We have put together this cyber security syllabus to give you a clear picture of all the topics you’ll need to cover if you’re planning to learn cyber security in 2026. You can start with the syllabus table for a quick overview or go through each module to understand what it covers, the tools you’ll use, and the skills you’ll build.
We’ve also included certifications, project ideas, career paths, salary expectations, and a list of free and paid resources that can help you plan your learning beyond the syllabus.
Why an Updated Cyber Security Syllabus Matters in 2026
Recent developments in cybersecurity have expanded the range of skills covered in training programs and certifications. Alongside core subjects such as networking, operating systems, cryptography, and ethical hacking, greater attention is now given to cloud security, incident response, security operations, vulnerability management, and identity and access management (IAM).
The rise of AI-assisted phishing, deepfake-enabled social engineering, and increasingly complex cloud environments has also reinforced the need for practical security skills across multiple domains. According to ISC2, the global cybersecurity workforce gap exceeds 4.8 million professionals, underscoring the demand for individuals with hands-on security expertise.
This cyber security syllabus covers the subjects, tools, and skills commonly included in a cyber security course in 2026. To understand how these areas connect to different roles, explore our Cyber Security Roadmap: From Non-Tech to Specialist.
Cyber Security Syllabus 2026 at a Glance
If you’re researching cyber security subjects before enrolling in a paid or structured course, the table below provides a high-level overview of the modules, topics, tools, and practical exercises commonly included in a modern cyber security syllabus in 2026.
| Modules (1-8) | Key Subjects Covered | Tools | Practical Lab / Activity |
| Networking & Operating System Fundamentals | OSI Model, TCP/IP, IP Addressing, DNS, Routing, Linux, Windows Security, User Permissions | Wireshark, Cisco Packet Tracer, VirtualBox, tcpdump | Capture and analyse network traffic to identify protocols, ports, and communication patterns |
| Security Fundamentals, Risk Management & Cryptography | CIA Triad, Threats vs Vulnerabilities, Risk Assessment, Security Controls, Encryption, Hashing, PKI, MFA, RBAC | OpenSSL, CyberChef, Cryptool | Generate hashes, compare encryption methods, and inspect SSL/TLS certificates |
| Ethical Hacking, Reconnaissance & Penetration Testing | OSINT, Reconnaissance, Scanning, Enumeration, Vulnerability Discovery, Exploitation, Reporting | Nmap, Metasploit, Nessus | Perform a controlled security assessment and document identified vulnerabilities |
| Security Tools & Hands-On Labs | Network Analysis, Vulnerability Management, Log Analysis, Web Testing, Home Lab Setup | Kali Linux, Wireshark, Burp Suite, Splunk, OpenVAS | Build a home cybersecurity lab and practise common security assessment tasks |
| Web & Application Security | OWASP Top 10, SQL Injection (SQLi), Cross-Site Scripting (XSS), CSRF, SSRF, Secure Coding | Burp Suite, OWASP ZAP | Test intentionally vulnerable applications and recommend security fixes |
| SOC Operations, Threat Detection & Incident Response | Security Monitoring, SIEM, Alert Triage, Threat Hunting, Incident Response, Threat Intelligence | Splunk, ELK Stack, Microsoft Sentinel, VirusTotal | Investigate a simulated phishing attack and create an incident response report |
| Cloud Security & Identity Access Management (IAM) | IAM Policies, Least Privilege, RBAC, PAM, Cloud Logging, Shared Responsibility Model | AWS IAM, Microsoft Entra ID, CloudTrail, Azure Monitor | Configure access controls, MFA, and review cloud activity logs |
| Emerging Cyber Security Trends for 2026 | Zero Trust, CTEM, AI Security, Prompt Injection, Deepfakes, Post-Quantum Cryptography | NIST AI RMF Resources, OWASP Top 10 for LLMs | Analyse AI-related security risks and modern security architectures |
This cyber security subjects covers also covers the tools and practical skills commonly required for roles such as SOC Analyst, Security Analyst, Penetration Tester, Cloud Security Engineer, and Incident Responder. For a detailed breakdown of each module, tools, projects, and certifications, continue reading the guide.
You can check out some free resources here at Scaler’s Tutorials
Who Is This Cyber Security Syllabus Best For?
Not sure whether cybersecurity is the right fit for your background? You actually don’t have to worry about that here because in this field, most people don’t start with prior security experience. Whether you’re a student exploring career options or a professional looking to transition into tech, this syllabus can help you understand the subjects, tools, and practical skills commonly taught in cybersecurity programs.
