Career guide
Build the Moat: IT Career Guide
A modular playbook for breaking into IT, building durable skills, and establishing your brand in the agentic engineering age, designed through CTO, CIO, and CISO lenses.
On this page
- Part I: The Landscape: How We Got Here and Where It’s Going
- How We Got Here
- The C-Suite Perspective: What Leadership Actually Wants
- The Five-Year Moat: Skills That Survive AI
- Part II: The Philosophy: How to Use This Guide
- This Is a Guide, Not a Curriculum
- The Portfolio Is the Brand
- Getting Paid While You Learn
- Part III: The Playbook: A Modular Skill-Building Framework
- Module 1: Hardware and Operating Systems
- Module 2: Networking Fundamentals
- Module 3: Enterprise IT and Service Delivery
- Module 4: Identity and Access Management (IAM)
- Module 5: Scripting and Automation
- Module 6: Cloud Foundations
- Module 7: DevOps and Modern SDLC
- Module 8: Security Engineering and SSDLC
- Module 9: API Development and Databases
- Module 10: Agentic Engineering
- Part IV: The Certification Roadmap
- Part V: Communities, Repos, and Ongoing Learning
- Communities
- GitHub Repos to Learn From
- Books
- Closing: The Moat Is the Journey
A strategic guide to breaking into IT, building durable skills, and establishing your brand in the agentic engineering age.
This isn’t a bootcamp curriculum. It’s a modular playbook, designed through CTO, CIO, and CISO lenses, for anyone looking to enter the tech industry, build real skills, gain employment and side gigs, and establish a brand backed by documented proof of work.
Use it as a guide. Dip your toes in. Build knowledge. Operationalize it. Document the journey. The journey is the portfolio. The portfolio is the brand.
The philosophy in one line: your brand is not what you say you can do. Your brand is what you can show you have done. Every script, every lab, every blog post, every project is proof of work. Not hype. Not certification badges stacked on LinkedIn. Real, verifiable evidence of capability that grows over time. The moat is not one skill. It’s the compound effect of all of them, documented, demonstrated, and continuously expanding.
This guide spans 2026 through 2030 and beyond. It’s modular and interoperable: you do not have to follow it linearly, and you do not have to complete every section.
Part I: The Landscape: How We Got Here and Where It’s Going
How We Got Here
If you are reading this in 2026, you are standing at a point in the technology industry that comes around maybe once every 15–20 years. The last time the industry restructured at this scale was the cloud migration wave of 2008–2015, when entire IT departments had to learn to think in services instead of servers. Before that, it was the internet boom of the late 1990s that created an entirely new category of work.
What is happening now is arguably bigger than both.
Large language models and agentic AI systems are fundamentally changing how technology is built, operated, and secured. But here is the part most people miss: AI is not replacing IT professionals. It is replacing IT professionals who cannot adapt. The people who understand the foundations, how systems actually work, how networks communicate, how identity flows through an enterprise, how data is secured, and who then learn to orchestrate AI agents across those foundations, are going to be in a category of their own.
This guide exists because the path into IT has always been unclear, but right now it is more confusing than ever. Do you learn cloud? Do you learn AI? Do you get certifications? Do you build a homelab? Do you learn to code? The answer is yes, but in the right order, at the right depth, and with the right framing.
The C-Suite Perspective: What Leadership Actually Wants
Every hiring decision, every budget allocation, every strategic initiative in IT ultimately flows from the priorities of three roles: the CTO, the CIO, and the CISO. Understanding what they care about tells you exactly where to aim.
The CTO’s View: Build and Scale
The CTO cares about whether systems can be built, maintained, and scaled. They are thinking about software delivery velocity, platform reliability, and technical debt. In 2026, the CTO is asking:
- Can we ship faster without breaking things? (CI/CD, DevOps, platform engineering)
- Can we use AI to accelerate our engineering teams? (Agentic coding tools, copilots)
- Do our people understand the full stack from infrastructure to application? (Systems thinking)
- Can we automate the repetitive work so engineers focus on high-value problems? (Automation, IaC)
The CTO’s moat: People who understand systems end-to-end, compute, network, storage, identity, application, pipeline, and who can orchestrate AI agents across that stack. This is rare and getting rarer.
