My certification roadmap is deliberately structured to build from theoretical foundation through to the gold standard of offensive security. Each cert is chosen for a specific purpose — no box ticking, no padding.
The roadmap is designed around my situation: working full time in cyber security, studying in evenings, and building practical skills through real commercial work rather than labs. By the time I sit OSCP in 2030 I hope to be doing penetration testing professionally every day.
Post-OSCP I will specialise in web application offensive security — the natural extension of my current AppSec work at The Royal Mint.