This syllabus is particularly useful for:
- BSc, BCA, BTech, and BE students exploring cybersecurity careers
- Fresh graduates preparing for entry-level security roles
- IT, networking, and support professionals looking to specialize in security
- Career switchers interested in ethical hacking, cloud security, or SOC operations
- Anyone curious about how cyber attacks are detected, prevented, and investigated
Let’s start with a detailed module-wise cyber security syllabus!
Module 1: Networking & Operating System Fundamentals
networking for cyber security should be dealt with in the beginning because from here, you’ll learn ways to communicate between devices and to identify insecure connections and network attacks, such as phishing, DDoS, and man-in-the-middle attacks. When you learn operating systems, it’ll help you understand how computers manage users, files, and processes, which are common targets for attackers. It helps you spot suspicious activity, such as unauthorized logins, malware, or malicious programs running on a system.
Topics to Cover
| Networking Fundamentals | Operating Systems & Administration |
| OSI and TCP/IP Models | Linux Architecture |
| IPv4, IPv6, and IP Addressing | Linux Command Line |
| Subnetting and Network Segmentation | File Systems |
| Routing, Switching, and VLANs | Process Management |
| DNS, DHCP, and NAT | User & Permission Management |
| Common Ports and Protocols | Windows Security Basics |
| HTTP/HTTPS, FTP, SMTP, and SSH | Basic Bash Scripting |
Tools to Practise
- Wireshark
- Cisco Packet Tracer
- Oracle VM VirtualBox
- tcpdump
- Linux Terminal
Try This
Capture DNS and HTTP traffic using Wireshark and identify the protocols, ports, and IP addresses involved in the communication.
Need resources to get started? Check out Scaler’s Free Tutorials to commence your learning journey!
Module 2: Security Fundamentals, Risk Management & Cryptography
In this module, you’ll have to focus on security Fundamentals, i.e, the basic rules and concepts used to keep computers, accounts, and data safe. Then learn risk Management for figuring out what can go wrong, how serious it is, and what should be fixed first. And lastly, cryptography in cyber security, which will help you in protecting information by turning it into secret code so only the right people can read it.
Topics to Cover
| Security Fundamentals | Risk Management | Cryptography & Access Control |
| CIA Triad | Risk Assessment | Symmetric Encryption |
| Confidentiality | Risk Mitigation | Asymmetric Encryption |
| Integrity | Threat Modeling | Hashing |
| Availability | Security Policies | Digital Signatures |
| Security Controls | Governance Basics | Public Key Infrastructure (PKI) |
| Threats vs Vulnerabilities | – | SSL/TLS |
| Attack Surface | – | Multi-Factor Authentication (MFA) |
| – | – | Single Sign-On (SSO) |
| – | – | Role-Based Access Control (RBAC) |
| – | – | Authentication vs Authorization |
Tools to Practise
- OpenSSL
- Kali Linux
- CyberChef
- Cryptool
- Hash Generators
- Certificate Inspection Tools
Further Reading: What is Cryptography?
Try This
Generate hashes using different algorithms, compare symmetric and asymmetric encryption methods, and inspect SSL/TLS certificates used by websites.
Module 3: Ethical Hacking, Reconnaissance & Penetration Testing
Hackers are always on the lookout to get into systems, and mostly so if they can drain either the information or the value. Hence, it is very important for you to understand the ethical hacking syllabus because it will help you think like a hacker, but in a way that’ll help you find a solution in the best way possible. Here itself, you should also get done with Reconnaissance, which is the process of identifying and gathering information about a target before a security assessment, and Penetration Testing, which is the process of validating whether identified vulnerabilities can be exploited.
Topics to Cover
| Reconnaissance | Scanning & Enumeration | Penetration Testing Lifecycle |
| Passive Recon | Port Scanning | Planning |
| Active Recon | Service Enumeration | Scoping |
| OSINT | Network Mapping | Exploitation |
| Vulnerability Discovery | Post Exploitation | |
| – | Vulnerability Prioritisation | Reporting |
| – | Risk Scoring | – |
| Ethical & Legal Considerations |
| Rules of Engagement |
| Responsible Disclosure |
| Scope Management |
Tools to Practise
Try This
Perform a controlled network scan, identify open ports and services, prioritise discovered vulnerabilities, and document findings for a lab environment.
