Build your own cybersecurity home lab (for FREE!)

You already know this, Hands-on experience is the fastest way to break the Catch-22 of cybersecurity.

But now, you don’t need an internship, a job, or a big budget to start building the skills that hiring managers want.

You can do it all for free—right from home.

But, “Sandra, how would you do that?”

Don’t worry.

This week, I’ve put together 3 beginner-friendly cybersecurity projects you can complete using nothing but open-source tools.

AND - here’s my video walkthrough on building your free cyber home lab: https://youtu.be/izmCJlJEvQw

Each one is designed to give you real-world experience that’s perfect for your resume.

So, You don’t have any excuses if you don’t know how to break free from the catch-22.

Now, Let’s get to work.

1. VirtualBox + Kali Linux + Metasploitable 2

This setup is the gold standard for beginners. It teaches you basic offensive cybersecurity skills like scanning, exploiting vulnerabilities, and understanding how attackers think. It’s straightforward to set up and runs on most computers.

👉Tools: VirtualBox (or VMware), Kali Linux, Metasploitable 2.

💡What you’ll learn:

• Reconnaissance with tools like nmap.

• Exploitation with Metasploit.

• Basics of ethical hacking and vulnerability assessment.

Pro Tip: Add a second target, like a Windows 10 Evaluation VM, for variety.

2. TryHackMe + VirtualBox

TryHackMe is an interactive, beginner-friendly platform that provides pre-configured labs, guided tutorials, and challenges. Pair it with VirtualBox so you can practice skills locally.

👉Tools: TryHackMe account (many rooms are free), VirtualBox with Kali Linux.

💡What you’ll learn:

• Foundational concepts like how the internet works (Pre-Security Path).

• Hands-on skills like penetration testing, threat hunting, and CTF (Capture The Flag) challenges.

• How to use tools like Wireshark, Burp Suite, and Metasploit.

Pro Tip: Complete TryHackMe’s "Complete Beginner" path—it’s an amazing crash course.

3. Splunk + Windows Server (Defensive Skills)

If you're more interested in defensive cybersecurity (like SOC Analyst work or blue teaming), setting up Splunk with a Windows system is invaluable. You’ll learn log analysis, threat detection, and incident response—essential skills for many entry-level jobs.

👉Tools: Splunk Free Edition, a Windows 10/Server VM, and Sysmon for generating logs.

💡What you’ll learn:

• Log analysis: Find suspicious activity in event logs (e.g., failed logins, malware).

• Threat hunting: Identify malicious patterns in logs using Splunk’s search queries.

• Incident response basics: What to do after spotting an anomaly.

Pro Tip: Practice parsing logs from TryHackMe’s defensive labs to combine the best of both worlds.

Now, you might be asking. Why would we do this?

These aren’t just exercises—they’re real-world skills you’ll use in the field. By completing even one of these projects, you’ll:

• Build confidence in your technical abilities.

• Gain practical experience with industry-standard tools.

• Have concrete projects to showcase on your resume or in interviews.

And the best part? You don’t need a huge budget or special equipment to get started.

Once you’ve completed one of these labs, you’ll have the foundation to tackle even more advanced skills.

Cheers!

- Sandra