Blog
Research
Blog White Papers Case Studies Offensive Security SOC GRC Advisory
Guides
Red Team Guide DevSecOps Guides Vulnerability Research
About Us
Blog
HADESS
Cyber Security Magic

HADESS

Cyber Security Knowledge Hub

Cybersecurity Learning Path 2026

hadess025 mins

Cybersecurity Learning Path 2026: Structured Roadmaps for Every Career Track

Part of the HADESS Career Resources — This guide covers how to build a structured learning path for any cybersecurity specialization. Explore our deep-dives on the SOC analyst learning path, penetration testing roadmap, and CompTIA certification pathway below.

By HADESS Team | February 28, 2026 | Updated: February 28, 2026 | 21 min read

A cybersecurity learning path for 2026 needs to account for where the field actually is right now — not where it was three years ago when most learning roadmaps were written. Cloud security is no longer a specialization; it is baseline knowledge. AI-augmented security tools are standard in most SOCs. Compliance requirements have expanded. And the people getting hired are the ones who can demonstrate practical skills, not just collect certifications.

This guide provides structured learning paths for the major cybersecurity career tracks, breaks down the self-taught versus formal education question, gives you a framework for building a study plan that survives contact with real life, and explains how to use free and paid resources effectively. We have seen what works because we have coached hundreds of people through these paths, and the patterns are clear.

Table of Contents

Why You Need a Structured Learning Path

The cybersecurity field is broad enough that you can spend years learning things that do not move your career forward. Without a structure, most people fall into one of two traps:

The certification collector trap. You accumulate credentials — Security+, CySA+, CEH, maybe a cloud cert — without developing the practical skills that those certifications are supposed to represent. You have a stack of certificates and cannot investigate an incident or configure a firewall rule. Hiring managers see this pattern constantly and it does not impress them.

The rabbit hole trap. You find a topic interesting — malware analysis, kernel exploitation, CTF competitions — and spend months going deep on it while neglecting the foundational skills that employers actually screen for. You can reverse engineer a binary but cannot explain how DNS works.

A structured learning path solves both problems by sequencing your learning in the right order and ensuring you build both breadth and depth in the areas that matter for your target role. The structure does not have to be rigid — life happens, interests shift, opportunities appear — but it needs to exist as a baseline.

The people who break into cybersecurity fastest are almost always the ones who picked a specific target role, identified the minimum viable skill set for that role, built those skills in the right order, and then proved they had them through projects and certifications. That is what a learning path formalizes.

Self-Taught vs Formal Education

This is one of the most common questions, and the answer is less binary than most people think.

The Case for Self-Taught

The cybersecurity industry is more credential-flexible than most fields. A relevant four-year degree is not required for the majority of roles, and many hiring managers explicitly value self-taught candidates who demonstrate initiative and practical skills.

Self-taught advantages:

  • Speed. A focused self-study program can prepare you for an entry-level role in 6-12 months. A degree takes 2-4 years.
  • Cost. Self-study with free and low-cost resources costs a few hundred dollars for certifications and lab materials. A degree costs $20,000-$120,000+.
  • Relevance. Self-study curricula can track current tools and techniques. University curricula often lag the industry by 2-5 years.
  • Flexibility. You study on your schedule, at your pace, focusing on what your target role actually requires.

Self-taught challenges:

  • Structure. You have to build your own curriculum, which requires knowing what to learn and in what order — a chicken-and-egg problem for beginners.
  • Validation. Without a degree, certifications and portfolio projects carry the full burden of proving your knowledge.
  • HR filters. Some organizations — particularly large enterprises and government agencies — use degree requirements as resume filters. This is decreasing but has not disappeared.
  • Networking. University provides built-in professional networking. Self-taught learners need to build their network deliberately.

The Case for Formal Education

A degree provides structure, credentials, and networking opportunities that self-study does not. Certain paths benefit more from formal education:

  • Government and military roles frequently require degrees (BA/BS minimum, sometimes MA/MS) for specific clearance levels and pay grades.
  • Management track roles increasingly expect degrees, especially at the director and CISO level.
  • International careers in countries where degree requirements are more strictly enforced.