Exploring careers in technology? Check out Scaler Academy courses to discover learning paths across software development, data science, cybersecurity, AI, and more.
Module 4: Security Tools & Hands-On Labs
Security Tools & Hands-On Labs focus on gaining practical experience with the cyber security tools used by professionals to monitor networks, identify vulnerabilities, analyze security incidents, and assess system security. You’ll have to find guided lab exercises and work with industry-standard tools such as Wireshark, Nmap, Burp Suite, and Splunk to apply all the concepts you have learnt in real-world scenarios.
Topics to Cover
| Network Analysis | Offensive Security Tools | Web Testing Tools |
| Wireshark | Kali Linux | Burp Suite |
| tcpdump | Metasploit | OWASP ZAP |
| Packet Analysis | Nmap | Web Request Analysis |
| Vulnerability Management | Log Analysis | Home Lab Setup |
| Nessus | Splunk Basics | VirtualBox |
| OpenVAS | ELK Stack Basics | Kali Linux VM |
| Vulnerability Scanning | Log Monitoring | Metasploitable |
| Risk Prioritisation | Event Analysis | DVWA |
Try this
Build a home cybersecurity lab using VirtualBox, Kali Linux, Metasploitable, and DVWA. Perform network discovery, vulnerability scanning, basic web application testing, and document the findings in a security assessment report.
Need some help to learn these concepts? Check out this Cyber Security Tutorial for free!
Module 5: Web & Application Security
Web & Application Security focuses on protecting websites and applications from common security vulnerabilities that can expose data, disrupt services, or allow unauthorized access. Most importantly, you need to study the OWASP Top 10, which is a widely recognized list of the most critical web application security risks, and explore vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection (SQLi), and Cross-Site Request Forgery (CSRF). You should also learn secure coding practices, so it can help you build applications with security in mind and reduce the risk of common attacks.
Topics to Cover
| OWASP Top 10 | Common Vulnerabilities | Secure Development Concepts |
| Broken Access Control | SQL Injection (SQLi) | Input Validation |
| Cryptographic Failures | Cross-Site Scripting (XSS) | Output Encoding |
| Injection Attacks | Cross-Site Request Forgery (CSRF) | Secure Authentication |
| Security Misconfiguration | Server-Side Request Forgery (SSRF) | Session Management |
| Vulnerable Components | Authentication Weaknesses | Secure Coding Basics |
Tools to Practise
- Burp Suite
- OWASP ZAP
Try this
Use a safe testing environment such as DVWA or OWASP Juice Shop to identify common vulnerabilities, analyse insecure application behaviour, and document remediation recommendations.
Module 6: SOC Operations, Threat Detection & Incident Response
Imagine an employee clicks a phishing link. The attacker tries to log in using stolen credentials. A monitoring tool notices unusual activity and raises an alert. Now the security team has to figure out: Is this a real attack? Which account was affected? Did the attacker access any data? What should we do next? This process of detecting, investigating, containing, and recovering from attacks is called Incident Response. Along the way, you’ll come across tools like SIEM, which collect logs and alerts from different systems, and concepts like IAM and Cloud Security, which focus on controlling access and protecting cloud resources.
Topics to Cover
| Security Operations Centre (SOC) | SIEM Platforms | Incident Response Lifecycle |
| SOC Roles | Splunk | Preparation |
| Security Monitoring | ELK Stack | Detection |
| Alert Triage | Microsoft Sentinel | Analysis |
| Escalation Workflows | Log Correlation | Containment |
| Case Management | Dashboard Monitoring | Eradication |
| – | – | – |
| – | Alert Investigation | Recovery |
| Threat Intelligence | Threat Hunting |
| IOC Analysis | Threat Hunting Basics |
| Threat Feeds | Log Investigation |
| TTP Analysis | Hypothesis-Based Hunting |
Tools to Practise
- Splunk
- ELK Stack
- Microsoft Sentinel
- VirusTotal
- MISP (Threat Intelligence Platform)
- MITRE ATT&CK Mapping
Try This
Investigate a simulated phishing attack by reviewing email headers, analysing indicators of compromise (IOCs), tracing affected systems, and creating an incident response report documenting the detection, analysis, containment, and recovery process.
Module 7: Cloud Security & Identity Access Management (IAM)
Cloud platforms are now a standard part of enterprise infrastructure, making cloud security fundamentals and identity management essential topics in modern cybersecurity training. This module focuses on securing cloud environments, managing user access, implementing security controls, and understanding the shared responsibility model followed by major cloud providers.
