Growth Paths / Cybersecurity
AdvancedFREESkills

Cybersecurity

Find the vulnerability. Exploit it. Document every step of your methodology.

A flag submission without a writeup proves nothing. A writeup that explains how you found the vulnerability and why it worked proves everything. This path builds from mathematical cryptography to real traffic analysis to sanctioned penetration testing — every step produces a real security artifact reviewed by a practitioner who will present new material you haven't prepared. The OSSU Computer Science curriculum (cs.ossu.dev) covers the systems and networking foundations underpinning this path — Powstik provides the proof layer on top of it.

0 required outcomes32 weeksCredential on completion
Enroll — it's free

Path outcomes

10
SkillsOptional

Implement a Cipher From Mathematical Specification and Analyse a Real Vulnerability

Elective foundation. Implement a symmetric cipher from its mathematical specification (no library calls for core operations) and analyse a published cryptographic vulnerability. Reviewed by a security practitioner or CS lecturer who will present a different cipher specification and ask you to identify its key schedule or flaw in real time.

Enroll in outcome →
20
SkillsOptional

Conduct a Network Security Analysis in a Sanctioned Environment

Elective. Capture your own network traffic (Wireshark, your IP in the capture file), document 3 vulnerabilities in your controlled environment, and write remediation recommendations. ALL testing must be on systems you own or have explicit written authorisation to test. Reviewed by a security practitioner who will provide an unseen packet capture for you to diagnose.

Enroll in outcome →
30
SkillsOptional

Build a Threat Model for a Real System You Control

Elective. Build a STRIDE or PASTA threat model for a real system you built or have access to — not a hypothetical. Document mitigations or explicit residual risk acceptance for each threat. Reviewed by a security engineer who asks 'what changes if you add an API gateway here?'

Enroll in outcome →
40
SkillsOptional

Complete a CTF Challenge and Publish a Methodology Write-Up

Elective — the most AI-proof outcome on this path. Complete a minimum medium-difficulty CTF on HackTheBox, PicoCTF, or a CTFtime-listed event with 100+ participating teams. Publish a writeup explaining every exploit: the vulnerability class, how you identified it, the exploitation technique, and what it reveals about the underlying system's security model. The flag proves completion; the writeup proves understanding. ALL testing within the sanctioned CTF platform only — never test systems you do not own or lack explicit written authorisation to test.

Enroll in outcome →

Free resources for this path

Every resource listed here is free. No affiliate links. No sponsored placements.

Dan Boneh and Victor Shoup's complete, free cryptography textbook from Stanford. Covers stream ciphers, block ciphers, MACs, and public-key cryptography with the same mathematical rigour as Boneh's Coursera course — download the PDF directly, no login, no paywall.

HackTheBox's structured learning platform with free tiers covering network analysis, web exploitation, privilege escalation, and CTF methodology. The path to completing the penetration testing step starts here.

The standard reference for web application security testing methodology. Covers how to identify and document the specific vulnerability classes you will encounter in the network security analysis and CTF steps.

The definitive practical reference for web application security. Covers injection attacks, authentication bypasses, access control flaws, and exploitation techniques with real examples. Directly relevant to the CTF writeup step.

Growth Path Credential

Complete all 0 required outcomes to earn your immutable, publicly verifiable Growth Path Credential.

We use analytics to improve Powstik. No ads, ever.