Blog
Research
Blog White Papers Case Studies Offensive Security SOC GRC Advisory
Guides
Red Team Guide DevSecOps Guides Vulnerability Research
About Us
Blog
HADESS
Cyber Security Magic

HADESS

Cyber Security Knowledge Hub

How to Get a Cybersecurity Job in 6 Months

hadess08 mins

Part of the Cybersecurity Career Coaching Guide — This article is one deep-dive in our complete coaching series.

How to Get a Cybersecurity Job in 6 Months

By HADESS Team | February 28, 2026 | Updated: February 28, 2026 | 9 min read

Table of Contents

Is 6 Months Realistic

Getting a cybersecurity job 6 months from today is realistic if you have some technical background (IT experience, development, networking) and can dedicate 15-20 hours per week to preparation. If you are starting with no technical background, extend this plan to 9-12 months.

This timeline is based on targeting entry-level roles — SOC Analyst Tier 1, Junior Security Analyst, IT Security Administrator, or GRC Analyst. Specialized roles like penetration tester or security engineer typically require longer preparation.

The 6 months cover three parallel tracks: skill building, certification, and job search. Most people run these sequentially and it takes longer. Running them in parallel compresses the timeline.

Prerequisites and Assumptions

This plan assumes:

  • You have basic IT literacy (you understand what operating systems, networks, and databases are)
  • You can dedicate 15-20 hours per week consistently
  • You have access to a computer capable of running virtual machines
  • You have some budget for certification exam fees ($400-$800)

This plan works best if you also have:

  • IT work experience (help desk, sysadmin, network admin)
  • A computer science or IT degree
  • Previous exposure to networking concepts

Take the HADESS skills assessment before starting to calibrate your actual starting point and adjust the timeline accordingly.

Month 1: Foundation and Assessment

Week 1-2: Assess and plan.

  • Complete the skills assessment to identify specific gaps
  • Research your target role (SOC Analyst is the most accessible for most people)
  • Set up your study environment — schedule 15-20 hours per week in blocks
  • Join one security community (BSides Discord, TryHackMe community, local OWASP)

Week 3-4: Build technical foundations.

  • Set up VirtualBox with Windows 10/11, Ubuntu, and Kali Linux
  • Review networking fundamentals: TCP/IP model, DNS, HTTP, common ports
  • Learn basic Linux command line navigation and file management
  • Start following security news sources (Krebs on Security, Dark Reading, SANS ISC)

Key deliverable by end of month 1:

  • A working home lab environment
  • Understanding of where your skill gaps are
  • A clear study schedule for months 2-6

Hours per week: 15-20 (split between assessment, setup, and foundational study)

Month 2: Security+ Preparation

Full focus on CompTIA Security+ (SY0-701) preparation.

Resources:

  • Professor Messer’s free Security+ video series (primary study material)
  • One practice exam set (Dion Training or CertMaster Practice)
  • Security+ study guide for reference (Gibson or Chapple)

Study approach:

  • Watch video lectures for one domain, then immediately do practice questions for that domain
  • Focus on understanding concepts, not memorizing. If you understand why a control exists, you can answer questions about it from any angle
  • Track weak areas from practice exams and revisit those domains
  • Use the HADESS skills catalog for hands-on practice in areas where Security+ is theoretical

Week 5-6: Domains 1-3 (General Security, Threats/Vulnerabilities, Architecture)
Week 7-8: Domains 4-5 (Operations, Governance) + first full practice exam

Key deliverable by end of month 2:

  • Scoring 75%+ on practice exams consistently
  • Deep understanding of all 5 Security+ domains

Month 3: Security+ Exam and Lab Building

Week 9-10: Final Security+ prep and exam.

  • Take and review 3-4 full practice exams
  • Focus drill sessions on your weakest domains
  • Schedule and pass the Security+ exam
  • Plan your certification path forward with the certification roadmap

Week 11-12: Start building your security lab.

  • Deploy Security Onion or Wazuh for intrusion detection
  • Set up a Splunk free instance and start ingesting logs from your lab VMs
  • Create a vulnerable environment (DVWA, Juice Shop, or Metasploitable) for practice
  • Document everything — your lab setup is the start of your portfolio

Key deliverable by end of month 3:

  • Security+ certification earned
  • A functional security lab with monitoring and a vulnerable target
  • Lab documentation started for your portfolio

Month 4: Hands-On Skills and Portfolio

This month is about building demonstrable skills and portfolio content.

Week 13-14: SOC-focused skills.

  • Write and test 5+ Splunk queries for common attack detection
  • Investigate 10+ simulated alerts end-to-end (from detection to documentation)
  • Build custom Splunk dashboards for network traffic and authentication events
  • Practice with HADESS workspace labs for structured scenarios

Week 15-16: Portfolio development.