Topics to Cover
| Cloud Fundamentals | Identity & Access Management (IAM) | Cloud Security Controls |
| IaaS | IAM Policies | Encryption |
| PaaS | Least Privilege | Security Groups |
| SaaS | Role-Based Access Control (RBAC) | Secrets Management |
| Shared Responsibility Model | Privileged Access Management (PAM) | Cloud Logging |
| Multi-Cloud Concepts | Identity Federation | Key Management |
| Major Cloud Platforms |
| AWS Security Basics |
| Azure Security Basics |
| Google Cloud Security Basics |
Tools to Practise
- AWS IAM
- Microsoft Entra ID (Azure AD)
- AWS CloudTrail
- Azure Monitor
- Google Cloud IAM
Try This
Create IAM users and roles, apply least-privilege access policies, configure multi-factor authentication, and review cloud activity logs to validate access controls and account activity.
Module 8: Emerging Cyber Security Trends for 2026
Most cybersecurity curricula focus on established concepts such as networking, cryptography, security operations, and cloud security. This module highlights the cyber security trends 2026 professionals are increasingly encountering across enterprise security programs, certification updates, and modern security architectures.
Topics You Need to Cover
| Security Trends | AI & Emerging Threats |
| Zero Trust Security | AI Security Fundamentals |
| Continuous Threat Exposure Management (CTEM) | Prompt Injection Attacks |
| Identity-Centric Security | AI-Powered Threat Detection |
| Security Automation | Deepfake Threats |
| Post-Quantum Cryptography | AI Risk Management |
Recommended Resources
- NIST AI Risk Management Framework
- OWASP Top 10 for LLM Applications
- Google Cloud: Introduction to Zero Trust
- IBM Post-Quantum Cryptography Resources
Try This
Evaluate a prompt injection scenario, review a Zero Trust access model, and compare traditional encryption approaches with emerging post-quantum cryptography concepts.
Certifications That Strengthen Your Cyber Security Career
Completing a cyber security syllabus gives you the technical foundation, but certifications can help validate those skills for employers. The right certification depends on your experience level, career goals, and area of specialization.
Cyber Security Certifications Roadmap
| Career Stage | Certification | Best For | Skills Covered |
| Beginner | ISC2 Certified in Cybersecurity (CC) | Students, graduates, career switchers | Security principles, network security, security operations, and access control |
| Beginner – Intermediate | CompTIA Security+ | Entry-level cybersecurity roles | Risk management, incident response, security architecture, cloud security |
| Intermediate | Certified Ethical Hacker (CEH) | Ethical hacking and penetration testing roles | Reconnaissance, scanning, exploitation, vulnerability assessment |
| Intermediate | CompTIA CySA+ | SOC and threat detection roles | Threat hunting, SIEM, incident response, threat intelligence |
| Intermediate – Advanced | ISC2 CCSP | Cloud security professionals | Cloud architecture, IAM, cloud security controls |
| Advanced | ISC2 CISSP | Security analysts, architects, managers, consultants | Security engineering, governance, risk management, security operations |
Which Certification Should You Choose?
- Just starting out? Begin with the ISC2 Certified in Cybersecurity (CC) or CompTIA Security+.
- Interested in ethical hacking? Consider CEH after building strong networking and security fundamentals.
- Planning a SOC or blue-team career? CompTIA CySA+ aligns well with threat detection and incident response skills.
- Interested in cloud security? CCSP is one of the most recognised cloud-focused certifications.
- Aiming for senior security roles? CISSP remains one of the most respected cybersecurity certifications worldwide.
Recommended Certification Path
ISC2 CC -> CompTIA Security+ -> CEH / CySA+ -> CCSP -> CISSP
This progression aligns closely with the modules covered in this syllabus, starting with security fundamentals and progressing towards cloud security, security operations, governance, and leadership responsibilities.
Looking for a place to start? Explore Scaler’s free learning resources and cybersecurity tutorial to strengthen the concepts covered throughout this syllabus.
Skills, Projects & Portfolio You’ll Build
Cybersecurity hiring increasingly focuses on practical skills. Alongside certifications, employers often look for evidence that you can investigate incidents, analyse systems, identify vulnerabilities, and communicate findings through reports and documentation.