The best formal programs teach security fundamentals alongside hands-on skills. Programs aligned with NIST NICE Framework competencies or NSA/DHS Centers of Academic Excellence in Cybersecurity designations are generally stronger than generic IT degrees with a security elective tacked on.

The Pragmatic Answer

For most people targeting practitioner roles (SOC analyst, pen tester, security engineer, GRC analyst), self-taught plus certifications is the fastest and most cost-effective path. If you have time and resources for a degree, pursue one — it will not hurt. But do not delay entering the field for four years to complete a degree if you can start building practical skills now.

If you already have a degree in any field, you have already cleared the HR filter at most organizations. Adding security certifications and practical skills on top of an existing degree is the strongest combination.

The SOC Analyst Learning Path

The SOC analyst path is the most well-defined entry point into cybersecurity. Here is a month-by-month breakdown:

Foundation Phase (Month 1-2)

Networking:

  • TCP/IP fundamentals — understand every layer and how data traverses the stack
  • DNS, HTTP/HTTPS, SMTP, SMB, RDP — know these protocols cold because you will see them in every investigation
  • Subnetting and network architecture — understand how enterprise networks are segmented
  • Wireshark — install it, capture traffic from your own network, learn to read pcap files

Operating Systems:

  • Windows fundamentals — Active Directory basics, Windows Event Log structure, common services and their ports
  • Linux command line — file navigation, process management, log analysis with grep/awk, user management
  • Virtualization — set up VirtualBox or VMware, create VMs for both Windows and Linux

Recommended resource: Professor Messer’s CompTIA Network+ series (free on YouTube) covers networking. TryHackMe’s Pre-Security and Introduction to Cyber Security paths cover OS basics.

Security Fundamentals Phase (Month 2-3)

CompTIA Security+ Study:

  • Study the SY0-701 objectives systematically
  • Use multiple sources: video course, textbook, practice exams
  • Focus especially on threats and vulnerabilities, security operations, and incident response domains
  • Take practice exams until you consistently score above 85%
  • Sit the exam

During this phase, also start:

  • Reading security news daily (Krebs on Security, The Record, BleepingComputer)
  • Following the MITRE ATT&CK framework — understand tactics, techniques, and procedures at a high level
  • Learning basic Python scripting — enough to parse a CSV file and make API calls

SOC-Specific Skills Phase (Month 3-5)

SIEM Training:
Pick one platform and learn it well:

  • Splunk: Free tier available. Splunk Fundamentals 1 is free. Learn SPL (Search Processing Language).
  • Elastic Security: Free, open-source. Learn KQL. Set up an ELK stack in your lab.
  • Microsoft Sentinel: Free tier available in Azure. Learn KQL (same as Elastic).

Detection Engineering Basics:

  • Write detection rules in your chosen SIEM
  • Understand false positive rates and tuning
  • Map detections to MITRE ATT&CK techniques
  • Build a library of 10-20 detection rules in your lab

Log Analysis Practice:

  • Windows Event Logs: Know Event IDs 4624, 4625, 4648, 4688, 4720, 7045 and what they mean
  • Web server logs: Apache/Nginx access logs and what attack patterns look like
  • Authentication logs: Failed logins, password sprays, credential stuffing patterns
  • DNS logs: Tunneling indicators, DGA detection, suspicious query patterns

EDR Fundamentals:

  • Understand how endpoint detection works
  • If possible, get hands-on with a free EDR trial (LimaCharlie offers a free community edition)
  • Practice investigating endpoint telemetry

Incident Response Basics:

For the full detailed path, see our SOC analyst learning path guide.

