Month 1 — Security Fundamentals:
Session 1: Cybersecurity career paths — what does an ethical hacker do?
Session 2: CIA triad — confidentiality, integrity, availability
Session 3: Types of hackers — white, grey, black hat
Session 4: Linux basics — the hacker's operating system

Month 2 — Reconnaissance:
Session 5: OSINT — gathering information legally
Session 6: DNS, WHOIS, and network mapping
Session 7: Social engineering — the human vulnerability
Session 8: Phishing simulation — create and analyse

Month 3 — Web Vulnerabilities:
Session 9: How websites work — HTTP, headers, cookies
Session 10: SQL injection — what it is and how to prevent it
Session 11: XSS — cross-site scripting basics
Session 12: Practice on DVWA in safe lab environment

Month 4 — Network Security:
Session 13: TCP/IP model and network protocols
Session 14: Port scanning with Nmap
Session 15: Packet sniffing — what travels over your network
Session 16: Wireless security — why WPA2 can be cracked

Month 5 — Tools & Practice:
Session 17: Metasploit basics — legal practice environment
Session 18: Password cracking — Hashcat on sample hashes
Session 19: CTF challenges — Capture The Flag competition
Session 20: Bug bounty — how to find and report real bugs

Month 6 — Capstone:
Session 21: Penetration testing methodology
Session 22: Write a pen test report
Session 23: Mock client presentation of findings
Session 24: Cybersecurity career roadmap and certifications