Part of the Cybersecurity Learning Path Guide — This article is one deep-dive in our complete learning paths series.
Cybersecurity Study Plan: 6-Month Schedule
By HADESS Team | February 28, 2026 | Updated: February 28, 2026 | 14 min read
Table of Contents
- Why Six Months Is the Right Timeframe
- Before You Start: Self-Assessment
- Study Plan Principles
- Month 1: IT Foundations
- Month 2: Networking Deep Dive
- Month 3: Security Fundamentals
- Month 4: Specialization Selection and Skills Building
- Month 5: Hands-On Practice and Certification Prep
- Month 6: Certification, Portfolio, and Job Search
- Weekly Schedule Templates
- Adjusting the Plan for Different Starting Points
- Common Reasons Study Plans Fail
- Tracking Your Progress
- Related Guides in This Series
- Take the Next Step
- Frequently Asked Questions
Why Six Months Is the Right Timeframe
A cybersecurity study plan needs a timeframe that is long enough to build real skills but short enough to maintain urgency. Six months hits that balance.
Shorter plans — 30-day bootcamps, 8-week crash courses — produce surface-level knowledge. You can pass a certification exam through cramming, but you will not have the depth to perform in a job interview or on your first day of work. Employers have seen enough “certified but clueless” candidates to be skeptical of people who went from zero to hired in under three months.
Longer plans — 12-month roadmaps, multi-year degree programs — lose momentum. Life interrupts. Motivation fades. The job market changes while you study. People who take 18 months to prepare often could have started applying at month 8 and learned the remaining skills on the job.
Six months gives you time to build a genuine foundation, earn one or two relevant certifications, complete enough hands-on projects to demonstrate skill, and start job applications while the material is fresh. It assumes you can dedicate 15-20 hours per week. If you can do more, you will move faster. If you can only do 10 hours, extend the plan to 8-9 months but keep the same sequence.
Before You Start: Self-Assessment
Before committing to a study plan, you need an honest picture of where you stand. Not where you think you stand or where you want to stand — where you actually stand right now.
Technical baseline questions:
- Can you explain what an IP address is and how subnetting works?
- Do you know the difference between TCP and UDP?
- Can you navigate a Linux terminal without a tutorial open?
- Do you understand what DNS does and how resolution works?
- Can you explain the difference between authentication and authorization?
If you answered yes to most of these, you can compress Month 1 or skip it entirely. If you answered no to most, Month 1 is where you belong.
Career direction questions:
- Do you know which cybersecurity role you are targeting? (SOC analyst, pen tester, GRC analyst, security engineer)
- Do you understand what that role does day-to-day?
- Have you read 10+ job postings for that role and identified the common requirements?
If you do not have a target role yet, that is fine. Month 3 includes a specialization decision point. But having a target from the start lets you make better decisions about what to study and what to skip.
Take the HADESS skills assessment to get a data-driven picture of your current knowledge gaps and receive personalized recommendations.
Study Plan Principles
These principles keep the plan effective regardless of which specialization you choose:
Build foundations before specializations. Networking, operating systems, and basic security concepts are prerequisites for every cybersecurity role. Skipping them to jump into “the fun stuff” creates gaps that will hurt you later.
Alternate between learning and doing. For every hour of reading or watching videos, spend at least 30 minutes doing hands-on work. Set up a lab, run tools, break things, fix them. Passive learning alone does not build job-ready skills.
One certification at a time. Do not study for two certifications simultaneously. You will dilute your preparation for both. Sequence them: finish one, then start the next.
Weekly accountability. At the end of each week, write down what you learned and what you built. If you cannot articulate it, you did not learn it deeply enough. Share it with a study partner, mentor, or online community for feedback.
Scheduled rest. Build one rest day per week into your plan. Burnout kills more study plans than lack of motivation does. Consistent sustainable effort beats intense unsustainable sprints.
Month 1: IT Foundations
Goal: Build the technology fundamentals that every cybersecurity concept depends on.
Week 1: Operating System Fundamentals
Install VirtualBox and set up two virtual machines — one Windows (use a Microsoft evaluation image), one Linux (Ubuntu). Learn to navigate both operating systems from scratch.