The CIO’s View: Deliver and Manage
The CIO cares about IT service delivery. They own the relationship between technology and the business. They manage budgets, vendors, and the employee technology experience. In 2026, the CIO is asking:
- Can we reduce ticket volume through self-service and automation?
- Can we manage devices, identities, and access at scale? (Intune, Entra ID, Okta)
- Can our people communicate technical decisions to non-technical stakeholders?
- Are we getting value from our Microsoft 365 / Google Workspace investment?
The CIO’s moat: People who understand service delivery frameworks (ITIL) AND can automate them. The person who can take a manual 8-step provisioning process and turn it into a one-click workflow, and explain why it matters in business terms, is invaluable.
The CISO’s View: Secure Everything
The CISO cares about risk. They are responsible for protecting the organization from breaches, compliance failures, and insider threats. In 2026, the CISO is asking:
- Are we implementing Zero Trust correctly? (Identity-first security, conditional access)
- Can we detect and respond to threats faster? (Detection engineering, SOAR, agentic IR)
- Is security embedded in our development pipeline? (SSDLC, shift-left security)
- Do our people understand compliance requirements? (HIPAA, SOX, PCI-DSS, SOC 2)
- Can we manage the risk that AI itself introduces? (AI governance, prompt injection, data leakage)
The CISO’s moat: People who build with security from day one. Identity and access management, data protection, compliance awareness, and secure automation. Security skills become MORE valuable as AI accelerates insecure development.
The Five-Year Moat: Skills That Survive AI
A moat, in career terms, is a durable competitive advantage that is difficult to replicate and remains valuable regardless of how the industry shifts. Here are the moats that will hold through 2030 and beyond:
- Identity & Access Management (IAM). Zero Trust is the security architecture of the decade. Every cloud, every app, every device connects through identity. AI can automate provisioning, but designing and governing access policies requires human judgment and regulatory understanding.
- API Design & Integration. Every system connects through APIs. Understanding how to build, consume, and secure them is permanent infrastructure knowledge. AI generates API code faster, but architecture decisions, versioning strategy, and security design remain human work.
- Cloud Architecture & Security. Workloads continue moving to cloud. Multi-cloud and hybrid are the norm. Security in shared-responsibility models is complex. AI assists with configuration, but understanding cost optimization, compliance mapping, and disaster recovery requires context AI lacks.
- Infrastructure as Code (IaC). Declarative, version-controlled infrastructure is the permanent paradigm. Terraform, Ansible, Pulumi, Bicep, the tools change, the concept stays. AI writes IaC code well, but reviewing it for security, understanding blast radius, and managing state requires operational experience.
- Observability & Incident Response. Systems will always break. Detecting, diagnosing, communicating during, and learning from failures is evergreen. AI accelerates root cause analysis, but incident command, stakeholder communication, and post-incident improvement are deeply human.
- Security Engineering & SSDLC. AI makes it easier to build things fast. That means more things built insecurely. Security review, threat modeling, and compliance validation scale with output. AI tools find vulnerabilities faster, but triaging risk, understanding business context, and building remediation strategy require judgment.
- Systems Thinking. Understanding how compute, network, storage, identity, and application layers interact. This is the meta-skill that makes everything else learnable. AI operates within defined boundaries; understanding the whole system, and what happens when boundaries break, is a human capability.
- Automation & Orchestration. The tools change every 3–5 years. The ability to see a manual process and automate it does not. This is a mindset, not a technology. AI is the most powerful automation tool ever created, the people who know how to wield it win.
- Communication & Documentation. Explaining technical concepts to non-technical people. Writing docs that actually help. Leading an incident bridge call. Building trust. AI drafts, but it cannot navigate organizational politics, earn trust during a crisis, or mentor a junior engineer.
- Agentic Engineering. Designing, deploying, governing, and troubleshooting AI agent systems. This skill barely exists today. In five years it will be a core job function. This IS the AI skill. The people who master it define the next era.
Part II: The Philosophy: How to Use This Guide
This Is a Guide, Not a Curriculum
This document is designed to be modular and interoperable. You do not have to follow it linearly. You do not have to complete every section. You use it the way it was intended:
- Dip your toes in. Start with whatever section matches where you are right now.
