Map a realistic IT career path from help desk to your goal

The scenario

Most early-career IT workers underestimate how fast they can move from help desk if they pick a destination and work toward it. Most also overestimate how fast they can skip help desk entirely. AI can help you build a realistic 18-month plan from where you are now to where you want to be, desktop support, sysadmin, network admin, cloud support, or security analyst, with the right cert and project sequence in between.

The prompt

You are a career coach for early-career IT workers. I will tell you where I am today and where I want to be in 18 months. Build me a realistic path that uses certs, hands-on projects, and stretch responsibilities at my current job.

Where I am today: Tier 1 help desk technician, 8 months in, no certs yet, small healthcare company, Windows shop with some Microsoft 365 / Azure AD.

Where I want to be in 18 months: junior security analyst (SOC analyst, security operations) at a larger company.

Format the plan as four 4-to-5-month phases. For each phase:
1. The cert (if any) I should sit during this phase. Name the current exam version. Estimate the cost.
2. The hands-on project I should build to prove the skill. Specific. ("Build a home lab with a Windows VM and a Linux VM and configure Microsoft Defender for the Windows VM" beats "do a security project.")
3. The stretch responsibility I should ask for at my current job. Specific.
4. The single artifact (resume bullet, GitHub repo, write-up, cert badge) I should produce by the end of the phase.
5. One realistic obstacle for this phase, and one way to push through it.

Rules:
- Do not skip help desk. The first phase assumes I am still on Tier 1 and building credibility.
- Do not assume I have unlimited study time. Cap it at 5 to 8 hours per week of focused study, plus what I learn on the job.
- Free or low-cost resources by default. Name a paid resource only when there is no good free alternative.
- Be honest about what 18 months from Tier 1 to junior SOC analyst actually looks like. Most people who make this jump in this timeframe move teams once internally first.

The output

Phase 1 (months 1-4): A+ and the credibility build.

Cert. CompTIA A+ if you do not have it yet (220-1101 and 220-1102, current as of 2026). Roughly $250 per exam, two exams. If you already do hardware and OS troubleshooting daily, you can sit both within four months.
Hands-on project. Build a home lab on whatever desktop or laptop you can spare. Install VirtualBox or VMware Workstation Player (both free for personal use). Run a Windows 11 VM and a Windows Server 2022 evaluation VM. Get them on the same virtual network.
Stretch responsibility. Volunteer to be the help desk’s go-to for laptop imaging or for Microsoft 365 admin tasks (license assignment, group membership, password resets in Azure AD). The faster you touch the directory, the faster the security team notices you.
Artifact. A+ cert badge, plus three resume bullets that name specific tools (the imaging system, the directory service, ticket volume).
Obstacle. Burnout from studying after work. Push through by blocking 45 minutes three weekday evenings, no more, and accepting that some weeks you will skip a session.

Phase 2 (months 5-9): Network+ and the visibility build.

Cert. CompTIA Network+ (N10-009 as of 2026). Roughly $370. The networking knowledge is required for security; do not skip it.
Hands-on project. Add a Linux VM (Ubuntu Server is a fine starting point) to your home lab. Configure DHCP, DNS, and a basic firewall using ufw. Document what you did in a public GitHub repo or a personal blog. The write-up matters more than the build.
Stretch responsibility. Ask to shadow whoever runs your company’s vulnerability scanning or patch management process for one hour a week. If your company has no security team, ask whoever runs IT operations whether they would let you take on patch reporting.
Artifact. Network+ cert badge. A public write-up of your home lab build that explains the why, not just the what. Hiring managers read these.
Obstacle. Imposter syndrome at this point (“everyone in security knows more than me”). Push through by understanding that nobody starts knowing this, and that your 8 months of help desk experience is a real asset most security candidates do not have.

Phase 3 (months 10-14): Security+ and the role pivot setup.

Cert. CompTIA Security+ (SY0-701 as of 2026). Roughly $400. This is the credential that unlocks the SOC analyst role on most postings.
Hands-on project. Spin up a free SIEM trial (Splunk has a free version capped at 500 MB/day; Elastic Stack is free) on your Linux VM. Pipe in logs from your Windows VM. Write three detection rules: a brute-force login pattern, a privilege escalation pattern, and a suspicious PowerShell command pattern. Document each.
Stretch responsibility. If your company has a security team, formally request a 90-day rotation. If not, ask to take ownership of phishing reports, read every reported phishing email, write a one-paragraph note on it, send to your manager. You are now visibly doing security work.
Artifact. Security+ cert badge. A repo of three detection rules with documentation. A folder of 10+ phishing-report write-ups.
Obstacle. Your current employer may not have a path to a SOC analyst role. Push through by spending phase 4 looking outside.

Phase 4 (months 15-18): the move.

Cert. Optional. CompTIA CySA+ (CS0-003 as of 2026) is a good next step if you want a fourth credential, but it is not required to land the role. Cost is roughly $400. Most candidates skip it at this stage and add it after they land the SOC role.
Hands-on project. Pick one open-source security tool you do not already know (Wazuh, Velociraptor, Sysmon with detection rules) and write a tutorial-style blog post on setting it up, using your home lab as the example.
Stretch responsibility. Apply, deliberately. Target roles titled “SOC Analyst Tier 1,” “Security Operations Analyst,” “Security Operations Center Analyst,” or “Junior Security Analyst.” Apply to 5-8 per week, not 50. Quality cover letters using the cover letter activity from workshop 1. Specifically tie your help desk experience to the SOC role: you have triaged tickets, learned to ask clarifying questions, and worked under pressure, those are SOC skills already.
Artifact. A SOC Analyst job offer, or a clear set of feedback from interviews on what the gap is.
Obstacle. Three to ten interview rejections before the right fit. Push through by treating each rejection as data: ask what you could improve, and rewrite one resume bullet or one talking point per round.

Honest expectations.

Most candidates make this jump in 18 to 24 months from Tier 1, not 12. You can compress with a strong home lab and a visible track record at your current job.
Internal moves are often faster than external. If your current company has a SOC, work toward an internal transfer first.
Pay jump from Tier 1 ($35-50K range in most US markets in 2026) to junior SOC ($60-80K) is real, but is sometimes split into two jumps: Tier 1 → Tier 2 / Desktop Support → SOC Tier 1.
The cert chain matters because it is HR’s filter. Your home lab and write-ups matter because they are the hiring manager’s filter. Both are required.

One reasonable answer. Your run may differ. Read it against the scenario before using any of it.

What to watch for

AI will sometimes recommend skipping certs entirely or recommend stacking five certs in a year. Both are usually wrong. The cert chain matters but so does fatigue.
AI may name outdated cert versions. As of 2026: A+ is 220-1101/1102, Network+ is N10-009, Security+ is SY0-701, CySA+ is CS0-003. Confirm current versions on comptia.org.
Plans that do not include a stretch role at your current job are weaker. Most internal moves to security come from being visible to the security team before applying.
Salary expectations matter. Tier 1 help desk pays $35-50K in most US markets in 2026; junior SOC analyst pays $60-80K. The gap is real but not a 6-month leap.
Sanitize before pasting. Do not paste your real employer name, manager name, or internal team names into a public AI.

← Back to tech use cases