# Learning Path — From Where You Are to Cloud Engineer ## Your Advantage You don't have a blank canvas. You have a live production system you built — eleven services running across two hosts with SSO, active-active failover, and shared databases. Most people study networking in a textbook. You configured Cloudflare DNS, set up Tailscale, debugged a Docker networking ufw issue, and traced a distributed systems bug in OAuth2. That's hands-on experience that study alone can't replicate. The goal now: attach the vocabulary, depth, and theory to things you've already done. --- ## Phase 1 — Complete A+ Core 2 (Exam goal: July 7, 2026) **Focus areas that directly map to your homelab:** | A+ Core 2 Topic | Your Homelab Connection | |----------------|------------------------| | Linux command line | You've been using it — now learn the theory | | Security fundamentals | Cloudflare Tunnel, ufw, Tailscale private networking | | Scripting basics | The bash commands you've run | | Troubleshooting methodology | The `invalid_grant` debug process | | Remote access | SSH, SSH tunnels (you used `-L` forwarding) | **Study approach:** - Professor Messer's Core 2 videos (free YouTube) - Jason Dion practice exams on Udemy — aim for 85%+ before scheduling - For each topic, ask: "Where did I see this in my homelab?" --- ## Phase 2 — CCNA (3–6 Months) The CCNA will make everything in your homelab make deeper sense. After CCNA, re-read the networking.md file in this repo and you'll see how much more you understand. **Study approach:** 1. **Jeremy's IT Lab** (free YouTube + Anki flashcards) — start here 2. **Packet Tracer labs** (free from Cisco) — build networks, don't just watch 3. **Subnetting practice** — do it daily until it's instant. Use subnettingpractice.com 4. **Week 1-4:** OSI model, TCP/IP, subnetting, Ethernet, switching 5. **Week 5-8:** VLANs, Spanning Tree, inter-VLAN routing 6. **Week 9-16:** IPv4 routing (OSPF, EIGRP), IPv6, ACLs, NAT 7. **Week 17-20:** WAN, wireless, security, automation basics, practice exams **Labs to build in Packet Tracer that map to your homelab:** - Build the monk + kscloud1 network topology - Simulate the Cloudflare Tunnel concept with a router acting as the "edge" - Set up ACLs that mimic your ufw rules --- ## Phase 3 — AWS SAA-C03 (After CCNA) **Study approach:** 1. **Stephane Maarek's course** (Udemy) — the industry standard 2. **AWS Free Tier** — rebuild your homelab services as AWS equivalents: - Forgejo → CodeCommit - Custom portal → S3 static website + CloudFront - Prometheus/Grafana → CloudWatch - Authentik → Cognito - Docker Compose → ECS Fargate - Tailscale → VPC + PrivateLink 3. **Tutorial Dojo practice exams** — Jon Bonso's exams are the most accurate **For each AWS service you study, map it back to your homelab:** | AWS | Your Homelab Equivalent | |-----|------------------------| | EC2 | Hetzner VPS (kscloud1) | | S3 | Static file storage | | VPC | Docker bridge network (kitestacks) | | ALB + CloudFront | Cloudflare Tunnel + edge | | RDS | Shared Postgres on kscloud1 (Authentik + Forgejo) | | ElastiCache | Shared Redis on kscloud1 | | CloudWatch | Prometheus + Grafana | | Route 53 | Cloudflare DNS | | IAM | Authentik RBAC / groups (homelab-admin) | | Secrets Manager | .env files (what you'd replace) | | ECS / Fargate | Docker Compose (what you use) | | VPC Peering | Tailscale overlay | | Confluence/SharePoint | BookStack | | ServiceNow | OSTicket | --- ## Phase 4 — Hands-On Learning Between Certs Don't just study. Build. **Projects to add to your homelab that teach real cloud concepts:** 1. **Add Terraform** — define your kscloud1 server in Terraform so you can destroy and recreate it in minutes. This is Infrastructure as Code, a core cloud skill. 2. **Add a CI/CD pipeline** — set up Forgejo Actions (Forgejo's built-in CI/CD) so that pushing to a repo automatically tests and deploys changes. This is what DevOps engineers do all day. 3. **Add Vault** — replace .env files with HashiCorp Vault for secrets management. Real production environments never use .env files. 4. **Add Kubernetes** — migrate one or two services from Docker Compose to a local k3s cluster. k3s is lightweight Kubernetes — you have enough RAM on monk. 5. **Add automated backups** — write a script that backs up your Docker volumes to an S3 bucket (or kscloud1) nightly. Each of these is a cert objective AND a portfolio item. --- ## Daily Practice Habits **15 minutes per day beats 3 hours on weekends.** - **Subnetting:** Do 10 subnet calculations per day during CCNA study - **Flashcards:** Anki for networking concepts, AWS services - **Logs:** Check `docker logs` on a different service each day — understand what it's saying - **Break something:** Pick one service per week, deliberately misconfigure it, diagnose and fix it. Document what you broke and how you fixed it. - **Read error messages:** When something breaks, read the full error before Googling. Form a hypothesis first. --- ## Resources — Free First | Topic | Resource | Cost | |-------|----------|------| | A+ Core 2 | Professor Messer (YouTube) | Free | | CCNA | Jeremy's IT Lab (YouTube) | Free | | CCNA labs | Cisco Packet Tracer | Free | | AWS SAA | AWS Skill Builder free tier | Free | | Python | automate the boring stuff (automatetheboringstuff.com) | Free | | Docker | docs.docker.com "Get Started" | Free | | Git | git-scm.com/book | Free | | Linux | linuxcommand.org | Free | | Networking deeper | tcpdump / Wireshark tutorials | Free | **Worth paying for:** - Stephane Maarek's AWS SAA on Udemy ($15 on sale — never pay full price) - Tutorial Dojo AWS practice exams ($15) - Jason Dion A+/CCNA practice exams on Udemy ($15) --- ## How to Know You're Ready to Interview You're ready when you can: 1. Explain the OAuth2 authorization code flow from memory without notes 2. Subnet any /24 or /25 network in under 30 seconds 3. Describe what happens at each layer of the OSI model when you ping google.com 4. Walk someone through what happens when a request hits www.kitestacks.com 5. Explain the difference between authentication and authorization 6. Describe what a VPC is and why it exists 7. Answer "what would you do differently?" with a real answer (not "nothing")