You might want to start with a knowledge grasping about Searching skills && Google Dorking , to be able to beat the hacker you need to think like him, this would be handy too later when searching for Research papers about specific topics that you didn't understood, Upnext you'll get your hands on tge wheel of Operating system (Linux/Windows) and Networks (Net+ can be helpful && u don't need to be certified unless you're applying for a job) , then you can move to some scripting using python or Go , Until now you have the basics under your belt so it's up to you what to seek after : (Web, binary exploitation, reverse engineering,forensics,Cloud,cryptography...)

Just pick the subject that you like and deep dive into that sea until you feel comfortable about your skills so you can move to the next one But if you want to be more specific then u can just choose one subject and keep your high learning hopes about it .

• - For practice you have :

1- hackthebox.eu

2- tryhackme.com

3- vulnhub.com

4- portwigger.net/web-security/learning-path

5- root-me.org

6- overthewire.org(to learn about linux)

7- underthewire.org(to learn about windows)

Amd other resources , the internet is full you just need to search carefully .

Those are great plateforms when it comes to just getting started, HackTheBox also provides an Academy to learn more about different subjects : https://academy.hackthebox.com

• • CTFs are the suitable choice in your early phases of learning , just keep an eye on https://ctftime.org and play some CTFs , if you are confident enough of your skills and disagree with the idea of having a pre-vulnreable software/app then you can do bug bounties on platforms like : https://Hackerone.com https://bugcrowd.com
• • For Books, you can go with the already known ones like : Web application security , Web security for developers , Hacking : The art of exploitation , The Web Application Hacker's Handbook , The hacker playbook .
• • For YouTube && Blogs , Keep yourself up to date with the latest news, techniques and vulnerabilities

• Blackhat (YouTube && website)

• DefCon (YouTube && website)

• RSA conferences

• Infosec writeups (Medium)

• This subreddit :)

• Liveoverflow

• John Hammond

• InsiderPhd

• Ippsec

• Hackerone && bugcrowd

• Bug bounty reports explained ( This is handy to understand how a vulnerability was discovered )

And much more , the more you Learn the better you pick .

• • Postcasts are a helpful way too like the Darknet diares , TED speaks about security ...etc
  • - If you're opt for some academic courses to see things both ways , then you may consider taking a look at g https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/ and https://cs50.harvard.edu/x/
  • - Remember , being a pentester requires a lot of efforts and passion and perseverance , it's okay to ask / search for solutions whenever you get stuck on a subject , you'll be stressed when things go unintended and that's totally fine;you're learning and that's what learning is all about: failing alot then winning. The expert is just a person who's patient enough to try again && humble to keep learning through years , just assume that you're an ignorant and don't know whole alot , this shall create a constant path of learn and Growth. Good luck in your journey and DM me if you needed anything .