- Build knowledge. Go deeper into the areas that resonate with your interests and the job market signals you are seeing.
- Operationalize. Apply what you learn to real projects, real labs, real problems. Knowledge without execution is trivia.
- Document. Write about it, record it, push it to GitHub. Your journey is your portfolio.
- Establish your brand. Not through hype or exaggeration, through a verifiable, documented body of work that proves what you can do.
The Portfolio Is the Brand
There is a temptation in the tech industry to build a personal brand through social media presence, LinkedIn posts, and certification badge collections. These have some value. But the most durable brand is built on proof of work.
Proof of work means:
- A GitHub repository with real scripts, real configurations, real projects, with commit history that shows your thinking over time
- A blog or documentation site where you explain what you built, why you built it, what went wrong, and what you learned
- Lab documentation with architecture diagrams that show you understand how systems connect
- Certifications that validate knowledge you already demonstrated through hands-on work, not certifications you crammed for without understanding
When a hiring manager compares two candidates, one with an A+ certification and nothing else, and one with an A+ certification plus a documented homelab, 15 blog posts, a GitHub with automation scripts, and a Cloud Resume Challenge project: the second person gets the interview every time. And when they get the interview, they have something to talk about.
Your brand is not what you say you can do. Your brand is what you can show you have done. Document the journey. The journey is the product.
Getting Paid While You Learn
One of the biggest mistakes people make when transitioning into IT is waiting until they feel “ready” to start working. You do not need to wait. There are ways to earn income from technology-adjacent work almost immediately, and each step builds skills, confidence, and resume credibility:
Immediate Opportunities (Month 1–3)
- Remote customer support at tech companies: companies like Automattic, Zapier, HubSpot, and Shopify hire remote support with minimal experience. Search We Work Remotely and Remote.co.
- Freelance PC repair and setup: post on Nextdoor, Facebook Marketplace, Craigslist. $50–$75 per visit. Real troubleshooting, real customers.
- Retail tech roles: Geek Squad, Micro Center, Staples. Not glamorous, but real hardware and real pressure.
Apprenticeship Programs (Often Free, Sometimes Paid)
- Year Up: paid tech apprenticeship, many cities + remote: yearup.org
- Per Scholas: free IT training + job placement: perscholas.org
- NPower: free tech training for young adults: npower.org
- Apprenti: tech apprenticeships: apprenticareers.org
- Merit America: career mobility programs: meritamerica.org
Month-to-Month Trial Roles
Many small MSPs (Managed Service Providers) and startups will bring someone on for a 2-week to month-to-month trial period. Email 10–20 local MSPs directly: “I’m building my IT skills and I’ll work at a reduced rate or free for two weeks so you can evaluate me.” This works more often than people expect.
Contract and Staffing Agencies
TEKsystems, Robert Half, Insight Global, Apex Systems, Randstad, these agencies place thousands of entry-level IT people every year. Many roles start as 3–6 month contracts that convert to full-time. Call them directly. Don’t just apply online.
Side Gigs on Trusted Platforms
As your skills grow, trusted platforms become income sources and brand builders:
- Upwork, Fiverr: IT troubleshooting, PowerShell automation, cloud setup, documentation writing
- Toptal (once you have 1–2 years of experience), higher-end freelance engineering
- Technical writing: contribute to documentation for open-source projects or write for community publications
- Homelab/IT consulting for small businesses: M365 setup, device management, basic security hardening
Every paid gig adds to the portfolio. Every portfolio piece strengthens the brand. The brand generates more opportunities. This is a flywheel, not a ladder.
Part III: The Playbook: A Modular Skill-Building Framework
The following modules are organized by domain, not by month. Use them in whatever order makes sense for where you are. Each module tells you: what the skill is, why it matters, how to learn it, what to build with it, and what it unlocks next.
Module 1: Hardware and Operating Systems
Why it matters: Every system in the world runs on physical hardware managed by an operating system. If you do not understand what a CPU does, what RAM is, how storage works, and how an OS manages these resources, you will be building on sand. This is the foundation.
