Hi everyone,

I’m a Computer Science engineering student (2nd year) from India and I want to build a serious career in cybersecurity. I’m posting here because I’m a bit confused about what to focus on next, and I’d really appreciate guidance from people already in the field.

My current status:

I understand basic cybersecurity concepts (threats, vulnerabilities, common attack types).

I have basic networking knowledge: TCP/IP, OSI model, ports, DNS, HTTP/HTTPS, routing basics.

I’ve completed Linux basics and I’m comfortable working in it.

I’ve installed Kali Linux (VirtualBox) and explored some tools.

I know HTML & CSS, basic web fundamentals, and I’m slowly learning JavaScript.

I’m interested in web security / offensive security, but I don’t want to jump blindly.

Long-term plan: Master’s in Cybersecurity abroad (Germany/Australia are current options) + strong certifications later (OSCP-level).

Where I’m confused:

Should I strengthen networking and web fundamentals more deeply before going hard into security?

Should I master web fundamentals first (HTTP, cookies, sessions, auth, CORS, etc.) or start web security in parallel?

Is it okay to start web security now (OWASP Top 10, labs) while improving fundamentals side-by-side?

What should my next 6–12 months realistically look like as a student?

How important are CTFs and labs (TryHackMe / Hack The Box) vs theory at my stage?

What beginner mistakes do you often see that I should avoid?

Learning resources question: I’m struggling to find structured and trustworthy YouTube content (too much clickbait and shallow tutorials).

Could you recommend:

Specific YouTube channels or playlists for:

Networking (from a security perspective)

Web fundamentals

Web security / OWASP Top 10

Beginner-friendly offensive security

Creators you personally trust and would recommend over random tutorials

I’m not looking for shortcuts—I want a solid foundation, realistic expectations, and a roadmap that leads to internships, real skills, and eventually a good job.