On Windows: file system structure, Task Manager, Event Viewer, services, registry editor, basic PowerShell commands. On Linux: file system hierarchy, permissions (chmod, chown), package management (apt or yum), process management (ps, top, kill), basic Bash commands.
Deliverable: Write a one-page summary of the differences between Windows and Linux file system structures and permission models.
Week 2: Networking Basics
Study the TCP/IP model (not just the OSI model — TCP/IP is what you will actually use). Understand IP addresses, subnet masks, default gateways, and DNS servers. Learn what DHCP does and how ARP resolves addresses.
Practice: configure static IP addresses on your VMs. Set up a simple network between them. Use ping and traceroute to verify connectivity.
Deliverable: Draw a network diagram of your lab environment with IP addresses, subnet masks, and default gateways labeled.
Week 3: Networking Continued
Study TCP and UDP in detail. Understand the three-way handshake, port numbers, and common services (HTTP on 80, HTTPS on 443, SSH on 22, DNS on 53, RDP on 3389). Install Wireshark and capture traffic between your VMs.
Practice: capture a web browsing session and identify the DNS query, TCP handshake, HTTP request, and response in the packet capture.
Deliverable: Write up an analysis of one Wireshark capture, explaining what each packet is doing.
Week 4: Command Line Proficiency
Dedicate a full week to becoming comfortable in the terminal. On Linux: piping, redirection, grep, find, awk, sed basics, file compression, SSH. On Windows: PowerShell cmdlets, getting system information, managing services, querying event logs.
Practice: complete a set of command line challenges. TryHackMe and OverTheWire Bandit both have excellent free Linux command line practice.
Deliverable: Write a Bash script that collects system information (hostname, IP address, running processes, open ports) and saves it to a file.
Month 2: Networking Deep Dive
Goal: Develop the networking knowledge that underpins every security domain.
Week 5-6: Protocols and Services
Study HTTP/HTTPS in detail: methods, headers, status codes, cookies, sessions. Study DNS beyond the basics: record types (A, AAAA, MX, CNAME, TXT, NS), zone transfers, DNS caching. Study email protocols: SMTP, IMAP, POP3, and how email headers reveal information.
Set up a web server (Apache or Nginx) and a DNS server (BIND) in your lab. Configure them, generate traffic, and capture it. Analyze the difference between HTTP and HTTPS in Wireshark captures.
Week 7: Routing, Switching, and Subnetting
Master subnetting. You should be able to look at 192.168.10.0/26 and immediately know the subnet mask, number of hosts, and the range of usable addresses. Practice subnetting exercises daily until it is automatic.
Study how routers make forwarding decisions, how switches build MAC address tables, and how VLANs segment traffic at Layer 2.
Week 8: Wireless and Network Security Basics
Study wireless security protocols: WPA2, WPA3, and their authentication mechanisms. Understand the difference between personal and enterprise wireless security. Study basic network security concepts: firewalls, NAT, DMZ architecture, and VPNs at a conceptual level.
Deliverable: Build a network diagram for a small business with a firewall, DMZ, internal network, and wireless segment. Label the security controls at each boundary.
Month 3: Security Fundamentals
Goal: Build core security knowledge and make your specialization decision.
Week 9-10: Core Security Concepts
Study the CIA triad, security controls (preventive, detective, corrective), access control models (DAC, MAC, RBAC), and basic cryptography (symmetric vs asymmetric encryption, hashing, digital signatures, PKI).
This is where you should begin studying for Security+ if you are not already. Use the exam objectives as your study guide and follow the structure in our Security+ in 90 days guide.
Week 11: Threats, Attacks, and Vulnerabilities
Study common attack types: phishing, malware (ransomware, trojans, rootkits), brute force, SQL injection, cross-site scripting, privilege escalation. For each one, understand how it works, what it looks like in logs, and how to defend against it.
Week 12: Specialization Decision
By this point, you have enough exposure to decide which direction to go:
- SOC Analyst / Defensive Security — if you enjoyed log analysis, alert investigation, and network monitoring during your studies. Read the SOC analyst learning path.
- Penetration Testing / Offensive Security — if you enjoyed finding vulnerabilities and understanding how attacks work. Read the pen testing roadmap.