What to Learn
- Computer components: CPU, RAM, storage (HDD/SSD/NVMe), motherboard, PSU, NIC, GPU
- How an operating system manages hardware, processes, memory, and I/O
- Windows administration: Task Manager, Event Viewer, Services, Device Manager, Control Panel, PowerShell basics
- Linux administration: file system navigation, permissions, package management, systemd, journalctl, SSH
How to Learn It
- Harvard CS50 (free): cs50.harvard.edu/x
- Code.org: How Computers Work (free YouTube playlist)
- The Linux Command Line (free book): linuxcommand.org
- VirtualBox (free): virtualbox.org
- Ubuntu Desktop 24.04 (free): ubuntu.com/download/desktop
What to Build
- Budget PC Build ($200–$400 from used parts), document with photos, parts list, and lessons learned
- Linux VM in VirtualBox, practice daily terminal commands, install and configure services
- PowerShell and Linux cheat sheets, push to GitHub as first repository content
- Blog post: document the PC build or your first week exploring Linux
What It Unlocks
Service desk readiness, homelab capability, foundational understanding for everything that follows.
Module 2: Networking Fundamentals
Why it matters: Every technology system communicates over a network. Email, web apps, cloud services, VPNs, printers, phones, all of it is networking. If you cannot explain how an IP address works, what DNS does, or why a device can’t reach the internet, you cannot troubleshoot the most common problems in IT.
What to Learn
- IP addressing, subnet masks, default gateways, CIDR notation
- DNS (translates names to IPs), DHCP (assigns IPs automatically)
- Ports and protocols: HTTP (80), HTTPS (443), SSH (22), RDP (3389), DNS (53), SMTP (25/587)
- OSI model (understand it conceptually, don’t just memorize it)
- Troubleshooting commands: ping, tracert/traceroute, nslookup, ipconfig/ip a, netstat
- VLANs, firewalls, NAT, VPN concepts (deeper, but essential for mid-level)
How to Learn It
- Professor Messer: Network+ (free): professormesser.com
- NetworkChuck (free YouTube): youtube.com/c/NetworkChuck
What to Build
- Document your home network: draw a diagram, label every device, identify IPs, gateway, DNS
- Set up a pfSense or OPNsense VM as a virtual firewall, create firewall rules, practice segmentation
- Configure WireGuard VPN access to your homelab from your phone
Module 3: Enterprise IT and Service Delivery
Why it matters: This is where the jobs are. The majority of entry-level IT roles exist in enterprise environments running Microsoft 365, Active Directory, Intune, and ticketing systems. This module directly prepares you for help desk, service desk, and desktop support positions.
What to Learn
Microsoft 365 Administration:
- User lifecycle: create, license, disable, delete accounts in Entra ID (Azure AD)
- Exchange Online: shared mailboxes, distribution lists, mail flow rules
- Teams: policies, channels, guest access
- SharePoint/OneDrive: permissions, sharing, site management
Active Directory:
- Domain Controllers, Organizational Units, Group Policy Objects
- User and group management, NTFS permissions, domain joining clients
Intune (Endpoint Manager):
- Device enrollment, compliance policies, configuration profiles, app deployment
- Autopilot, Conditional Access integration, Windows Update for Business
Purview (Data Security and Compliance):
- Sensitivity labels, Data Loss Prevention (DLP), retention policies, audit logs
- Critical in regulated industries: healthcare (HIPAA), finance (SOX/PCI), government
ITIL Service Delivery:
- Incident Management, Problem Management, Change Management, Service Request fulfillment
- How to write professional ticket notes and escalation documentation
How to Learn It
- M365 Developer Program (free sandbox): developer.microsoft.com
- Windows Server 2022 Eval (free 180 days): microsoft.com
- Microsoft Learn, M365 Admin: learn.microsoft.com
- Microsoft Learn, Intune: learn.microsoft.com
- Microsoft Learn, Information Protection: learn.microsoft.com
- Freshdesk (free tier): freshworks.com
- Jira Service Management (free tier): atlassian.com
What to Build
- Full M365 sandbox with 10+ users, groups, shared mailboxes, Teams, SharePoint
- Active Directory domain with OUs, users, GPOs, and domain-joined client VM
- Intune enrollment with compliance policies and app deployment
- Practice tickets in a real ticketing platform with professional documentation
Certifications for This Module
- CompTIA A+ (Core 1 & 2): Professor Messer (free) + Jason Dion Practice Exams (~$15)
- Microsoft SC-900: Microsoft Learn
- MS-102 or SC-300: Microsoft Learn
Module 4: Identity and Access Management (IAM)
Why it matters: IAM is one of the most accessible entry points into security-adjacent work. It is remote-friendly, high-demand, and doesn’t require years of experience or advanced degrees to break into. Every organization needs people who understand identity lifecycle, access governance, SSO, MFA, and conditional access.
