Ethical hacking · masters-grade · public-info only
For the gamers ready to fight cyber war ethically.
Free labs, bug bounty, federal cyber, AI security — every legitimate on-ramp. The line between ethical hacking and federal prison is authorization. This track teaches both.
Start with the pathThe full education map.
Read them in any order. The career path overview gives you the macro. The labs page is the most actionable starting point. The legal page is the one you read first if you are under 25 and you have ever “just been curious” about something online.
::breaches
15 breaches that defined cybersecurity
Stuxnet → Target → NotPetya → SolarWinds → Colonial → Change Healthcare → Volt + Salt Typhoon
Each row is a case study taught in every serious cybersecurity program. Public sources only (SEC filings, DOJ indictments, CISA, FBI, reputable journalism). The pattern across all fifteen — supply chain dominant, patches late, ransomware blurred with geopolitics, pre-positioning the 2026 threat.
::threat-actors
Threat actor encyclopedia · 16 named groups
APT28 · APT29 · Sandworm · Lazarus · Volt Typhoon · LockBit · Cl0p · Scattered Spider
The named groups every cyber pro knows cold. Ten state-sponsored APTs (Russia, China, North Korea, Iran, US-attributable Equation Group) + six criminal ransomware crews. Sources: DOJ indictments + CISA advisories + Mandiant + Microsoft Threat Intelligence + CrowdStrike. Public attribution only.
::tools
Defensive tool catalogue · 32 named tools
Wireshark · Nmap · Burp · Ghidra · Volatility · Splunk · Sigma · MITRE Caldera
Every tool in every job description, in eight categories: network analysis, vulnerability scanning, web AppSec, reverse engineering, OSINT, SIEM, endpoint IR, detection engineering. What each tool is, who uses it, where to learn it legally. Recognition-first, not how-to-attack.
::heroes
Twelve researchers worth knowing
Krebs · Hutchins · Mudge · Moussouris · Schneier · Halvar · Tavis · Raiu · Galperin · Hyppönen · Snyder · Tabriz
The named voices the field listens to. Twelve public-figure profiles sourced to books, congressional testimony, conference talks, reputable journalism. A junior cyber pro who knows zero names doesn't have the field's social context.
::timeline
Sixty years of cyber
1969 ARPANET → 2026 Salt Typhoon · the arc in 50 entries
From Bob Thomas's Creeper worm in 1971 to nation-state pre-positioning in critical infrastructure in 2026. Six eras, fifty entries, every one sourced to public material. The pattern across 60 years is the lesson.
::books
The definitive reading list · 24 books
Cuckoo's Egg · Sandworm · Countdown to Zero Day · Applied Crypto · Practical Malware Analysis
Seven categories — history + journalism, cryptography + systems, red team, blue team, web + AppSec, career + culture, policy + ethics. Every title is on a serious cyber program's reading list or a senior researcher's recommended shelf.
::employers
Where ethical hackers actually work · 30+ employers
Booz Allen · Palantir · Anduril · Mandiant · CrowdStrike · NSA · CISA · FBI
Three tiers: defense-industrial primes (Booz Allen Vellox, Palantir AIP+Maven, Anduril Lattice), commercial cyber leaders (Mandiant, CrowdStrike, Microsoft, SentinelOne, Palo Alto, Rapid7), mid-tier federal primes, plus federal employers (NSA, CISA, FBI, USCYBERCOM). Sourced + how-to-apply.
::doctrine
Defense-tech doctrine · the public frames
Karp · Luckey · Schmidt · NSCAI · 2023 National Cybersecurity Strategy
Four public-intellectual voices (Karp's Technological Republic, Luckey's product-first model, Schmidt's NSCAI work, Khosla's third-position) plus six institutional documents (NSCAI Final Report, 2023 NCS, DoD Cyber Strategy, EO 14028, Replicator, CISA CPGs). What industry pros walk into interviews knowing.
::karp
Alex Karp · Palantir's public posture
Technological Republic thesis · refusal posture · Maven Smart System
Six positions to know cold from Karp's primary material: Silicon Valley unbundled from national purpose, the Technological Republic frame, refusal as posture not exception, public-intellectual posture, Maven Smart System as proof point, what working at Palantir actually means.
