. It’s less technical than SOC or pen testing, which makes it accessible to people from non-CS backgrounds — commerce graduates, law graduates, MBA holders with tech interest, and arts students who are analytical and detail-oriented.

The DPDP Act implementation has created an immediate surge in GRC hiring in India. Every company that handles personal data — which is virtually every company — now needs people who understand data protection compliance.

Skills to build: ISO 27001, NIST Cybersecurity Framework, understanding of DPDP Act and GDPR, risk assessment methodologies, audit processes, vendor risk management, policy writing.

Certifications to target:

• CompTIA Security+ as foundation
• ISO 27001 Lead Implementer or Lead Auditor — highly valued in BFSI, consulting, and enterprise companies in India
• CISA (Certified Information Systems Auditor) — globally respected certification for audit and compliance roles. Opens doors at Big Four consulting firms and large banks.
• CISSP (later, with 5+ years experience) — the top-tier credential in the field

Where this leads: GRC Analyst → Senior GRC Analyst → Data Protection Officer → Cybersecurity Consultant → CISO track

Step 5: The Certification Ladder — What to Get, When, and Why

One of the most common questions I see from beginners is: “Which certification should I get first?” The answer depends on your path, but here’s an honest ladder for each level.

Beginner (Getting Your First Job):

Certification	Best For	Cost (India)	Time to Prepare
CompTIA Security+	Everyone	₹25,000–27,000	6–10 weeks
CEH	Ethical hacking path	₹35,000–40,000	8–12 weeks
eJPT	Ethical hacking, practical intro	₹8,000–10,000	4–6 weeks
ISO 27001 Foundation	GRC/compliance path	₹15,000–20,000	3–4 weeks

Mid-Level (Years 2–5):

Certification	Best For	Cost (India)	Significance
CompTIA CySA+	SOC and threat analysis	₹28,000–30,000	Strong for SOC L2+
OSCP	Pen testing	₹80,000–1,00,000	Gold standard for ethical hackers
CISA	Audit and compliance	₹60,000–70,000	Opens Big Four and banking roles
CISM	Security management	₹65,000–75,000	Management track, 20–30% salary boost

Senior Level (5+ Years Experience):

Certification	Best For	Why It Matters
CISSP	Security architecture, CISO track	The single most respected senior security credential globally
CCSP	Cloud security architecture	Fastest-growing specialisation in India
AWS Security Specialty	Cloud security engineering	Highest-demand cloud security credential

About CISSP specifically: Certified professionals can earn 20–50% more than non-certified peers, and roles like Security Architect and Red Team Lead range from ₹25 LPA to ₹45 LPA or more, depending on experience and certifications like CISSP. CISSP requires 5 years of paid work experience in cybersecurity before you can get certified — there’s no shortcut. But once you have it, it is the credential that takes you from senior individual contributor to security leadership roles. UpGrowth

Step 6: Get Your First Cybersecurity Job in India

You’ve built your foundation, you have your first certification, you’ve been doing TryHackMe labs for 3 months, and you have a home lab set up. Now what?

Build a visible portfolio before you apply.

Create a GitHub profile. Document your TryHackMe progress (you can show your profile link, which displays completed rooms and badges). Write 2–3 writeups on machines you’ve completed on Hack The Box or TryHackMe — these are detailed documents explaining how you approached a problem, what tools you used, and what you learned. Post one or two of these on LinkedIn. Security hiring managers actually look at these.

If you did a home lab project — setting up a SIEM, simulating a phishing attack, analysing malware in a sandboxed environment — document it with screenshots and explanations. A Notion document or a blog post that shows how you think through a security problem is worth more than most certifications on your resume.

Target the right employers for your first role.

IT Services companies (TCS, Infosys, HCL, Wipro) have large security practices and hire freshers consistently. The pay is modest but the exposure to different client environments is broad and the learning curve is steep if you’re placed on a SOC project. Use these as launch pads, not destinations.

MSSPs (Managed Security Service Providers) — companies like Tata Communications, SecureWorks India, Paladion, and Quick Heal Technologies — often hire freshers for SOC analyst roles and provide structured training. These are excellent first employers for cybersecurity careers.

GCCs (Global Capability Centres) of companies like JPMorgan Chase, HSBC, Goldman Sachs, and American Express run significant cybersecurity teams from their India offices and increasingly hire freshers with strong certifications directly.

Where to find jobs:

LinkedIn is the single most effective platform for cybersecurity roles in India — set up alerts for “SOC Analyst,” “Cybersecurity Analyst,” “Information Security Analyst,” and your city. Naukri.com and Indeed.in have volume. Specialised communities like the null community (null.community) — India’s oldest cybersecurity community — often share job postings and have a mentorship culture that’s genuinely helpful for beginners.

The internship play:

Without a Verified Experience Letter, fresher cybersecurity offers cluster around ₹3.5–6 LPA. With a structured internship and verified experience letter, the floor moves to ₹6–10 LPA — which is competitive with software engineering. If you can get a 3–6 month internship (even unpaid or minimally paid) at an MSSP, a cybersecurity startup, or a security consulting firm, it can significantly shift the compensation you’re offered in your first full-time role. Miquido

The Salary Reality: What You Can Actually Expect at Each Stage

Let me give you the honest picture — not the headline numbers used to make a career sound more attractive than it is at entry level, and not the conservative numbers that undersell the long-term potential.