- GRC / Compliance — if you are drawn to risk management, policy, and governance frameworks.
- Security Engineering — if you prefer building and configuring security tools and infrastructure.
Your specialization decision shapes Months 4-6. Do not agonize over it — you are not locked in. Most security professionals change specializations at least once in their career.
Month 4: Specialization Selection and Skills Building
Goal: Begin building specialization-specific skills while continuing Security+ preparation.
For SOC-track learners:
- Set up Splunk Free or Elastic Security and begin ingesting logs from your lab VMs
- Study Windows Event Log analysis: key Event IDs, log sources, correlation techniques
- Practice with SOC simulation platforms: LetsDefend, CyberDefenders, Blue Team Labs Online
- Study MITRE ATT&CK framework: tactics, techniques, and how SOC teams use it for alert classification
For Pen Test-track learners:
- Install Kali Linux and familiarize yourself with the toolset
- Study the OWASP Top 10 and begin web application testing with DVWA and WebGoat
- Learn Burp Suite: proxy, repeater, intruder
- Practice on TryHackMe or Hack The Box easy-rated machines
For GRC-track learners:
- Study NIST Cybersecurity Framework and ISO 27001 structure
- Learn risk assessment methodologies: qualitative and quantitative
- Study compliance requirements: PCI DSS, HIPAA, SOX, GDPR
- Practice writing security policies and conducting tabletop risk assessments
Regardless of track, continue your Security+ study during this month. It should be your primary certification focus.
Month 5: Hands-On Practice and Certification Prep
Goal: Intensify practical skills and enter the final phase of certification preparation.
Week 17-18: Intensive Lab Work
Dedicate at least 60% of your study time to hands-on practice. Theory should be review at this point, not new learning. Build something, break something, document what you did.
Week 19-20: Security+ Final Prep
Take full-length practice exams. Target 85%+ before scheduling your real exam. Review weak domains. Focus on performance-based question practice — configuring firewalls, analyzing log data, setting permissions.
Schedule your Security+ exam for the end of Month 5 or the beginning of Month 6.
Portfolio development: Start documenting your lab projects, tools you have used, and skills you have built. Create a simple portfolio — a GitHub repository, a personal website, or even a structured document. This becomes interview material.
Month 6: Certification, Portfolio, and Job Search
Goal: Pass Security+, finalize your portfolio, and begin applying for jobs.
Week 21-22: Certification and Recovery
Take your Security+ exam. If you pass, celebrate briefly and then refocus. If you fail, analyze your score report, study your weak areas for two weeks, and retake.
After passing, consider whether a second certification aligns with your timeline. CySA+ for SOC-track, PenTest+ for offensive-track. Only pursue this if you can prepare in 4-6 weeks — otherwise, start applying and earn the next cert while employed.
Week 23-24: Job Search Launch
Update your resume with your certification, lab projects, and specific tools you have used. Tailor it to your target role. Write a cover letter template. Start applying to positions.
Apply to at least 10 positions per week. Track your applications. Prepare for interviews by practicing scenario-based questions specific to your target role.
Network actively: attend local security meetups, join Discord communities (TryHackMe and Hack The Box both have active communities), engage on LinkedIn with content about your learning journey.
Weekly Schedule Templates
For full-time workers (15-20 hours/week):
| Day | Activity | Hours |
|---|---|---|
| Monday | Video lectures/reading | 2 |
| Tuesday | Hands-on lab practice | 2 |
| Wednesday | Video lectures/reading | 2 |
| Thursday | Hands-on lab practice | 2 |
| Friday | Practice questions/review | 1.5 |
| Saturday | Intensive lab session | 4-5 |
| Sunday | Rest or light review | 0-2 |
For students or career changers (25-30 hours/week):
| Day | Activity | Hours |
|---|---|---|
| Monday-Friday | Morning study + afternoon labs | 4-5/day |
| Saturday | Extended lab or project work | 4-5 |
| Sunday | Rest | 0 |
Adjust based on your life. The specific schedule matters less than consistency. Missing three days and cramming on Saturday teaches less than studying every day.
Adjusting the Plan for Different Starting Points
IT help desk or support background (1+ years):
Compress Months 1-2 into 2-3 weeks of review. You already know operating systems and networking at a practical level. Start Security+ study in Week 3 or 4. This puts you on a 4-month timeline.
