ByteSizedSecurity Cybersecurity Insights & Analysis
Career 10 min read Updated

Okurrrr: The Ultimate Free Cybersecurity Career Roadmap

Marc David
Marc David Senior Security Engineer · CISSP
Cybersecurity Career Career Roadmap Free Resources Career Pathfinder
Okurrrr: The Ultimate Free Cybersecurity Career Roadmap

Okurrrr is the free cybersecurity career roadmap most people Googling “how do I break into cybersecurity?” never knew existed — built by one engineer, with 667 certs and a Career Pathfinder, and zero paywalls.

TL;DR: Okurrrr is a free cybersecurity career roadmap that catalogs 667 certifications, 1,241 curated learning resources, 944 MITRE CWE weaknesses, 558 CAPEC attack patterns, 28 industry threat reports, 47 community organizations, the full DEF CON Media archive, and a 10,000+ term NIST Glossary. Built by Moe Baker, a senior cyber workforce practitioner, the site maps everything to NIST NICE, CSF, RMF, AI RMF, OWASP, DoD 8140, and the CISSP CBK. Bookmark it, share it, and use the Career Pathfinder to plan your next 90 days.


Jump to a section:

What is Okurrrr and who is it for?

Direct answer: Okurrrr is a free, browser-based cybersecurity career roadmap that lists 667 certifications, 1,241 learning resources, and a personalized Career Pathfinder mapped to NIST NICE, OWASP, DoD 8140, and the CISSP CBK.

Okurrrr is built around a single idea borrowed from OKRs: “set your Objectives, certifications are the Key Results.” Career changers, hiring managers, mentors, and seasoned engineers all get the same dataset — every major vendor cert, every NICE Special Area work role, and every cost transparency note in one searchable interface. Nothing is gated behind email signups, paid tiers, or invasive analytics, which is rare in the cyber career resource space.

Okurrrr groups its content by who needs it. People still asking “what is cybersecurity, actually?” get glossary entries, beginner certifications, and free training resources. CISOs planning team development get NICE Work Role mappings, DoD 8140 alignment data, and the full CISSP CBK domain coverage. The same database serves both audiences without dumbing anything down for either one.

Why is launching a career in cybersecurity so hard right now?

Direct answer: Launching a career in cybersecurity is hard because the field has 700+ certifications, no canonical degree path, and ATS systems filtering on exact keyword matches. Okurrrr fixes the discovery problem by indexing every cert, role, and framework in one place.

The “cybersecurity talent gap” headline has run for a decade, but the lived reality for someone starting a career in cybersecurity is messier. There is no single entry-level title — candidates apply to roles called SOC Analyst, Security Engineer I, GRC Analyst, Threat Intel Researcher, or Cyber Workforce Specialist, and each one expects a different stack of tools, frameworks, and certs. Without a roadmap, candidates over-index on whichever cert their LinkedIn feed sells the hardest, then wonder why the job description still reads like a foreign language.

Okurrrr’s bet is that the bottleneck is information architecture, not effort. By cross-referencing every cyber career path against the NIST NICE Framework’s 52 Work Roles and 7 Categories, the site lets a beginner answer two questions in one session: “what job do I actually want?” and “what is the cheapest, fastest path to qualify for it?” That alone collapses weeks of Reddit research into one afternoon.

What is inside the free cybersecurity career roadmap?

Direct answer: Okurrrr ships nine integrated datasets: 667 certifications, 1,241 learning resources, the Career Pathfinder, the DEF CON Media archive, a 10,000+ term NIST Glossary, 944 MITRE CWE weaknesses, 558 CAPEC attack patterns, 28 industry threat reports, and 156 notable cybersecurity conferences.