Portfolio Projects Worth Building
| Project | What It Demonstrates |
| Home SOC Lab | Log analysis, threat detection, alert triage |
| Phishing Investigation Report | Incident response, IOC analysis, reporting |
| Network Traffic Analysis Case Study | Wireshark, packet analysis, protocol investigation |
| Vulnerability Assessment Report | Asset discovery, risk prioritisation, and remediation planning |
| Web Application Security Assessment | OWASP Top 10 testing, vulnerability identification |
| Cloud IAM Security Review | Access control, least-privilege implementation, cloud security fundamentals |
| Threat Intelligence Dashboard | Threat feeds, IOC tracking, security monitoring |
| Security Automation Script | Bash or Python automation for repetitive security tasks |
What Employers Like to See
- Security assessment reports
- Incident investigation write-ups
- Network analysis case studies
- GitHub repositories
- Home lab documentation
- Cloud security configurations
- Security automation projects
- Threat hunting exercises
Building a Strong Portfolio
A portfolio does not need dozens of projects! Three to five well-documented projects that demonstrate investigation, analysis, problem-solving, and reporting skills are often more valuable than a large collection of unfinished labs.
For more project ideas, explore our Cyber Security Projects guide.
Career Paths & Salary After the Syllabus
The subjects covered in this syllabus align with several entry-level and mid-level cybersecurity roles. Depending on your interests, you can specialise in security operations, ethical hacking, cloud security, application security, or security engineering.
| Role | Typical Experience | Average Salary Range (India) |
| SOC Analyst | 0-2 Years | ₹4-6 LPA |
| Security Analyst | 1-3 Years | ₹4-8 LPA |
| Penetration Tester | 1-4 Years | ₹4-10.2 LPA |
| Incident Responder | 2-5 Years | ₹4-15 LPA |
| Cloud Security Engineer | 2-5 Years | ₹6-15 LPA |
| Application Security Engineer | 2-5 Years | ₹6-15 LPA |
| Security Engineer | 3-6 Years | ₹8-17.2 LPA |
| Security Architect | 7+ Years | ₹15-30 LPA |
A common cyber security career path starts with SOC Analyst, Security Analyst, or Junior Penetration Tester roles before progressing into specialised areas such as cloud security, threat hunting, application security, security engineering, or security architecture.
For a detailed role-by-role roadmap, check out this Cyber Security Career Path in detail.
How to Choose the Right Cyber Security Course in 2026
Now that you know what a typical cyber security syllabus looks like, comparing courses becomes much easier. Start by checking whether the curriculum covers the subjects discussed above, including networking, security fundamentals, ethical hacking, security operations, cloud security, IAM, and hands-on labs.
The next step is to see how you can use the syllabus and what must come after. Check which tools are included, whether learners get access to practical projects, and if the course aligns with certifications such as Security+, CEH, CC, or CISSP. Mentorship, lab access, and career support can also influence the overall learning experience.
If you’re evaluating different learning options, you can also check the Cyber Security Course Fees for reference and compare the common training paths and certification costs.
Frequently Asked Questions
1. What subjects are included in a cyber security syllabus?
Cyber security syllabus covers networking, operating systems, security fundamentals, risk management, cryptography, ethical hacking, penetration testing, cybersecurity tools, web application security, SOC operations, incident response, cloud security, IAM, and emerging security trends.
2. Is coding required for cyber security?
Not always, but basic scripting skills can be very helpful. Most entry-level roles require familiarity with Linux commands and simple Python or Bash scripts for automation, log analysis, and security tasks.
3. How long does it take to complete a cyber security course?
The timeline depends on your background and learning format. A beginner may take 6-12 months to cover the fundamentals and build projects, while learners with prior IT or networking experience can often progress faster. Full-time programs generally take less time than self-paced learning.
4. Can I learn cyber security without an IT background?
Yes. Many cybersecurity professionals start with non-technical backgrounds. However, it’s important to spend extra time on networking, operating systems, and basic scripting since these topics form the foundation for more advanced security concepts.
5. Which certifications should I pursue after completing the syllabus?
You can start with the ISC2 Certified in Cybersecurity (CC) or CompTIA Security+ for beginners, followed by CEH for ethical hacking roles. As you gain experience, you can pursue role-specific certifications such as CySA+, CCSP, or CISSP.
6. Does the 2026 cyber security syllabus cover cloud and AI threats?
Yes. Modern cybersecurity curricula increasingly include cloud security, identity and access management (IAM), Zero Trust principles, AI security fundamentals, prompt injection attacks, deepfake threats, and AI-assisted threat detection techniques.