Year 0–2 (Fresher/Junior): ₹3.5–6 LPA without certifications or internship. ₹6–10 LPA with CompTIA Security+ or CEH and hands-on lab experience. Location matters — Bangalore, Mumbai, and Delhi typically offer ₹6–8 LPA for entry-level roles, while Indore, Pune, and similar cities offer ₹4–6 LPA for the same role. Innowise

Year 2–4 (SOC L2, Junior Pen Tester, Mid Analyst): ₹8–18 LPA at IT services firms; ₹15–25 LPA at product companies and GCCs, particularly for cloud security and pen testing roles.

Year 4–7 (Senior Analyst, Security Engineer, Pen Tester): ₹20–40 LPA. Cloud Security Engineers and experienced pen testers with OSCP are at the higher end of this range. GRC professionals with CISA or CISM are in the ₹18–35 LPA range.

Year 7+ (Security Architect, Red Team Lead, Consultant): Security Architects earn ₹25–60 LPA, Cybersecurity Consultants ₹30–60 LPA, and Red Team Leads ₹12–40 LPA. Innowise

The CISO ceiling: Top-tier experts in cloud security, AI security, and red teaming may reach ₹40 lakhs to ₹1–3 crores in leadership positions. Innowise

The 5-year perspective: Entry-level salaries for freshers are expected to rise 10–15% over the next 3–5 years as demand continues to outpace supply. Mid-level professionals earning ₹8–20 LPA today may see growth to ₹10–25 LPA as their expertise becomes more valuable. Innowise

Can You Really Do This Without a Degree?

Yes. And here’s why it genuinely works in cybersecurity specifically.

Cybersecurity is a field where demonstrable skill matters more than credentials on paper. A hiring manager running a SOC team doesn’t care if you have a BCA or a BSc — they care whether you can triage an alert, write a Splunk query, identify a phishing campaign in logs, and think calmly under pressure.

That said, let me be specific about what “no degree needed” actually means in practice:

• At IT services companies and MSSPs, a 12th pass or any graduate degree (even in a non-technical field) combined with relevant certifications and demonstrated skills is enough to get through initial screening.
• At product companies and GCCs, a degree is generally preferred but not always mandatory if your skills are strong enough and your portfolio is visible.
• For GRC and compliance roles specifically, a background in law, finance, or commerce is sometimes more relevant than a CS degree.
• For senior roles (Security Architect, CISO), your certifications and experience record matter far more than your undergraduate degree.

What you do need instead of a degree: certifications that validate your knowledge, hands-on experience that demonstrates your ability, and a visible portfolio that shows how you think. That combination is entirely achievable without a formal computer science education.

The Indian Cybersecurity Communities You Should Join Right Now

One thing that accelerates a cybersecurity career more than almost anything else is being part of the community. Cybersecurity in India has a genuine, active community that’s unusually welcoming to beginners.

null — The Open Security Community (null.community): India’s oldest and most respected cybersecurity community. Monthly meetups in Bangalore, Hyderabad, Delhi, and other cities. Free to join, full of working professionals who genuinely mentor beginners. Join before you do anything else.

OWASP India chapters: The Open Worldwide Application Security Project has active chapters in major Indian cities. Great for anyone interested in application security.

c0c0n and NULLCON: Two of India’s biggest cybersecurity conferences. Both have student programs and beginner-friendly sessions. Attending even as an audience member exposes you to the real community and occasionally to recruiters.

Bug Bounty programs: Platforms like HackerOne, Bugcrowd, and India’s own Department of Telecom Bug Bounty Program pay real money for finding real vulnerabilities in real systems. It’s not a primary income source as a beginner, but legitimate bug bounty findings are one of the most powerful resume items you can have — and they’re entirely open to anyone.

Your 12-Month Action Plan

Here’s the most concrete way I can leave you with this: a month-by-month outline of what to do if you’re starting from zero today.

Month 1–2: Learn networking fundamentals (Professor Messer Network+ on YouTube). Get comfortable in Linux (TryHackMe Pre-Security path). Start Python basics. Set up your home lab (VirtualBox + Kali Linux + a Windows VM).

Month 2–4: Study for and attempt CompTIA Security+. Simultaneously work through TryHackMe’s SOC Level 1 path. Join null community online. Create a LinkedIn profile that clearly states you’re building toward a cybersecurity career.

Month 3–5: Decide on your specialisation path (SOC/Blue Team, Ethical Hacking/Red Team, or GRC). Start your path-specific learning — SIEM tools for SOC, TryHackMe/HTB machines for ethical hacking, ISO 27001 fundamentals for GRC.

Month 4–6: Start your second certification (CySA+ for SOC, eJPT for pen testing, ISO 27001 Foundation for GRC). Begin documenting your labs in writing — Notion, a blog, or GitHub. Apply for cybersecurity internships actively.

Month 6–9: Complete your second certification. Complete 30+ rooms on TryHackMe or 5+ Hack The Box machines (for ethical hacking path). Start applying for entry-level roles — SOC L1, Security Analyst, Junior Pen Tester — with your portfolio link visible in your resume.

Month 9–12: Actively interviewing. Continue learning — don’t stop lab work just because you’re applying. Target your first role. Accept that the first offer may not be the highest — the experience you build in Year 1 determines what Year 3 looks like.

That’s 12 months. From zero to employed in one of the fastest-growing, most recession-resistant, genuinely meaningful tech careers available in India right now.

The gap between 1 million jobs needed and 80,000 professionals available isn’t going to close itself. It closes when people like you decide to step into it.

techincome.in is built for India’s next generation of tech earners — practical guidance, real numbers, zero fluff.