Here is the full content inventory you get without paying or registering:

  • 667 certifications — filterable by vendor, region, level (beginner, intermediate, expert), NICE Category, CISSP Domain, DoD 8140 alignment, and whether free training is available.
  • 1,241 curated learning resources — vendor courses, open-source labs, university programs, and self-study guides, each tagged with a real cost tier (free, freemium, scholarship, low, medium, expensive).
  • Career Pathfinder — pick a NICE Work Role or CISSP Domain and the tool generates a recommended cert ladder, training plan, and progress tracker that lives in your browser’s local storage.
  • DEF CON Media archive — the complete searchable index of talks, slides, and tools from every DEF CON, sorted by year and track.
  • NIST Glossary — 10,000+ terms from the NIST Computer Security Resource Center and the Trustworthy AI Resource Center.
  • MITRE CWE and CAPEC databases — 944 software/hardware weaknesses and 558 attack patterns, filterable by severity, likelihood, and abstraction level.
  • 28 industry threat reports — annual breach reports from Verizon, IBM, Mandiant, CrowdStrike, and others, with publisher and focus-area filters.
  • 47 community organizations — peer groups, mentorship programs, scholarships, and affinity organizations advancing the cyber workforce.
  • 156 cybersecurity conferences — from RSA and Black Hat to regional B-Sides events, with CPE/CEU credit flags.

Every dataset is wired into the same filter UI, so a question like “show me free, beginner-level certs aligned to the NICE Work Role of Cyber Defense Analyst” returns an actionable answer in two clicks.

How does the Career Pathfinder map your cybersecurity career pathway?

Direct answer: The Career Pathfinder asks you to pick a NICE Work Role, CISSP Domain, or job title, then assembles a cybersecurity career pathway of recommended certifications, training, tools, and milestones — saved locally so you can track progress without an account.

Four modes are available: a guided path for first-timers, a build-your-own path for people who already know their destination, a “discover” mode that surfaces a random role to explore, and a credential-hunter mode for people focused on resume signal. The output is not a generic recommendation list — it specifies a primary skill (e.g., “Cyber Defense Analyst”), an optional secondary specialization, and a branching alternative if the primary turns out to be a poor fit.

Progress tracking lives entirely in browser local storage. Nothing is uploaded, no analytics fire on your selections, and there is no account to delete. For a free cybersecurity career roadmap operating without venture funding, that privacy posture is a deliberate design choice worth calling out.

Which certifications and work roles power your cybersecurity career?

Direct answer: For beginners, target CompTIA Security+, ISC2 Certified in Cybersecurity, and the NICE Work Role of Cyber Defense Analyst. For mid-career pivots, the CISSP plus a NICE specialty (cloud, IR, GRC) is the highest-leverage combination.

Okurrrr indexes 667 certs because, genuinely, that many active credentials circulate in the cybersecurity workforce ecosystem. Most of them are noise. The site’s filter collapses the list by NICE Category — filter for “Protect and Defend” and you get the roughly 40 certs that actually map to SOC, incident response, and defensive operations work. Filter for “Securely Provision” and you get the roughly 50 certs relevant to architecture, secure software, and risk management roles.

A practical recipe for someone breaking into cybersecurity: pick one NICE Work Role you genuinely want to do, look at the certs Okurrrr flags as “Beginner” inside that role, pick the cheapest one with free training available, and ship your first cert in 60 to 90 days. That beats the alternative of buying a $1,500 SANS course because a recruiter on LinkedIn told you to. If Okurrrr’s Beginner + Free-Training filter surfaces the Google Cybersecurity Certificate for your target Work Role, my walk-through of how to get the Google Cybersecurity Certificate for free covers both paths — Coursera financial aid and the public-library hack — that make the site’s zero-cost recommendation actionable.

What learning resources and skills does Okurrrr cover?

Direct answer: Okurrrr’s 1,241 learning resources cover every CISSP domain, every NIST NICE skill category, and every major Lightcast cybersecurity skill — from network security and incident response to GRC, cloud security, application security, and AI/ML security.

Skills coverage is where Okurrrr quietly beats most paid roadmaps. The site integrates the Lightcast Open Skills taxonomy — the same labor-market dataset used by many corporate workforce planners — and maps each skill onto the 23 cybersecurity career paths it tracks. When you pick “Cloud Security Engineer,” you see the actual skills employers are paying for in the live job market, not the skills a vendor wants to sell you a course in.