Job-Ready Phase (Month 5-6)

  • Complete CySA+ or BTL1 certification for additional validation
  • Build and document your home SOC lab
  • Practice interview questions (use the HADESS interview management tool)
  • Begin applying to SOC Analyst Tier 1 positions at MSSPs and enterprises
  • Build your resume with HADESS

The Penetration Testing Path

Penetration testing is harder to break into than SOC work because there are fewer entry-level positions and the skill bar is higher. Here is the path:

Foundation Phase (Month 1-3)

Everything in the SOC analyst foundation phase above, plus:

  • Deeper Linux administration (you will live in a terminal)
  • More advanced networking (routing, VPN, tunneling, proxying)
  • Basic web development understanding (HTML, JavaScript, how web apps are built)
  • Python scripting at an intermediate level (writing custom tools, modifying exploits)

Offensive Fundamentals (Month 3-5)

Methodology:

  • Learn a structured pen testing methodology (OWASP Testing Guide for web, PTES for infrastructure)
  • Understand scoping, rules of engagement, and legal considerations

Tools:

  • Nmap: Advanced scanning techniques, script scanning, output parsing
  • Burp Suite: Proxy, Scanner, Intruder, Repeater — learn the Community Edition thoroughly
  • Metasploit: Module structure, exploitation, post-exploitation, pivoting
  • Gobuster/ffuf: Directory and subdomain enumeration
  • Hashcat/John: Password cracking fundamentals
  • Kali Linux: Navigate it like it is your daily driver

Attack Categories:

  • Web application attacks: OWASP Top 10 in practice, not just theory
  • Network attacks: Service enumeration, exploitation, lateral movement
  • Active Directory attacks: Kerberoasting, AS-REP roasting, Pass-the-Hash, BloodHound
  • Privilege escalation: Windows and Linux priv esc techniques systematically
  • Post-exploitation: Persistence, data exfiltration, evidence cleanup

Practice and Certification (Month 5-8)

Practice Platforms:

  • HackTheBox: Work through machines methodically, starting with Easy and progressing to Medium
  • TryHackMe: Complete the Offensive Pentesting path
  • PortSwigger Web Security Academy: Free, excellent web app testing labs
  • VulnHub: Download vulnerable VMs for offline practice

Certification:

  • eJPT for initial practical certification (if you need a quick credential)
  • OSCP as the target certification — this is the industry standard for penetration testers
  • TCM Security’s PNPT as an alternative that is less expensive and still well-regarded

Report Writing:

  • Practice writing findings for every machine or challenge you complete
  • Follow a standard format: description, severity, evidence, remediation
  • Build a portfolio of sample reports

For the full breakdown, see our penetration testing roadmap.

The Cloud Security Path

Cloud security requires both cloud platform knowledge and security expertise. Here is how to build both:

Cloud Fundamentals (Month 1-2)

Pick one platform to start. AWS is the most common in job postings, so it is the default recommendation:

  • AWS Cloud Practitioner-level knowledge (you do not need the cert, but the material is the right scope)
  • Core services: EC2, S3, IAM, VPC, CloudTrail, CloudWatch, RDS, Lambda
  • Networking in the cloud: VPCs, subnets, security groups, NACLs, routing tables
  • Identity: IAM users, roles, policies, federation, SSO
  • Free Tier: Set up an AWS account and build things — do not just watch videos

Security Fundamentals (Month 2-3)

If you do not already have Security+, earn it during this phase. Cloud security requires foundational security knowledge as a prerequisite.

Cloud Security Specifics (Month 3-5)

AWS Security Services:

  • GuardDuty: Threat detection, alert investigation, integration with Security Hub
  • Security Hub: Centralized security findings, compliance checks, custom insights
  • CloudTrail: API activity logging, trail configuration, log analysis
  • IAM Access Analyzer: Policy analysis, unused permissions, external access detection
  • AWS Config: Configuration compliance, custom rules, remediation automation
  • KMS: Key management, encryption at rest, envelope encryption

Infrastructure as Code Security:

  • Terraform security scanning (tfsec, Checkov)
  • CloudFormation validation
  • Policy as code (Open Policy Agent, Sentinel)

Container Security:

  • Docker security basics (image scanning, least-privilege containers, read-only filesystems)
  • Kubernetes security (RBAC, network policies, Pod Security Standards, admission controllers)
  • Container image supply chain (base image selection, vulnerability scanning, image signing)

Cloud Incident Response:

  • How cloud IR differs from on-premises IR
  • CloudTrail log analysis for investigating compromises
  • Containment techniques (security group modification, IAM credential revocation)
  • Forensic data collection in cloud environments

