> For the complete documentation index, see [llms.txt](https://book.ahmad.science/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.ahmad.science/page-12.md). # How to Use This Book This book is a map of the cybersecurity field and a guide for getting hired into it. You don't have to read it cover to cover. Different goals call for different paths through it, and the fastest way to waste your time is to study things you don't need yet. ## Who This Book Is For * **Complete beginners** deciding whether cybersecurity is worth pursuing * **Career changers** coming from IT, development, or something entirely non-technical * **Students and self-learners** who want a structured path instead of a pile of random YouTube videos * **Junior professionals** who landed a first role and want to understand the field beyond their job description You don't need a degree, a certification, or prior experience to start. You need curiosity and the willingness to practice. ## The Shape of the Book The book moves in three arcs: 1. **Breaking in (Chapter 1).** What the field actually looks like, which careers exist, what they pay, what skills and certifications matter, and how to get the first job. Start here, whoever you are. 2. **The knowledge that makes you employable (Chapters 2–11).** Foundations first — core security concepts, then ethical hacking, then the governance/risk/compliance side, then the technical depth: cryptography, threat modeling, design principles, DevSecOps, and secure development. These chapters map to what interviews and entry-level jobs will actually demand of you. 3. **Proving it (Chapters 12–15).** CTFs to build and demonstrate skill, the interview process itself (resume, technical screens, negotiation, first 90 days), how to build a home lab and a portfolio that gets you noticed, and AI/LLM security — the fastest-growing specialization in the field. A note on Chapters 14 and 15: they're numbered last so the core flow stays stable, but don't save them for last. **Chapter 14 (Home Lab and Portfolio) is worth reading early** — right after Chapter 3 — because the lab it helps you build is where you'll practice everything else. **Chapter 15 (AI and LLM Security)** builds on the technical chapters, so read it once you've got the fundamentals down. ## Reading Paths by Goal **"I don't know if this field is for me."** Read Chapter 1, then Chapter 2. If you're still curious after that, you have your answer. **"I want to be a penetration tester / red teamer."** Chapters 1 → 2 → 3 → 14 → 7 → 12 → 15 → 13. Spend most of your hours practicing, not reading — Chapters 3, 14, and 12 tell you exactly where. **"I want GRC — governance, risk, or compliance."** Chapters 1 → 2 → 4 → 5 → 6 → 14 → 13. This is the most viable path for non-technical backgrounds, and these chapters are written to be your working reference in the first job, not just before it. (Chapter 14's portfolio section has a GRC-specific track.) **"I'm a developer who wants to move into security."** Chapters 1 → 8 → 9 → 10 → 11 → 7 → 15 → 13. You already have the hardest prerequisite (you can build things); these chapters teach you to break and defend them. **"I want defense — SOC, detection, incident response."** Chapters 1 → 2 → 3 → 14 → 8 → 12 → 13. Chapter 3 matters even for defenders: you can't detect what you don't understand, and Chapter 14's detection-lab build is the best practice you can get. **"I want to work on AI security."** Chapters 1 → 2 → 3 → 8 → 9 → 11 → 15. It's a specialization layered on fundamentals — don't skip to Chapter 15 without them. ## How to Get the Most Out of It * **Do the exercises.** Reading about Nmap is not the same as running it. The chapters point to free, legal practice environments — use them. * **Take the "Further Reading" sections seriously.** They're curated, not padded. One good primary source beats ten summaries. * **Build in public.** Notes, writeups, and small projects on GitHub compound. Chapter 12 and Chapter 13 show how to turn practice into proof. * **Contribute back.** This book is open source. Fixing an error or adding a resource gets your name in the [Hall of Fame](/hall-of-fame.md) and a real contribution on your GitHub profile. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.ahmad.science/page-12.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.