"How long will this take?" is one of the most common questions people ask before committing to a career change into cyber security. It is also one of the most poorly answered, usually with vague reassurances that "it depends" followed by a list of variables that leaves the reader no clearer than before.
This guide gives you a more specific answer. The timeline does depend on your starting point, but the ranges are predictable, the variables are nameable, and the difference between people who get there quickly and those who take longer is not luck or innate ability. It is mostly a question of approach.
The honest headline: most people who take a structured approach reach their first cyber security role within six to eighteen months. Where you land in that range depends on three things: your starting point, how many hours per week you can commit, and whether you build practical evidence of ability alongside credentials.
Why the Timeline Varies
The ISC2 Cybersecurity Workforce Study consistently shows that the fastest transitions into cyber security are made by people who already have adjacent technical skills. Someone managing enterprise networks has internalised how protocols behave, how systems fail, and how to read an error log. They are not learning the vocabulary of technology at the same time as learning security. They are learning the security layer on top of a foundation that already exists.
Someone with no IT background at all is building two things simultaneously: the technical foundation and the security knowledge on top of it. That takes longer, but it is entirely achievable with structured learning.
Time commitment per week is the other primary variable. Studying ten to fifteen hours per week part-time alongside a full-time job is a fundamentally different trajectory than studying full-time. Neither is wrong, but conflating them produces misleading expectations.
Realistic Timelines by Starting Point
Complete Beginner with No IT Background
Realistic timeline: 12 to 18 months at 10 to 15 hours per week
The first three to four months go on building the foundation that security knowledge sits on: networking fundamentals (TCP/IP, DNS, how traffic flows), Linux basics, Windows administration, and an introduction to how systems and applications communicate. This stage is where most people underestimate the time required. Security concepts make more sense when you understand what you are trying to secure.
Months four to seven typically cover security fundamentals and certification preparation. CompTIA Security+ is the standard first credential for most people in this position: it appears in roughly 70% of entry-level job postings and validates that a candidate understands the vocabulary and concepts of the field. Passing it typically requires two to three months of focused study on top of solid foundations.
Months seven onwards is where practical skill-building and specialisation happen. This is the phase that most separates people who get hired quickly from those who do not. A candidate who has passed Security+ but has no hands-on experience with real tools, no SIEM investigation practice, no lab work, no documented portfolio, will struggle to pass technical screens. A candidate who has spent those same months working through structured practical content on TryHackMe, building a public profile of completed rooms and paths, and practising the specific skills that entry-level roles test for will interview very differently.
TryHackMe's Cyber Security 101 path covers the foundational layer in a structured, hands-on format. The SOC Level 1 path then builds the specific practical skills that a Tier 1 analyst role requires, and the SAL1 certification validates them in a live SOC simulator.
IT Professional Switching Into Security
Realistic timeline: 4 to 8 months at 10 to 15 hours per week
Someone with existing IT experience in help desk, network administration, system administration, or development already has the foundation in place. The transition is about reframing existing knowledge through a security lens and building the specific skills that security roles require.
Security+ preparation for someone with a strong IT background typically takes four to eight weeks rather than three months. The hands-on security skills stage can run in parallel with certification preparation rather than sequentially, compressing the overall timeline significantly.
The Fortinet 2024 Skills Gap Report found that 91% of employers prefer candidates with certifications that demonstrate applied skills. For IT professionals transitioning into security, the combination of existing technical credibility and a practical certification like SAL1 or BTL1 is particularly compelling: it signals not just that you have studied security but that you can apply it.
Current Student Supplementing a Degree
Realistic timeline: First role on graduation or shortly after, with the right preparation
Cyber security and computing students are in a strong structural position because their degree provides the theoretical foundation and institutional credibility, while the gap in most university curricula is practical, demonstrable skill that employers can verify at interview.
Many university cyber security programmes now incorporate TryHackMe directly into their curriculum, recognising that hands-on lab practice accelerates the practical development that degree coursework alone does not always provide. For students whose programmes do not include it, using TryHackMe alongside coursework closes that gap independently.
The students who enter the job market in the strongest position are those who graduate with a degree and a TryHackMe profile showing consistent work across relevant paths, plus at least one practical certification. That combination answers both the credentialling question (degree and cert) and the practical evidence question (profile and lab history) that hiring managers are actually trying to resolve.
What Actually Determines Speed
Across all starting points, the candidates who reach their first role quickest share a consistent set of behaviours.
They specialise early. Cyber security is not a single job. SOC analyst, penetration tester, cloud security engineer, GRC analyst, and digital forensics roles require meaningfully different skills. Candidates who identify which type of role they are targeting within their first month of studying can direct every hour of study and lab work toward that goal rather than covering the entire field broadly.
They build practical evidence in parallel with credentials. Certifications answer the question "have you studied this?" Practical evidence answers the question "can you do this?" Employers need both. A candidate with Security+ and three months of consistent TryHackMe room completions, documented in a public profile, is a more compelling candidate than one with Security+ alone. The SOC Level 1 path and Jr Penetration Tester path are both structured around the specific skills those roles test for at interview.
They start applying before they feel completely ready. Most hiring managers for entry-level roles are not expecting fully formed analysts. They are assessing trajectory and potential as much as current ability. Candidates who wait until they feel completely ready often wait too long. If you meet 60 to 70% of a job posting's requirements and have practical evidence of consistent learning, apply.
They write things down. Every lab exercise, every CTF challenge, every completed room is an opportunity to produce a short, professional writeup that demonstrates methodology and communication ability. A folder of these writeups is a portfolio. It gives interviewers something concrete to discuss beyond the standard questions, and it creates the specific answers to "tell me about a security investigation you have done" that most candidates cannot give.
What Slows People Down
Passive learning. Watching videos and reading content feels like progress. It is not the same as building skills. Cyber security is a practical discipline. You understand how SQL injection works by exploiting it in a live lab environment, not by reading about it. The ratio of active lab practice to passive content consumption should be at least 1:1, and ideally higher.
Certification paralysis. Spending months researching which certification to pursue rather than starting one is one of the most common patterns in people who take longer than necessary. For most people targeting entry-level SOC roles, Security+ followed by SAL1 or BTL1 is the right answer. Choose and start.
Studying in isolation. The cyber security community is unusually accessible and unusually willing to help beginners. TryHackMe's community, Discord servers, and the wider security community on LinkedIn provide context, mentorship, and networking that accelerates learning in ways that solo study does not. Engaging with the community is part of the preparation, not a distraction from it.
Targeting the wrong first role. SOC Tier 1 analyst is the most common and most accessible entry point into cyber security. It has lower barriers than penetration testing or cloud security engineering roles, it provides genuine operational experience, and it is the role that most structured entry-level training, including TryHackMe's SOC Level 1 path, is explicitly designed to prepare you for. Targeting a more advanced role as your first position extends the timeline unnecessarily.
Your Next Step
Whatever your starting point, TryHackMe's free account gives you immediate access to hundreds of rooms, a browser-based lab environment, and a public profile that starts building evidence of your skills from the first session. The Cyber Security 101 path is the right starting point for complete beginners. The SOC Level 1 path is the right next step for anyone targeting a SOC analyst role.
The timeline is real. Six to eighteen months is achievable. What you do with that time is what determines where in that range you land.
Nick O'Grady