Certification and Job Readiness (Month 5-7)

  • AWS Security Specialty certification — this is the target cert for AWS cloud security roles
  • Build a portfolio project: secure AWS architecture documented in Terraform with proper IAM, logging, monitoring, and incident response automation
  • Consider CCSP (Certified Cloud Security Professional) for a vendor-neutral cloud security credential

The CompTIA Certification Pathway

CompTIA certifications provide a well-defined progression path, especially for people early in their careers:

The Core Path

Step 1: CompTIA A+ (Optional)
Only if you have zero IT experience. A+ covers basic IT support and troubleshooting. If you have any IT background, skip this.

Step 2: CompTIA Network+
Networking fundamentals that underpin everything in security. You do not necessarily need the certification, but you need the knowledge. If you are going to sit one optional CompTIA exam, make it this one.

Step 3: CompTIA Security+ (SY0-701)
The entry point into security. Required or preferred for the majority of entry-level security roles. Budget 2-3 months of study time.

Step 4: CompTIA CySA+ (Defensive Track)
For SOC and defense-oriented roles. Covers security analytics, threat detection, and incident response at a deeper level.

OR

Step 4 (Alternative): CompTIA PenTest+ (Offensive Track)
For penetration testing-oriented roles. Covers planning, scoping, and executing penetration tests. Less respected than OSCP in the industry but still a valid mid-level certification.

Step 5: CompTIA CASP+ (Advanced)
The advanced CompTIA security certification. It covers enterprise security architecture, governance, and advanced threat management. Less commonly required than CISSP for senior roles but is a performance-based certification that some hiring managers prefer.

Study Tips for CompTIA Exams

  • Use multiple study sources. A video course plus a textbook plus practice exams gives you three different perspectives on the same material.
  • Professor Messer offers free video courses for most CompTIA exams — they are high quality and thorough.
  • Practice exams are the single best predictor of readiness. When you consistently score 85%+ on practice exams from multiple sources, you are ready to sit the real exam.
  • Do not schedule the exam until you are scoring consistently above your target. Retake fees add up.
  • The exams include performance-based questions (simulations). Practice the hands-on skills, not just the multiple-choice content.

Our full CompTIA certification pathway guide covers each exam with specific resource recommendations and study timelines.

Building a 6-Month Study Plan

Here is a framework for building a study plan that survives real life. The specific content depends on your target role, but the structure works across tracks.

Week 0: Plan

  • Define your target role (specific title, specific type of employer)
  • List the requirements from 10+ job postings for that role
  • Identify the common requirements (skills, certifications, tools)
  • Audit what you already know
  • Build your plan based on the gap

Month 1: Foundation

  • Focus: Networking fundamentals + OS basics
  • Time commitment: 10-15 hours/week
  • Deliverable: Can explain TCP/IP, DNS, HTTP, navigate Linux terminal, basic Windows admin
  • Lab work: Set up your virtual environment (VirtualBox, Kali VM, Windows VM)

Month 2: Security Fundamentals

  • Focus: Security+ study + security concepts
  • Time commitment: 12-15 hours/week
  • Deliverable: Pass Security+ (or be exam-ready by end of month)
  • Lab work: Basic vulnerability scanning, firewall configuration

Month 3: Specialization Begins

  • Focus: Track-specific skills (SIEM for SOC, web app testing for pen test, cloud services for cloud security)
  • Time commitment: 12-15 hours/week
  • Deliverable: Working familiarity with primary tool for your track
  • Lab work: Build your track-specific home lab

Month 4: Deep Dive

  • Focus: Advanced track-specific skills + hands-on practice
  • Time commitment: 12-15 hours/week
  • Deliverable: Can complete basic tasks independently in your specialization
  • Lab work: CTF challenges, platform exercises, documented investigations/tests

Month 5: Portfolio + Second Cert

  • Focus: Build portfolio projects + begin track-specific certification study
  • Time commitment: 15 hours/week
  • Deliverable: 2-3 documented projects, exam-ready for second cert
  • Lab work: Portfolio-worthy project documentation