For people who learn best by doing, Okurrrr’s “Free resources available” filter surfaces hands-on labs from sources like TryHackMe, OverTheWire, PortSwigger Academy, OWASP, and university OpenCourseWare. Pair that with the NIST Glossary’s 10,000+ definitions and the site becomes an entire self-study curriculum that costs zero dollars — covering everything an employer would test for in a SOC analyst phone screen.

How does Okurrrr compare to other cybersecurity career resources?

Direct answer: Most cybersecurity career roadmaps cover one slice: certs OR roles OR skills. Okurrrr is the only free resource that integrates all of them, plus the DEF CON archive, NIST Glossary, MITRE CWE/CAPEC, and Lightcast skill data in one interface.

Most career sites in this space have one job. roadmap.sh maps technologies. The official NICE Cyber Career Pathways Tool shows work roles. Vendor sites push their own learning paths. None of them combine certifications, threat intelligence, hands-on labs, weakness catalogs, attack pattern catalogs, and community organizations into a single navigable database.

That integration is the difference between “another link to bookmark” and “the page I open every time someone asks me how to break into cybersecurity.” Treat Okurrrr as the cybersecurity roadmap layer that sits on top of every other reference: opening the CISA Known Exploited Vulnerabilities catalog, MITRE ATT&CK Enterprise reference, and the Resume Optimizer in the same UI you already use for cert planning saves real time during quarterly CPE cycles.

Who is Moe Baker, the engineer behind Okurrrr?

Moe Baker is the architect, designer, curator, and engineer behind Okurrrr. The site went live on March 16, 2026, and he has continued to expand the dataset since launch — additions in the most recent quarter alone include the CISA Known Exploited Vulnerabilities catalog, the MITRE ATT&CK Enterprise reference, the Lightcast Skills Taxonomy integration, and the white papers library.

What is unusual about Okurrrr is not just the content depth — it is that one practitioner shipped it as a free public good. There is no paywall, no upsell to a paid Discord, no LinkedIn-Learning affiliate link. If you find the site useful, the right way to repay it is to share the link with one person trying to break into cybersecurity, and to credit Moe by name when you do.

How to use this cybersecurity roadmap in your first 30 days

Direct answer: In your first 30 days with this cybersecurity roadmap: open the Career Pathfinder, pick one NICE Work Role, identify three certifications and three free learning resources, then book the cheapest cert exam for day 90 to create a forcing function.

A 30-day starter plan that actually moves the needle:

  1. Days 1–3 — Use the Career Pathfinder in “Guided Path” mode. Pick a NICE Work Role you find genuinely interesting, not the one that pays the most. Save it locally.
  2. Days 4–7 — Filter certifications by your saved Work Role, Level: Beginner, and “Free resources available.” Pick exactly one cert. Resist the urge to pick three.
  3. Days 8–14 — Work through three free learning resources from Okurrrr’s library that map to your chosen cert. Track which CWE/CAPEC entries each lab teaches.
  4. Days 15–21 — Read three industry threat reports relevant to your Work Role so you can speak to current attacker behavior in interviews.
  5. Days 22–30 — Schedule the cert exam for a date 60 days out. Use Okurrrr’s Resume Optimizer to map your existing experience onto the Lightcast skill names recruiters search for.

By the end of 30 days you have a saved roadmap, a paid exam slot acting as a deadline, three labs of muscle memory, and a resume aligned to the same skill taxonomy that ATS systems screen on. That is a measurable improvement over the “I’ll figure it out” plan most career changers run on.

For more on why building proof beats stacking credentials, read why portfolios now trump pedigree in cybersecurity hiring. And for the full strategy — from your first IT role through beating automated hiring filters — see our complete cybersecurity career guide.

Bookmark Okurrrr, share it with one person who has been asking how to break into cybersecurity, and credit Moe Baker when you do. Free public goods only stay free when the community amplifies them.

Share This Article

Comments