1-Year Cybersecurity Certification Roadmap (2025 Edition)
1-Year Cybersecurity Certification Roadmap (2025 Edition)
Goal: Complete a focused 12-month journey to become a certified penetration tester and security professional.
Timeline Overview
| Phase | Duration | Months | Focus Area |
|---|---|---|---|
| eJPT | 1 month | April 2025 | Core skills and foundational labs |
| CEH | 1 month | May 2025 | Toolset and theoretical knowledge |
| HTB CPTS | 2 months | June – July 2025 | Intermediate lab environments |
| OSCP | 4 months | Aug – Nov 2025 | Advanced red teaming and exploit dev |
| CISSP | 3 months | Dec – Feb 2026 | Security leadership and architecture |
Note: If you’re not aiming for management roles, you can push CISSP further out or replace it with more technical certs.
Monthly Breakdown
Month 1 – eJPT (April 2025)
- Week 1: Networking fundamentals, TCP/IP, basic Nmap usage
- Week 2: Introduction to web vulnerabilities (XSS, SQLi, LFI)
- Week 3: TryHackMe and HackTheBox beginner-level labs
- Week 4: Take the eJPT exam and identify weak spots for review
Month 2 – CEH (May 2025)
- Week 1: Recon and scanning methodologies
- Week 2: Malware, DoS, sniffing, and enumeration
- Week 3: Cryptography basics, wireless and cloud security
- Week 4: Take practice exams and schedule the CEH test
Months 3 & 4 – HTB CPTS (June–July 2025)
- Weeks 1–2: Windows/Linux enumeration, Active Directory concepts
- Weeks 3–4: Privilege escalation (WinPEAS, LinPEAS)
- Weeks 5–6: Web and API exploitation (Burp Suite recommended)
- Weeks 7–8: Final prep, CPTS exam, and report writing
Months 5–8 – OSCP (Aug–Nov 2025)
Month 1:
- Learn buffer overflows, shellcode creation, exploit basics
- Follow PWK course material and complete lab exercises
Month 2:
- Dive into Active Directory attacks, lateral movement, Kerberoasting
- Use HTB Pro Labs or the TJNull OSCP prep list
Month 3:
- Simulate mock exams, pivoting, and manual post-exploitation
- Practice creating detailed reports
Month 4:
- Take the OSCP exam
- Submit final report (typically 30+ pages)
Months 9–11 – CISSP (Dec 2025–Feb 2026)
Month 1:
- Study Domains 1–4 (Governance, Risk, Architecture, Security Principles)
Month 2:
- Study Domains 5–8 (Cryptography, BCP/DRP, SDLC, Legal Compliance)
Month 3:
- Focus on practice exams, flashcards, and final exam preparation
Weekly Study Plan (Suggested)
| Day | Focus Area |
|---|---|
| Mon–Thu | Course videos and notes (2–3 hrs) |
| Friday | Tools and hands-on practice (2 hrs) |
| Saturday | Solve practice labs or machines |
| Sunday | Review, revise, mock exams |
Lab Setup Recommendations
- Install Kali Linux on VirtualBox or VMware
- Create a Windows 10 Active Directory environment (for OSCP/AD training)
- Use practice platforms like OWASP Juice Shop or DVWA
- Tools: Burp Suite, Wireshark, Nmap, BloodHound, John the Ripper, etc.