Month 6: Job Ready

  • Focus: Certification exam + resume + interview prep + applications
  • Time commitment: 15+ hours/week
  • Deliverable: Certified, resume complete, actively interviewing
  • Activities: Apply to 10+ positions per week, practice interview questions, attend networking events

Staying on Track

  • Schedule study time on your calendar like a meeting. If it is not scheduled, it will not happen.
  • Track daily study in a spreadsheet or app. Visibility creates accountability.
  • Plan for missed days. Life happens. Build buffer weeks into your plan so one bad week does not derail six months of progress.
  • Adjust quarterly. After two months, you will know more about what you need to learn and how fast you actually progress. Update the plan.

See our 6-month cybersecurity study plan guide for detailed weekly breakdowns by career track.

Free vs Paid Learning Resources

You do not need to spend thousands of dollars to learn cybersecurity. Here is an honest breakdown of what is worth paying for and what is not.

Free Resources That Are Genuinely Excellent

  • TryHackMe (free tier): Guided rooms covering fundamentals through intermediate topics. The free tier has enough content for months of study.
  • Professor Messer: Free video courses for CompTIA certifications. High quality, regularly updated.
  • PortSwigger Web Security Academy: The best free web application security training available. All labs are free.
  • Hack The Box (free tier): Fewer active machines than paid tier but still valuable for practice.
  • SANS Cyber Aces: Free foundational cybersecurity courses from SANS.
  • Cybrary (free tier): Some free courses and hands-on labs.
  • AWS Free Tier / Azure Free Credits: Enough cloud access to learn security services hands-on.
  • OWASP resources: Free documentation, testing guides, and tools.
  • YouTube: Channels like John Hammond, IppSec, David Bombal, and The Cyber Mentor provide high-quality free content.
  • HADESS Skills Catalog: 80+ skill guides available for free, covering every major cybersecurity domain.

Paid Resources Worth the Investment

  • Certification exam fees ($350-$500 per exam): Non-negotiable. You need at least one certification.
  • HackTheBox VIP ($15/month): Access to all retired machines with write-ups. Worth it when you are actively practicing.
  • TryHackMe Premium ($10-14/month): Full access to all rooms and learning paths. Best value for structured learning.
  • TCM Security courses ($30-70 each): Practical, affordable courses on pen testing, privilege escalation, and OSINT. The PNPT certification is $399 and well-regarded.
  • Udemy courses (on sale for $10-15): Hit or miss, but courses by Jason Dion (Security+), Neal Davis (AWS), and others are solid supplement material. Never pay full price — Udemy runs sales constantly.
  • INE/eLearnSecurity ($499/year): The eJPT pathway is excellent for beginner pen testers. The platform includes labs.
  • OSCP ($1,649+): Expensive but worth it if you are serious about penetration testing. The lab environment alone is worth the investment.

Paid Resources That Are Usually Not Worth It

  • Bootcamps ($5,000-$15,000+): Most cybersecurity bootcamps charge premium prices for content available much cheaper elsewhere. The exception is bootcamps with strong job placement programs and verified outcomes — but verify those outcomes independently.
  • University degrees (for working professionals): If you are already working in IT and want to move into security, a degree adds years and cost with marginal benefit over certifications plus experience. The exception is if your target employer specifically requires a degree.
  • Individual SANS courses ($7,000-$9,000 each): Outstanding quality but extremely expensive. Worth it if your employer pays. For individuals, the GIAC certifications are more cost-effective to pursue after you have a few years of experience and can justify the investment.

Our free vs paid cybersecurity courses comparison goes deeper into evaluating specific platforms and courses.

Practice Labs and Hands-On Learning

Theory without practice is trivia knowledge. Hands-on practice is what separates candidates who can talk about security from candidates who can do security work.

