This is a realistic eight-week plan assuming around 8 to 10 hours of study per week. Adjust the pace to your background: people with IT experience can compress it, while complete beginners may want ten to twelve weeks. The golden rule is to pair every week of reading with hands-on practice.
Week 1 — Set up and General Security Concepts
Download the official objectives and set up a simple lab (two virtual machines and a free SIEM trial). Learn the CIA triad, control categories and types, and AAA. Checkpoint: you can classify a control by both category and type.
Week 2 — Cryptography and zero trust
Cover symmetric vs asymmetric encryption, hashing and salting, digital signatures, PKI and certificates, and the zero-trust model. Checkpoint: you can explain how a certificate proves identity.
Week 3 — Threats and threat actors
Study threat actors and motivations, attack surfaces and vectors, and social engineering techniques. Checkpoint: you can match an attack vector to a realistic mitigation.
Week 4 — Vulnerabilities and attacks
Learn vulnerability types and the main malware, network and application attacks, plus indicators of compromise. Checkpoint: you can describe how to mitigate the most common attacks.
Week 5 — Security architecture
Compare architecture models (cloud, serverless, IoT, ICS), and study data protection and resilience (backups, recovery sites). Checkpoint: you can choose a sensible resilience design for a given scenario.
Week 6 — Security operations (part 1)
Focus on identity and access management, hardening, and vulnerability management. Practise hands-on tasks in your lab. Checkpoint: you can configure MFA and explain least privilege.
Week 7 — Security operations (part 2) and governance
Cover monitoring and SIEM, incident response phases, and the governance, risk and compliance domain. Checkpoint: you can list the incident-response phases in order.
Week 8 — Review and timed practice
Take full-length, timed practice reviews. Revisit your weakest domains and drill performance-based question tasks. Confirm exam-day logistics. Checkpoint: you consistently score above the pass threshold on full-length, timed reviews.
A note on practice
Practise hands-on tasks, not memorised answers. Avoid any site offering “real exam questions” — they violate exam policy and copyright and can get your certification revoked. Use the official objectives as your checklist throughout.