Cybersecurity for Software Engineers: A 90-Day Learning Journey


Cybersecurity for Software Engineers: A 90-Day Learning Journey

farhanashrafdev/90DaysOfCyberSecurity

2025-07-19

As a software engineer, understanding cybersecurity isn't just a "nice to have" – it's becoming a crucial skill. This 90-day cybersecurity study plan offers a fantastic roadmap to integrate security into your development workflow and build more robust, secure applications. Here's why it's so valuable

Building Secure Software (DevSecOps)
By learning about common vulnerabilities, attack vectors, and secure coding practices, you can proactively build security into your applications from the ground up, rather than patching issues later. This aligns perfectly with DevSecOps principles.

Understanding System Security
Topics like Linux, Network+, and Security+ provide a fundamental understanding of how operating systems and networks are secured. This knowledge is vital when deploying and maintaining your applications in various environments.

Leveraging Python for Security
The plan includes Python, which is a powerful language for automating security tasks, writing scripts for vulnerability scanning, creating network tools, and analyzing security logs.

Cloud Security Expertise (AWS, Azure)
If your applications are deployed in the cloud, understanding cloud-specific security configurations and best practices (covered for AWS and Azure) is paramount to protect your infrastructure and data.

Logging and Monitoring (ELK Stack)
Learning about tools like Elasticsearch, Logstash, and Kibana (ELK) empowers you to set up robust logging and monitoring for your applications, helping you detect and respond to security incidents effectively.

Version Control Security (Git)
Understanding Git from a security perspective can help you manage code securely, prevent sensitive information from being committed, and understand potential risks in your source code management.

Thinking Like an Attacker
The "Hacking" section encourages you to explore ethical hacking techniques. This perspective is invaluable for identifying weaknesses in your own code and systems before malicious actors do.

In essence, this plan helps you evolve from just writing functional code to writing secure and resilient code, making you a more well-rounded and valuable engineer.

This repository is designed for self-paced learning, making it easy to dive in

Explore the Repository
Start by navigating to the main repository page on GitHub
90DaysOfCyberSecurity.

Review the LEARN.md File
The core of the study plan is detailed in the LEARN.md file within the repository. This document provides a structured, day-by-day breakdown of topics and curated resources for each area.

Choose Your Starting Point
While it's a 90-day plan, you don't necessarily have to start on Day 1 if you already have some foundational knowledge. You can pick and choose topics that are most relevant to your current skills and career goals as a software engineer.

Utilize the Resources
The LEARN.md provides links to various external resources, including

Certification Prep
Professor Messer's playlists for CompTIA Network+ and Security+.

Programming
Codecademy, SoloLearn, and "Learn Python the Hard Way" for Python.

Operating Systems
Ryan's Tutorials for Linux.

Tools & Concepts
Wireshark University for traffic analysis, tutorials for TCPdump, Suricata, Git, and ELK Stack.

Cloud Platforms
Getting started guides for AWS and Azure.

Hands-on Practice
Platforms like Cyber Talents, Hack the Box, and Vulnhub for practical hacking exercises.

Practice Consistently
The key to this plan is consistency. Dedicate a small amount of time each day to work through the tasks and resources.

While the repository itself primarily serves as a curated list of learning resources rather than a collection of direct code examples, the learning path will lead you to practical coding. Here's where you'd typically find and apply "sample code"

Python for Security Scripting
As you go through the Python section, you'll learn to write scripts for tasks such as

Network Scanning
Simple scripts using libraries like socket or scapy to scan ports or identify open services.

File Analysis
Scripts to parse log files, identify patterns, or perform basic data extraction.

Automation
Automating vulnerability checks or basic incident response tasks.

Example (Conceptual Python Snippet for a basic port scan)

# This is a conceptual example based on topics covered in the plan
import socket

def port_scan(target_host, port):
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.settimeout(1) # Set a timeout for connection attempts
        result = s.connect_ex((target_host, port))
        if result == 0:
            print(f"Port {port} on {target_host} is OPEN")
        s.close()
    except socket.error as e:
        print(f"Error connecting to port {port}: {e}")

# Usage (you would apply this after learning the basics)
# target = "example.com"
# for p in range(1, 1025): # Scan common ports
#     port_scan(target, p)

Traffic Analysis (Wireshark, TCPdump)
While not "code" in the traditional sense, you'll learn to use command-line tools like tcpdump with specific filters and expressions to capture and analyze network traffic. This is a form of practical "scripting" for network analysis.

Hacking Platforms (Hack The Box, Vulnhub)
These platforms provide vulnerable machines where you apply your knowledge, often involving writing or modifying scripts (e.g., Python, Bash) to exploit vulnerabilities, escalate privileges, or extract information.

The strength of this repository lies in guiding you to the right external resources where you can then dive deep into hands-on exercises and discover countless code examples relevant to each cybersecurity domain.


farhanashrafdev/90DaysOfCyberSecurity




Stremio Add-on Creation 101: A Node.js Sample for Software Engineers

Let's dive into how this project can be useful, how you might integrate with it, and some conceptual examples.Stremio is an application designed to aggregate various streaming sources (like movies


A Developer's Guide to github-readme-stats

As a software engineer, you spend a lot of time on GitHub. This tool lets you show off your work directly on your profile or repository README


Level Up Your CSS: A Deep Dive into The Odin Project's Exercises

"TheOdinProject/css-exercises" is a collection of hands-on CSS tasks designed to complement the HTML and CSS curriculum provided by The Odin Project (TOP). Think of it as your personal gym for practicing and mastering CSS concepts


Deep Dive: How Droidrun's LLM-Agnostic Agent Streamlines Mobile Development

As a software engineer, especially one working on mobile applications (Android) or QA/testing, droidrun/droidrun offers several key benefits


Accelerating Generative AI Development: Integrating the HuggingChat Open-Source Front-end

Here's a friendly and detailed breakdown of how this open-source codebase can benefit you, along with guidance on adoption and a conceptual code example


Automating Secret Syncs from AWS Secrets Manager to Kubernetes

Basically, External Secrets Operator is a tool that helps you manage secrets in Kubernetes without having to store them directly in your cluster


Glow: The Essential CLI Tool for Reading and Managing Technical Markdown

glow is a Command Line Interface (CLI) tool that renders Markdown files directly in your terminal. As a software engineer


Extending Your Media Server: A Developer's Look at Jellyfin's Backend

I'd be happy to explain how Jellyfin, a free software media system, can be incredibly useful from a software engineer's perspective


From Code to Components: Integrating with InvenTree as a Developer

Let's dive into InvenTree from a software engineer's perspective. It's a fantastic open-source inventory management system