Home Lab Setup

You do not need expensive hardware. A laptop with 16GB of RAM and a modern processor is sufficient for most lab setups:

Basic Setup:

  • VirtualBox or VMware Workstation (free options available)
  • Kali Linux VM (for offensive tools)
  • Ubuntu Server VM (for defensive tools and services)
  • Windows 10/11 VM (for Windows-specific practice)
  • A deliberately vulnerable target (Metasploitable, DVWA, or Vulnhub machines)

SOC-Focused Lab:

  • Wazuh or Elastic Security for SIEM
  • Sysmon on Windows VMs for enhanced logging
  • Suricata or Snort for network IDS
  • Sample malware (use platforms like MalwareBazaar in an isolated environment)
  • Atomic Red Team for generating attack simulation data

Pen Test-Focused Lab:

  • Active Directory lab (free Windows Server evaluation copies from Microsoft)
  • Vulnerable web applications (DVWA, WebGoat, Juice Shop)
  • Multiple target VMs at different difficulty levels
  • Proxychains and tunneling setup for practicing lateral movement

Cloud Lab:

  • AWS Free Tier account with budget alerts set
  • Terraform for infrastructure-as-code
  • AWS Security Hub and GuardDuty enabled
  • CloudTrail configured for API logging
  • At least one application deployed with proper security controls

Practice Platforms

HackTheBox:
Best for: Penetration testing practice, realistic machine compromises
How to use: Start with Easy machines. Read write-ups for retired machines. Work up to Medium, then Hard. Track your progress.

TryHackMe:
Best for: Structured learning with guided paths, beginners
How to use: Follow the learning paths sequentially. Complete rooms rather than skipping around. The SOC Level 1 and Offensive Pentesting paths are particularly well-designed.

PortSwigger Web Security Academy:
Best for: Web application security, deeply technical web testing skills
How to use: Work through all labs by category. Start with Apprentice-level labs and progress. This is the best free web app testing training available.

CyberDefenders:
Best for: Blue team practice, forensic investigation
How to use: Work through the free challenges. Each challenge includes a scenario and questions that guide your investigation.

LetsDefend:
Best for: SOC analyst simulation, alert triage practice
How to use: The platform simulates a SOC environment with alerts to investigate. Great for building triage skills in a realistic context.

For a full platform comparison and recommendations, see our cybersecurity practice labs guide.

Using HADESS Roadmap Tools

HADESS provides two tools specifically designed to structure your learning:

Roadmap Selector

The roadmap selector asks about your background, current skill level, target role, available study time, and timeline. Based on your answers, it generates a personalized learning roadmap that sequences skills, certifications, and milestones in the right order for your specific situation.

This is not a generic “learn networking then learn security” recommendation. It accounts for your existing skills (so you do not repeat what you already know), your target role (so you focus on what matters), and your timeline (so the pace is realistic).

Certificate Roadmap

The certificate roadmap maps certifications to career stages and tracks. It answers questions like:

  • Which certification should I earn next?
  • What order should I pursue certifications in?
  • Which certifications matter most for my target role?
  • When in my career does a specific certification provide the most value?

Skills Catalog

The skills catalog provides detailed guides for 80+ cybersecurity skills. Each guide covers what the skill is, why it matters, which roles require it, and where to learn it. Use the catalog to understand the landscape and drill into specific skills on your learning path.

HADESS Workspace

The workspace lets you track your progress across skills, certifications, and learning goals. Mark skills as learned, in-progress, or not-started. Track certification study progress. Keep everything in one place so you can see your trajectory at a glance.

For a walkthrough of how to use these tools together, see our HADESS skills catalog guide.

Related Deep-Dives

These cluster guides go deeper into specific learning paths and resources covered in this pillar:

Start Your Journey

Find Your Personalized Roadmap
Answer a few questions about your background, target role, and timeline. The HADESS roadmap selector generates a customized learning path that sequences skills and certifications in the right order for your specific situation.

Find your roadmap

Start Learning for Free
Browse the HADESS skills catalog covering 80+ cybersecurity skills across offensive security, defensive operations, cloud, networking, programming, and more. Every skill guide is free.

Browse the skills catalog

Frequently Asked Questions

How long does it take to learn cybersecurity from scratch?