::luckey
Palmer Luckey · Anduril's founding arc
Oculus → Facebook departure → Anduril → Replicator → CCA win
Six chapters of the arc from 2012 to 2026 plus the named product line: Lattice OS, Ghost, ALTIUS family, Bolt, Roadrunner, Sentry Tower, Dive-LD, Fury, Pulsar, Anvil. 'Build the products, then sell them' — product-first defense model.
::contracts
Federal cyber contracting vehicles
GSA · CIO-SP4 · OASIS+ · SEWP VI · Alliant 2 · CHESS · OTAs · SBIR
Where federal cyber money actually flows. Nine vehicles totaling $200B+ ceiling. What each is, who holds prime contracts, how to navigate sam.gov + NAICS codes. Industry-pro contracting fluency.
::programs
Federal cyber programs · 7 every pro knows
Cyber Mission Force · Replicator · JADC2 · Maven Smart System · CMMC · CDM · Mission Partner Environment
The seven named programs that appear in every defense conference talk and every job description for cleared work. Structural framing + key facts + primary-source pointers per program.
::conferences
Where the field meets · 12 conferences
DEF CON · Black Hat · BSides · RSA · ShmooCon · CCC · OWASP Global
Cybersecurity is small enough that 2-3 conferences a year puts you in the conversation. What each is, when it runs, what tier, and how a student or junior pro actually gets there. Concrete next-step: attend one this year.
::youtube
YouTube channels worth subscribing to · 13 picks
LiveOverflow · IppSec · John Hammond · NetworkChuck · The Cyber Mentor · STOK · DEF CON
Thirteen YouTube channels that produce real cyber education. LiveOverflow + IppSec at the technical depth end, NetworkChuck + David Bombal at the on-ramp end, DEF CON + Black Hat for the conference archive. Three hours a week from this list = graduate-level coursework.
::podcasts
Cyber podcasts worth your commute · 10 picks
Darknet Diaries · Risky Business · Smashing Security · Click Here · CyberWire · SANS Stormcast
Ten cyber podcasts. Daily anchor (SANS Stormcast), weekly anchor (Risky Business), longform deep-dive (Darknet Diaries) — that's the right starter kit. Each picked for real recurring signal, not influencer noise.
::modern
What cyberwar looks like RIGHT NOW
Drones · loitering munitions · Volt + Salt Typhoon · Replicator
Realtime intel, mid-2026. FPV drones replaced artillery. Anduril Bolt + Switchblade 600. EW + cyber + kinetic convergence. The actual gap between 'what textbooks say' and 'what's fielded today' is the largest it's ever been. Start here.
::llm-warfare
How LLMs actually fight
Microsoft+OpenAI threat-actor disclosure · CIA Osiris · Lavender
What AI is doing in active operations as of mid-2026 — defensive SOC Copilot + Charlotte AI, offensive code generation, intel triage (Osiris, Task Force Lima), the controversial reporting on Lavender/Gospel. Sourced, current, no speculation.
::platforms
Palantir + Anduril + Shield AI + 7 others
The actual platforms running modern defense
Palantir AIP + Maven Smart System. Anduril Lattice + Roadrunner + Fury. Shield AI Hivemind + V-BAT. Saronic. Helsing. Skydio X10. Scale AI Donovan. AeroVironment Switchblade. Vannevar Labs. C3.ai. Who they are, what they make, what they pay for, how to apply.
::path
The career path
Six stages from curious gamer to senior practitioner
Honest milestones. What 'good' looks like at each stage. What you do, what you read, what you build, what you can earn. No 'one weird trick' — the path is real and it takes time.
::labs
Free practice labs
Where to legally hack without leaving your house
TryHackMe · HackTheBox · PortSwigger Web Security Academy · OverTheWire · PicoCTF · CyberDefenders · Root-Me. Every platform vetted, free tier described, what each one teaches, the order to do them in.