  • Write up 3 CTF challenge solutions from TryHackMe or HackTheBox
  • Document your complete lab architecture with network diagrams
  • Write 1-2 blog posts explaining something you learned (a tool walkthrough, a CTF solution, or a concept explanation)
  • Create or polish your GitHub profile with organized repositories

Key deliverable by end of month 4:

  • 5+ documented lab scenarios
  • 3+ CTF write-ups
  • 1-2 blog posts or technical write-ups
  • A GitHub portfolio showing real security work

Read our detailed guide on building a cybersecurity portfolio for specific project ideas.

Month 5: Job Search Launch

Parallel tracks: continue skill building while actively job searching.

Week 17-18: Resume and job search preparation.

  • Build your security-focused resume using the resume builder
  • Frame IT/previous experience with security language
  • Include portfolio items, certifications, and lab projects
  • Optimize your LinkedIn profile with security keywords and portfolio links
  • Read our LinkedIn guide for cybersecurity professionals

Week 19-20: Active applications.

  • Apply to 10-15 positions per week (SOC Analyst, Junior Security Analyst, IT Security Admin)
  • Customize your resume for each application category
  • Use the HADESS job board and LinkedIn, Indeed, CyberSecJobs
  • Network: attend a BSides, OWASP meetup, or virtual security event
  • Reach out to security recruiters who specialize in entry-level placement

Key deliverable by end of month 5:

  • A polished, security-focused resume
  • 30-40 applications submitted
  • Active networking in progress
  • At least 2-3 screening calls or interviews scheduled

Month 6: Interview and Close

Week 21-22: Interview preparation.

  • Practice technical questions for your target role
  • Prepare STAR stories for behavioral questions
  • Do mock interviews (with friends, coaching sessions, or self-recorded)
  • Prepare thoughtful questions for each interviewer
  • Use the interview management tool to track your pipeline

Week 23-24: Execute and close.

  • Continue interviewing and applying
  • Follow up on every application and interview
  • If you receive an offer, negotiate (use the salary calculator for market data)
  • If no offers yet, assess and adjust strategy (see next section)

Key deliverable by end of month 6:

  • Multiple interviews completed
  • Ideally: a job offer in hand or in final stages

If Month 6 Passes Without an Offer

This is not failure — it is common. Entry-level security job searches can take 3-6 months of active searching. Here is how to diagnose and fix the issue:

Not getting interviews (resume problem):

  • Have your resume reviewed by someone who hires security professionals
  • Check that your resume contains the right keywords for ATS systems
  • Expand your geographic search or include remote positions
  • Consider coaching for targeted resume feedback

Getting interviews but not offers (interview problem):

  • Practice more mock interviews
  • Ask for feedback from companies that rejected you
  • Review your technical knowledge in weak areas
  • Work on communication clarity

Getting final-round interviews but losing out:

  • The competition is real — other candidates may have more experience
  • Continue building skills and portfolio items while searching
  • Consider a bridge role (IT role with security responsibilities) to gain experience
  • Apply to a wider range of companies

Consider additional certifications:

  • CySA+ for SOC-focused roles
  • Cloud certifications if targeting cloud security
  • SSCP if targeting broader security analyst roles

The career path explorer can help you reassess your target roles and adjust your approach.

Related Guides in This Series

Take the Next Step

Start with your baseline. The HADESS skills assessment tells you exactly where you stand and what to prioritize in your 6-month plan.

Explore cybersecurity career paths in the career path explorer to choose your target role.

Get personalized guidance. Book a coaching session for a tailored 6-month plan based on your background.

Get started freeCreate your HADESS account and begin your 6-month cybersecurity career plan.

Frequently Asked Questions

Can I do this while working full-time?

Yes. The plan assumes 15-20 hours per week, which fits alongside a full-time job if you use evenings, weekends, and commute time. It requires consistent discipline — missing multiple weeks extends the timeline.

What if I have zero IT background?

Extend to 9-12 months. Add 3-4 months of IT fundamentals (networking, OS basics, scripting) before month 1 of this plan. Some people also pursue CompTIA A+ or Network+ first.

Is Security+ enough to get hired?

For many entry-level roles, yes — combined with a portfolio showing hands-on skills. Some positions require or prefer CySA+ or a cloud certification. Security+ removes the most common resume screening barrier.

How many jobs should I apply to?

10-15 per week during active job search months. Customize your resume for each application category. Quantity matters for entry-level roles because screening criteria vary widely between companies.

What if I cannot afford certification exams?

CompTIA offers voucher discounts. ISC2 offers a free CC certification. Some employers reimburse certification costs after hiring. WGU degrees include certification exam vouchers in tuition.

HADESS Team consists of cybersecurity practitioners, hiring managers, and career strategists who have collectively spent 50+ years in the field.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News