Computer science degree, no IT experience:
You likely have programming and conceptual knowledge but lack hands-on infrastructure skills. Spend Month 1 on lab setup and practical networking. Skip the theoretical networking concepts you already know. Focus on tools and practical application.
Complete career changer (no tech background):
Follow the plan as written. Consider extending to 8 months if 15-20 hours per week is hard to maintain. Do not skip Month 1 foundations — they are more important for you than for anyone else.
Military or government background:
Your clearance is valuable. Focus on DoD 8570-approved certifications (Security+, CySA+, CASP+). Defense contractors will prioritize your clearance alongside your certifications. You may be able to compress the job search phase significantly.
Common Reasons Study Plans Fail
No accountability structure. Studying alone with no deadlines, no study partner, and no scheduled exam date makes it easy to skip days. Schedule your exam early. Find a study partner or community.
Trying to learn everything. You do not need to know every security tool, framework, and technique before applying for jobs. Learn enough to be dangerous in your target role, then learn the rest on the job. Perfectionism kills progress.
All theory, no practice. Reading about firewalls for 20 hours teaches you less than configuring a firewall for 2 hours. Bias toward action in your study.
Ignoring physical and mental health. Sleep deprivation, poor nutrition, and no exercise degrade your ability to learn and retain information. A sustainable study plan includes taking care of yourself.
Comparing yourself to others. Someone on Reddit passed the OSCP in 30 days. Good for them. They probably had 10 years of IT experience before they started. Your path is your path. Consistent progress beats comparison.
Tracking Your Progress
Use the HADESS assessment tool to benchmark your skills at the start, middle, and end of your study plan. Seeing measurable improvement maintains motivation during the inevitable plateaus.
Track weekly:
- Hours studied
- Topics covered
- Labs completed
- Practice exam scores
- Skills you can now demonstrate that you could not before
Monthly reviews help you decide whether to adjust the plan. If you are ahead, consider compressing the next month. If you are behind, identify what slowed you down and address it. Do not just push everything forward — that leads to a plan that never ends.
Use the HADESS Roadmap Selector to get a personalized study sequence based on your target role and current skill level.
Related Guides in This Series
- How to Self-Study for Security+ in 90 Days
- SOC Analyst Learning Path: From Zero to Hired
- Free vs Paid Cybersecurity Courses: Full Comparison
Take the Next Step
Identify your current skill gaps and get a personalized study recommendation with the HADESS Assessment.
Build a certification-aligned study path with the HADESS Roadmap Selector.
Frequently Asked Questions
Is 6 months enough to break into cybersecurity?
A. Six months is enough to become job-ready for entry-level roles like SOC analyst or junior security analyst if you study consistently at 15-20 hours per week. It is not enough for senior roles or highly specialized positions like penetration testing or security architecture, which require additional experience.
How many hours per week should I study?
A. A minimum of 15 hours per week to complete the plan in 6 months. 20 hours per week is ideal. Below 10 hours per week, extend the plan to 8-9 months to avoid rushing through material. Quality of study time matters more than raw hours — 2 focused hours beat 4 distracted hours.
Should I quit my job to study cybersecurity full-time?
A. Generally no, unless you have significant savings and can afford 6+ months without income. Most successful career changers study part-time while employed. The financial pressure of unemployment often works against effective learning. If your current job offers any IT-adjacent experience, staying in it while studying gives you a stronger resume.
What if I fall behind the study plan?
A. Adjust the timeline, not the content. If you need 8 months instead of 6, that is fine. Do not skip foundational material to stay on schedule. Identify why you fell behind — too many hours planned, ineffective study methods, life events — and address the root cause. Cutting corners on foundations will cost you later.
Can I follow this plan while working full-time?
A. Yes, this plan is designed for people working full-time. The 15-20 hour weekly study commitment breaks down to roughly 2-3 hours on weekday evenings and 4-5 hours on each weekend day. Many people have successfully broken into cybersecurity while working full-time jobs in unrelated fields.
— HADESS Team consists of cybersecurity practitioners, hiring managers, and career strategists who have collectively spent 50+ years in the field.
