Road Map
A visible record of the certifications, skills, and milestones ahead β the path from engineering leadership into cyber security consulting. Achieved milestones are the foundation; the in-progress and planned stations show where the work is headed and how. Hover or tap any station for the tools, standards, and resources behind it.
-
Tools, resources & standards
- ISO 19011 audit guidelines
- ISO 13053 Six Sigma reference
- QMS audit checklists & non-conformance reports
- BSI / IRCA-approved Lead Auditor course
-
Tools, resources & standards
- DMAIC methodology (Define Β· Measure Β· Analyse Β· Improve Β· Control)
- Process mapping β SIPOC, value-stream
- Pareto and fishbone analysis
- Statistical sampling and control charts
-
Tools, resources & standards
- UK-SPEC Fourth Edition competency framework
- Engineering Council professional standards
- City & Guilds professional review interview
- Career evidence portfolio & CPD log
-
Tools, resources & standards
- Nmap, dig, dnsenum, theHarvester, Wireshark
- Burp Suite, Metasploit, Hydra
- HackTheBox & TryHackMe practical labs
- CREST CPSA Technical Syllabus V2.5
- Cyber Academy CPSA course materials
-
Tools, resources & standards
- ISO/IEC 27001:2022 standard
- Annex A controls catalogue
- ISMS implementation framework
- Risk assessment & treatment plans
- Statement of Applicability authoring
-
Tools, resources & standards
- SIEM platforms (Splunk, Elastic)
- Vulnerability scanning β Nessus, OpenVAS
- MITRE ATT&CK framework
- Threat hunting workflows & log analysis
- Incident response runbooks
-
Tools, resources & standards
- Kali Linux toolchain
- Metasploit Framework, Burp Suite Professional
- Privilege escalation β Linux & Windows chains
- Active Directory exploitation paths
- OffSec PEN-200 course & 24-hour practical exam
-
Technical Security Consultant
Late 2027
What it builds toward
The destination is a Technical Security Consultant role in the UK defence or commercial cyber sector β bringing engineering rigour, audit discipline, and applied offensive security to client-facing assessment and assurance work. Alongside the certification stack, IEng registration with the Institution of Engineering and Technology (IET) is in progress, anchoring the cyber pivot to recognised engineering competence.