Cyber security encompasses so many tools, concepts, and technologies that it's no feasible to become an expert in all of them. Below are the ones I am most capabale of using.
TryHackMe.com has been my go-to resource for improving my cybersecurity knowledge and skills. My profile can be viewed at tryhackme.com/p/PecosBill and shows how consistent and dedicated I have been in my self-education. I've recently expanded to include HackTheBox as well as Portswigger's Web Security Academy in my education. These platforms have introduced me to cybersecurity fundamentals such as the OWASP Top Ten, hashing, encryption, and the beginnings of penetration testing. I'm by no means an expert, but I'm really enjoying the journey so far.
I am very comfortable using Burp Suite for a variety of web application testing jobs. Portswigger has an excellent learn path focused on Burp Suite's capabilities that I am currently working through. I would eventually like to be a certified practitioner, but for the time being I am very capable using Burp Suite for SQL injection testing, cookie capture, and credential cracking from wordlists.
Nmap was one of the first command line tools I got comfortable with in a Linux environment. This was almost out of necessity due to how essential Nmap is during the inital phases of most CTFs. In my experience it falls into the category of "easy to learn, tough to master". For most CTF uses there will generally only be one target and for the most part there isn't too much concern about having an aggressive footprint so more often than not it's fine to launch Nmap with some very basic -v, -O flags and be set.
I'm very comfortable using Nmap and referring to the documentation for specialized use cases, but there's always more to learn. Recently I've been practicing using it more for network mapping as I build out my home-lab as well as learning about Zenmap for a GUI version of the Nmap experience.
I don't currently have access to Splunk Enterprise as part of my day job, but fortunately Splunk provides many courses for learning the platform. Below is a list of my completed courses in reverse chronological order. One of my more long term and ambitious projects is to use a series of automated scripts along with active directory and some kind of webserver to generate network traffic that includes legitimate traffic, but also includes deliberately failed log-in attempts and suspicious behavior. Since I would have written the scripts I could then use Splunk to search for them and know definitively if I was successful.
Getting Data Into Splunk