What to Learn
- Microsoft Entra ID: Conditional Access, PIM, SSO configuration, passwordless authentication
- Okta: identity provider configuration, application SSO, lifecycle management
- Duo (Cisco): MFA deployment and policy configuration
- Protocols: SAML, OAuth 2.0, OpenID Connect (OIDC), understand what they do and when each is used
- JumpCloud: popular in SMB/startup environments
- Privileged Access Management concepts (CyberArk, BeyondTrust, stretch goals)
How to Learn It
- Microsoft Entra ID: Your M365 Developer tenant
- Okta (free developer account): developer.okta.com
- Duo Security: duo.com
What to Build
- Configure SSO for multiple applications in your Entra ID and Okta tenants
- Set up Conditional Access policies: require MFA for risky sign-ins, block access from non-compliant devices
- Document an IAM architecture showing how identity flows through your lab environment
Module 5: Scripting and Automation
Why it matters: The difference between a technician and an engineer is automation. A technician resets 10 passwords manually. An engineer writes a script that resets them from a CSV and logs every action. The mindset shift from “I do the work” to “I build the system that does the work” is the single biggest career accelerator in IT.
What to Learn
PowerShell:
- Active Directory automation: user creation, group management, bulk operations from CSV
- M365 management: license reporting, inactive account identification, automated offboarding
- Scheduled tasks, error handling, parameterized scripts, logging
- Book: “Learn PowerShell in a Month of Lunches” (Manning)
Bash:
- System administration: user management, backup rotation, log parsing, cron jobs
- Text processing: grep, awk, sed, powerful and come up in interviews
Python:
- API integration: Microsoft Graph API, monitoring APIs, ticketing system APIs
- Automation: file operations, data parsing, report generation
- Book: “Automate the Boring Stuff with Python” (free online)
What to Build
- Automated user onboarding/offboarding script (PowerShell + AD/M365)
- Automated backup system with rotation (Bash + cron)
- IT dashboard that queries multiple APIs and generates reports (Python)
Module 6: Cloud Foundations
Why it matters: Workloads are in the cloud and they are not coming back. Understanding how cloud infrastructure works, virtual machines, networking, storage, identity, security groups, cost management, is table stakes for mid-level roles and above.
What to Learn
- Compute: VMs, containers, serverless functions, when to use each
- Networking: virtual networks, subnets, security groups, load balancers, DNS zones
- Storage: blob/object, file, block, understand the trade-offs
- Identity: service principals, managed identities, RBAC
- Security: shared responsibility model, key management, CSPM
How to Learn It
- Azure Free Account ($200 credit): azure.microsoft.com/free
- Microsoft Learn, AZ-900: learn.microsoft.com
- Cloud Resume Challenge: cloudresumechallenge.dev
What to Build
- Deploy VMs, virtual networks, storage, and NSGs in Azure
- Complete the Cloud Resume Challenge: website + serverless counter + CI/CD pipeline + blog post
- Document cloud architecture with diagrams
Module 7: DevOps and Modern SDLC
Why it matters: Modern IT treats infrastructure like software, defined in code, version-controlled, tested, and deployed through pipelines. Companies are moving in this direction and the people who bridge traditional operations and software-driven infrastructure are extremely valuable.
