I believe in using every tool available to put your best foot forward. The thoughts and experiences on this page are my own; I use AI to help ensure the grammar is accurate.
There isn’t a perfect roadmap for everyone. I had to figure out what was useful and what was noise. This caused distractions for me, so I hope this keeps the path clear.
Whether you are completely new to the field or you already know what you want and need direction, these are a few resources I would point you to first. All of them are free to start. Some have paid tiers worth considering when you are ready.
Arguably my favorite
TCM Security (Pricing Guide)
Difficulty: Beginner/Intermediate | Time: Hours and hours of content available.
Heath Adams built TCM Security into one of the most respected practical cybersecurity training platforms in the community — and the free YouTube channel alone has more quality content than most paid platforms. The Practical Ethical Hacking course on YouTube is legendary for a reason. You can’t forget how active TCM is in livestreaming.
What makes TCM stand out is the philosophy. Practical, hands-on, no fluff. The Academy offers a free tier with 25+ hours of course content — no credit card required — covering topics such as practical help desk, Linux fundamentals, and programming basics. When you are ready to go deeper, the all-access membership gives you everything for one flat monthly rate.
Free tier: 25+ hours of free courses on the Academy platform. Hours and hours of free content on YouTube.
Paid tier: $29.99/month, all-access to every course on the platform.
Even if you never pay a dollar, the free YouTube content alone is worth it.
TryHackMe (Pricing Guide)
Difficulty: Beginner | Time: Self-paced, free content alone can keep you busy for weeks.
TryHackMe is where I would send anyone who is just getting started. The platform walks you through cybersecurity concepts hands-on—you’re not just watching videos; you are actually doing things. The free tier gives you access to rooms and learning paths without a timer ticking down.
The guided format is the biggest advantage here. You aren’t dropped in and expected to figure everything out on your own. The instructions, hints, and clear objectives matter a lot when you are starting from zero.
Free tier: Access to free rooms and learning paths, no time limit.
If you don’t know where to start, this is always a solid choice.
Professor Messer (Pricing Guide)
Difficulty: Beginner | Time: 10-15 hours for the full Security+ video series.
If you’re working toward CompTIA Security+ and are trying to break into cybersecurity, you should be aware of Professor Messer. His full Security+ course is on YouTube. All of it. For free.
Hours of video content covering every exam objective, no paywall. He also has course notes on his website. The man has been doing this for years, and the community trusts him for good reason.
You can pay for his practice exams at a one-time cost of around $30 when you are close to exam day. Practice exams matter — don’t skip them.
Free tier: Full Security+ video course on YouTube and course notes on his website.
Paid tier: Multiple bundles to choose from.
If you are studying for Security+, this is a solid starting point.
Jason Dion (Pricing Guide) (Udemy Courses)
Difficulty: Beginner/Intermediate | Time: 10-20 hours per course, depending on certification.
Jason Dion covers more ground than most. Security+, Network+, CySA+, CISSP — if there is a CompTIA or major IT certification you are working toward, he probably has a Udemy course for it. Over 2.8 million enrollments say something about how the community feels about his teaching style.
His Udemy courses are technically priced around $95, but Udemy runs sales constantly. Never pay full price and wait for a sale. You are getting a full course, including a practice exam, for $13-$20. That’s one of the best values.
Free tier: Some content on YouTube and free preview lessons on Udemy.
Paid tier: $13-20 during frequent Udemy sales. Never pay the $95 full price — wait.
Pro tip: If you create a new Udemy account, there’s usually a first-purchase discount that drops courses to around $13.
Let’s Defend (Now a part of Hack The Box) (Pricing Guide)
Difficulty: Beginner/Intermediate | Time: Self-paced, free content alone is solid.
Let’s Defend is different from the others on this list. It’s focused specifically on the defensive side — blue team work, SOC analysis, incident response, and log review. If the idea of sitting in a Security Operations Center (SOC) and working through real alerts appeals to you, this is where you practice that.
The free tier gives you access to 6 free courses, challenges, and 15 SOC analyst alerts per month to investigate. That last part is the real value — you are working through simulated real-world incidents, not just watching someone else do it.
Free tier: Free courses, challenges, and 15 SOC analyst alerts per month. No credit card required.
Paid tier: Varies by plan. A 50% student discount is available through Student Beans.
If the defensive/SOC path is where you want to go, Let’s Defend belongs in your rotation.
Where to Start
If you are overwhelmed by the options, here’s how I would break it down:
Course of action: Start with Professor Messer on YouTube, get the fundamentals of security down if you’re working toward Security+. Move on to TCM Security for a variety of topics. Once you feel confident in your theoretical knowledge, head on over to TryHackMe and Let’s Defend for more hands-on training.
On a tight budget: Professor Messer on YouTube is free, and TCM Security’s free tier covers a wide range of training, accumulating 25+ hours.
Part of Nueva Guardia Cyber Consulting’s mission is to point people toward what already exists before we build our own resources. This list is just a few of the many resources available, and some of my recommendations.
- Jose F. Caro
