I’m working toward a DevSecOps role and put together this roadmap to guide my learning across cloud, security, automation, and CI/CD. Trying to be intentional about building real-world skills and projects along the way—would love feedback.

---

🧭 DevOps / Cloud / Security Roadmap (Phased Plan)

---

Phase 0 – Foundations

Linux + Bash scripting

Git + GitHub

PowerShell (Windows / AD environment)

Python (automation / scripting)

Logging (Linux syslog / Windows Event Logs)

Git commits (clear messages / branches)

Real-world Git usage (code reviews)

Pull request / branching strategies (Git flow)

Linux process management (ps / top / htop)

Linux permissions & users

Linux systemd

Linux networking tools (netstat / ss / curl / tcpdump)

👉 Milestone Project

---

Phase I – Identity & Access Management + Security

Active Directory

Azure AD (Entra ID)

Okta

Google Workspace

Jira / ServiceNow

IAM fundamentals

MFA + Conditional Access

Zero Trust principles

Security + certs

SC-300 cert

IAM misconfiguration scenarios (privilege escalation)

Practice logging / alerting

👉 Milestone Project

🎓 Certifications

CCNA

AZ-104 / SC-300

AZ-500

Terraform Associate

AWS Cloud Practitioner / DevOps Engineer

CKA

---

Phase II – Databases + Automation + IaC

PostgreSQL (queries, joins, ~150MB datasets)

pgvector (vector DB + text search)

Python (boto3, psycopg2)

Terraform (IaC fundamentals)

Store DB creds securely (no hardcoding)

Secrets management (env vars / Vault intro)

Deeper Python (clean code / advanced scripts)

Build small app (Flask / FastAPI)

Cost awareness (AWS cost elimination)

Use tags in Terraform

👉 Milestone Project

---

Phase III – Containers & AWS

Docker (Dockerfile / Compose)

Kubernetes (Pods / Deployments / Services)

AWS:

IAM

EC2

S3

VPC

CloudWatch

CI/CD pipeline

Least-privilege IAM roles

CloudWatch for suspicious activity

Networking Fundamentals:

DNS

HTTP / HTTPS

TLS

Load balancers (ALB / NLB)

NAT

Routing

Subnets

How traffic flows in Kubernetes

👉 Milestone Project

---

Phase IV – Automation & Configuration

Ansible (playbooks / roles)

Terraform + Ansible integration

Configuration drift detection

Immutable infrastructure concepts

👉 Milestone Project

---

Phase V – CI/CD Pipelines + DevSecOps

Jenkins / GitHub Actions

CI/CD pipelines (build → test → deploy)

Trivy (container scanning)

Snyk / Checkov / tfsec (IaC scanning)

HashiCorp Vault (secrets)

OPA / Kyverno (policy as code)

Azure Security (Defender / Key Vault)

AWS pipelines

LLM security (prompt injection / PII protection)

Pipeline Security:

Fail pipelines on vulnerabilities

Block deploys if insecure

Generate security reports automatically

Observability:

Prometheus + Grafana

Logs: ELK stack / Loki

Alerting & IR:

Alerting basics

Incident response basics

Runbooks (incident scenario → response steps)

👉 Milestone Project

---

Phase VI – Integration + Job Prep

3–5 portfolio projects

Practice Jira-style documentation

Combine everything:

Terraform (AWS + Azure)

Docker + Kubernetes

CI/CD pipelines

IAM

Security scanning

👉 Milestone Project

---

⏱️ Weekly Structure

Day 1–4: Learning + Labs

Day 5: Build project

Weekend: Documentation + GitHub

---