What to Learn
- Git: branching, pull requests, merge strategies, code review
- Docker: containerization, multi-stage builds, Docker Compose
- Terraform: infrastructure as code for cloud resources
- Ansible: configuration management and system automation
- GitHub Actions: CI/CD pipelines for build, test, scan, deploy
- Kubernetes (basics): pods, deployments, services, enough to understand the ecosystem
How to Learn It
- Git Tutorial (freeCodeCamp): YouTube
- Docker Tutorial (TechWorld with Nana): YouTube
- Terraform Tutorials: developer.hashicorp.com
- Ansible Getting Started: docs.ansible.com
- GitHub Actions Docs: docs.github.com
- KodeKloud ($17/mo): kodekloud.com
- 90DaysOfDevOps community repo: GitHub
ITIL → DevOps Bridge
If you came up through service delivery, this is the conceptual bridge to the engineering side:
| ITIL Process | DevOps Implementation |
|---|---|
| Change Management | Pull requests, code review, CI/CD with approval gates |
| Incident Management | Monitoring + alerting + automated runbooks |
| Problem Management | Observability (logs, metrics, traces) + blameless postmortems |
| Service Request | Self-service portals, automation, chatbot fulfillment |
| Configuration Management | Infrastructure as Code, Git-tracked configurations |
Module 8: Security Engineering and SSDLC
Why it matters: AI makes it easier to build things fast. That means more things built insecurely. Security review, threat modeling, and secure development practices scale with engineering output. The CISO’s team cannot grow fast enough. Security engineering skills are becoming more valuable, not less.
What to Learn
- Shift-left security: SAST, SCA, secrets scanning, container scanning
- API security: OWASP API Top 10, authentication, rate limiting, input validation
- Cloud security: shared responsibility, network segmentation, key management, CSPM
- Zero Trust architecture: identity-centric security, micro-segmentation, least privilege
- Compliance frameworks: HIPAA, SOX, PCI-DSS, SOC 2, NIST CSF, understand the requirements at a conceptual level
How to Learn It
- CompTIA Security+ (free course): Professor Messer
- TryHackMe (free + paid): tryhackme.com
- Snyk (free tier): snyk.io
- Trivy (free): trivy.dev
- CIS Benchmarks: cisecurity.org
Module 9: API Development and Databases
Why it matters: APIs are the connective tissue of modern IT. Understanding how to build, consume, secure, and troubleshoot them is non-negotiable for anything beyond entry level. Databases back every application. Understanding data persistence opens backend, data engineering, and analytics doors.
What to Learn
- REST principles: HTTP methods, status codes, headers, JSON request/response
- Build CRUD APIs with Python (FastAPI), modern, beginner-friendly, auto-generates docs
- Microsoft Graph API: programmatic M365 management
- SQL fundamentals: SELECT, JOIN, GROUP BY, indexes, transactions (PostgreSQL)
- NoSQL concepts: document stores (MongoDB), key-value (Redis), when to use which
How to Learn It
- FastAPI: fastapi.tiangolo.com
- PostgreSQL: postgresql.org
- Microsoft Graph API: learn.microsoft.com/graph
- freeCodeCamp: freecodecamp.org
What to Build
- IT asset tracker API: CRUD operations, PostgreSQL backend, JWT authentication, Swagger docs
- Microsoft Graph integration: script that queries users, devices, or sign-in logs
Module 10: Agentic Engineering
Why it matters: This is the new frontier. Agentic engineering is designing systems where AI agents autonomously perform complex, multi-step tasks within defined boundaries. It is not “using ChatGPT.” It is building systems that use AI as a runtime, with tools, memory, guardrails, and human-in-the-loop approval flows.
The progression of capability:
| Stage | Approach | Example |
|---|---|---|
| Manual | Human does every step | Reset passwords one at a time through admin console |
| Scripted | Human writes and runs a script | PowerShell script bulk-resets from a CSV |
| Automated | System triggers scripts on events | CI/CD pipeline runs the script when a ticket is submitted |
| Agentic | AI agent orchestrates the workflow | Agent reads ticket, verifies request, resets password, updates ticket, notifies user, logs everything |
What to Learn
- Claude Code (Anthropic): docs.anthropic.com, command-line agentic coding tool
- Anthropic API (Messages, tool use, function calling): docs.anthropic.com
- Model Context Protocol (MCP): modelcontextprotocol.io
- OpenAI API: platform.openai.com
- Ollama (local models): ollama.com
- Open WebUI (chat interface): openwebui.com
What to Build
Project: IT Self-Service Agent. Build an agent that handles common IT requests (password resets, group changes, license assignment) via Microsoft Graph API with approval workflows.