To reach entry-level employability (SOC Analyst Tier 1 or equivalent), plan for 6-12 months of focused study at 10-15 hours per week. The timeline depends on your starting point. Someone with an IT background can move faster (4-6 months). Someone with no technical background should plan for the longer end (9-12 months). This gets you to entry-level — developing deep expertise takes years of professional experience. The learning never stops, but the barrier to your first role is lower than most people think.

Can I learn cybersecurity for free?

Yes, almost entirely. TryHackMe free tier, Professor Messer videos, PortSwigger Web Security Academy, SANS Cyber Aces, the HADESS skills catalog, and dozens of YouTube channels provide enough content to build genuine competency. The main costs you cannot avoid are certification exam fees ($350-$500 per exam) and possibly a few months of platform subscriptions ($10-$15/month for TryHackMe or HackTheBox). Total investment under $1,000 is realistic for a complete career transition.

What is the best cybersecurity learning path for beginners?

Start with networking fundamentals and Linux basics (Month 1-2), then study for and pass CompTIA Security+ (Month 2-3), then specialize based on your target role — SOC analyst skills for defense, web/network testing for offense, cloud platform services for cloud security (Month 3-6). This sequence builds knowledge in the right dependency order. Each phase builds on what came before. Do not skip ahead — the fundamentals make everything else make sense.

Should I get a degree in cybersecurity?

For most people pursuing practitioner roles, no. Certifications plus practical skills plus experience will get you hired faster and cheaper than a degree. Exceptions: government roles with degree requirements, management-track careers where a degree is expected, and international careers in markets where degrees carry more weight. If you already have any bachelor’s degree, you have cleared the HR filter at most organizations — adding security certifications and skills is sufficient.

How do I choose between different cybersecurity learning platforms?

Match the platform to your learning style and goal. TryHackMe is best for guided, structured learning (beginners). HackTheBox is best for self-directed practice (intermediate+). PortSwigger is best for web application security specifically. CyberDefenders is best for blue team/forensics practice. Most people benefit from using 2-3 platforms at different stages. Start with TryHackMe for structure, add HackTheBox for practice, and supplement with platform-specific resources for your specialization.

What should I learn first: offensive or defensive skills?

Defensive (SOC/blue team) skills are more practical to learn first for three reasons. First, there are more entry-level SOC positions available. Second, understanding defense gives you context for offense. Third, SOC work exposes you to real attacks and real tools that make you a better offensive practitioner later. That said, if you are certain you want to do penetration testing, there is nothing wrong with going straight to offensive skills — just be aware that junior pen test roles are harder to find than junior SOC roles.

How many hours per week do I need to study?

For meaningful progress, 10-15 hours per week is the minimum. At this pace, entry-level readiness takes 6-9 months. If you can commit 20+ hours per week (full-time study or intensive part-time), you can compress the timeline to 4-6 months. Below 10 hours per week, progress is too slow to maintain momentum — most people who study less than 10 hours per week end up quitting before they are job-ready. Consistency matters more than intensity. Ten hours every week for six months beats forty hours one week and nothing the next three.

How important are hands-on labs vs watching videos?

Extremely. Video courses and reading material give you conceptual understanding. Labs give you practical ability. Hiring managers test practical ability, not video-watching ability. A reasonable ratio is 50% theory (videos, reading, courses) and 50% practice (labs, CTFs, projects) during your study time. Some people lean even more heavily toward practice — 30% theory, 70% labs — and that approach works well for kinesthetic learners. The portfolio projects you build in labs are also your primary evidence of competence when applying for jobs.

Can AI tools replace traditional cybersecurity learning?

AI tools like ChatGPT, Claude, and GitHub Copilot can accelerate learning by explaining concepts, helping you debug lab setups, and providing practice scenarios. But they cannot replace hands-on practice with real tools, and they do not give you the muscle memory that comes from investigating actual alerts or running actual attacks. Use AI as a study assistant and explainer, not as a substitute for lab work. The people who learn fastest use AI to clarify confusing concepts and then immediately practice those concepts in a lab environment.

HADESS Team consists of cybersecurity practitioners, hiring managers, and career strategists who have collectively spent 50+ years in the field. We write from experience, not theory.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News