IT profession is no different from the others as far “practice makes perfect” slogan. There is a learning curve to it that everyone of us have gone through it.
The tricky part is, IT is a generic name that blankets lots of things under it as we have checked it on this post. Each discipline has its term of expertise.
If we take security, just taking the course by itself and getting training is just a beginning. You will be working against those who are way clever to by pass whatever security measure is in place today. So experience and extensive hours of practice are needed.
Where are, on the other spectrum, web development, database and to some extent programming takes relatively shorter cycle to get the basics. Again, you won’t be a no match with the veteran but as far problem solving you get a good start.
The conclusion, for the shorter cycle ones an extensive hands on practice for about 4 to 6 month for a novice is a good timeframe assuming more exercises and practice are done during the timeframe.