Project: Automated Incident Response Agent. Agent monitors services, diagnoses outages, attempts remediation, and escalates with diagnostics if auto-fix fails.
Project: Security Compliance Scanner. Agent scans systems against CIS Benchmarks, generates compliance reports, and optionally auto-remediates low-risk findings.
Project: Documentation Agent. Agent scans network inventory, identifies drift from documented state, and auto-updates wiki documentation.
Local Model Hosting, AI Workstation Build:
- GPU is the key component: used NVIDIA RTX 3060 12GB (budget), RTX 3090/4070 (more capable)
- Run models locally for development, testing, and privacy-sensitive tasks
- Understand when to use local vs cloud models: cost, privacy, capability trade-offs
Part IV: The Certification Roadmap
Certifications validate knowledge. They do not replace it. Get the hands-on experience first, then certify to prove it. The order below follows a natural progression from entry-level to specialist.
| Certification | Cost (approx) | Purpose | When You’re Ready |
|---|---|---|---|
| CompTIA A+ (Core 1 & 2) | $700 total | Universal entry-level IT credential | After Modules 1–3 |
| Microsoft SC-900 | $165 | Security, compliance, identity fundamentals | After Module 3 |
| ITIL 4 Foundation | ~$400 | IT service management language | After Module 3 + employment |
| MS-102 or SC-300 | $165 | M365 Administrator or Identity & Access Admin | After Modules 3–4 |
| CompTIA Security+ | $404 | Entry-level security credential | After Module 8 basics |
| AZ-900 | $165 | Azure Fundamentals | After Module 6 |
| AZ-104 or AZ-500 | $165 | Azure Administrator or Security Engineer | After Modules 6–8 |
| Terraform Associate | $70 | Infrastructure as Code validation | After Module 7 |
Part V: Communities, Repos, and Ongoing Learning
Communities
- r/ITCareerQuestions, Career advice and job hunting
- r/sysadmin, System administration community
- r/homelab, Homelab builds, ideas, and help
- r/cybersecurity, Security community
- Local meetups: ISSA chapters (security), ISACA chapters, AWS/Azure user groups, Linux user groups
- LinkedIn: post weekly about what you are learning. Engage with IT content. The network is the asset.
GitHub Repos to Learn From
Study other people’s code, documentation, and approaches:
- awesome-selfhosted, massive list of self-hosted services
- 90DaysOfDevOps, community-driven DevOps learning journey
- docker/awesome-compose, Docker Compose example configurations
- terraform-best-practices, how to structure Terraform projects
- ansible-examples, official Ansible playbook examples
- awesome-mcp-servers, MCP server implementations and examples
- awesome-powershell, curated PowerShell resources
- awesome-python, curated Python frameworks and tools
Books
- “Learn PowerShell in a Month of Lunches”: Manning
- “The Phoenix Project” (DevOps culture): Amazon
- “The Linux Command Line” (free): linuxcommand.org
- “Automate the Boring Stuff with Python” (free): automatetheboringstuff.com
Closing: The Moat Is the Journey
There is no shortcut to building a moat. There is no certification that replaces operational experience. There is no LinkedIn post that substitutes for a GitHub repository with real code and real commit history.
But there is a process. And the process is simple, even if it is not easy:
- Start wherever you are. Pick a module. Do the first exercise.
- Build something. Not a perfect something, a real something. A VM, a script, a blog post, a PC build.
- Document it. Screenshots, writeups, architecture diagrams, lessons learned.
- Share it. Push to GitHub. Post on LinkedIn. Write the blog. Your journey is your credibility.
- Get paid. Customer support, freelance repair, MSP trial, apprenticeship, contract work, service desk. Any door that opens.
- Go deeper. Operationalize what you know. Automate what is manual. Secure what is exposed. Build what does not exist.
- Repeat. The moat is not one skill. It is the compound effect of all of them, documented, demonstrated, and continuously expanding.
The people who will thrive in the agentic engineering age are not the ones with the most certifications or the flashiest LinkedIn profiles. They are the ones who can show their work: a portfolio of real projects, real labs, real writing, real automation, and real impact that grew over months and years of consistent effort.
That portfolio is your brand. And that brand is your moat.
Start today. Build something. Document it. Share it. Get paid. Go deeper. Repeat.