::hackerone
Bug bounty · HackerOne path
Your first paid finding · how to actually start
Real program selection. Scope reading. Recon → triage → write-up → payout. The mistakes new hunters make. The platforms (HackerOne · Bugcrowd · Intigriti · YesWeHack · Synack Red Team) and which to start with.
::legal
What's legal · what's not
Stay out of jail · CFAA, scope, authorization
The Computer Fraud and Abuse Act in plain language. What 'authorization' actually means. Real cases (van Buren v US 2021, Aaron Swartz, Marcus Hutchins). Why 'I was just curious' is not a defense. The vulnerability-disclosure policy template the DoJ blessed.
::serve
Serving · military + federal
The .mil and .gov ethical-hacking on-ramps
US Cyber Command structure (public). Air Force 17X · Army Cyber 17C/17A · Navy CTN · Marines 17XX · Coast Guard Cyber. CISA · NSA · FBI Cyber · DoD Vulnerability Disclosure Program. What 'fighting cyber war ethically as an American' actually looks like in 2026.
::certs
Certifications worth it
OSCP · OSEP · GPEN · GCIH · CISSP · what each is for
What hiring managers actually look for. The cert that opens the first door (OSCP). The cert that opens federal doors (Security+). The certs that don't matter as much as the marketing claims. Pricing, time-to-pass, free study paths.
::ai-security
AI security · the new attack surface
Prompt injection · adversarial ML · model theft
OWASP LLM Top 10. MITRE ATLAS framework. Where AI-specific vulnerabilities live. How AI-security work differs from traditional appsec. What hiring this skill set looks like in 2026.
::cyberwar
Cyber war · the public framework
What nation-state cybersecurity actually is
Public info only. Stuxnet (declassified). SolarWinds. NotPetya. Colonial Pipeline. Volt Typhoon disclosures. The US National Cybersecurity Strategy 2023. How the 'why this matters' framing serves the white-hat career — and where the line between defense and offense is drawn publicly.
Real, observable outcomes.
What you'll be able to do after this track.
- ▲Hold your own in a TryHackMe / HackTheBox monthly leaderboard. The skill checks the rest of the industry uses are the same ones you do daily.
- ▲Submit a first valid bug bounty finding to HackerOne or Bugcrowd. Most first-finders earn $100-$500 on a low-severity bug. The credential is what matters · it's your first public proof of competence.
- ▲Pass the Offensive Security Certified Professional (OSCP) exam. This is the credential that opens almost every penetration testing door. The self-study cost is around $1,749 for the lab + exam bundle as of 2026. People pass it in 3-12 months from a serious starting point.
- ▲Read a vulnerability disclosure scope and know if your finding is in-bounds. This is the single skill that separates “ethical” from “federal indictment.”
- ▲Apply to a military or federal cyber role with a clean application. US Cyber Command, NSA, CISA, FBI Cyber, Air Force 17X all post jobs publicly. You will know which ones to apply for, which clearance level to expect, and what the first three years actually look like.
- ▲Identify the AI-specific vulnerabilities in a modern application stack. OWASP LLM Top 10. Prompt injection variants. RAG corpus poisoning. Adversarial ML. This skill is undersupplied and overpaid right now.
We do not teach you to break into things you don't own.
What this track is NOT.
- ○Zero operational tradecraft. We name TOOLS (Burp Suite, Metasploit, nmap, etc.) because they're in every public textbook. We don't show you how to use them against a target. That's what the labs are for · they're built exactly to be broken.
- ○Zero zero-day discussion beyond what's already in public Mitre / CVE databases.
- ○Zero advice on offensive techniques that have no defensive purpose. If knowing something only helps an attacker, it's out of scope.
- ○Zero classified material. Every nation-state cyber claim cites a declassified document, a public indictment, a CISA advisory, or a news report.
What you'll find instead is the on-ramp · the legitimate, public, well-paid career path that turns “I'm fast and I see the patterns” into “I'm a senior security engineer at a company that pays me to think like an attacker for a living.” That career exists in 2026 in unprecedented volume. This track shows you how to walk into it.