Advice Needed: Have OSCP and unsure where to go from here.

TheITNinjaTheITNinja Posts: 2Registered Users ■□□□□□□□□□
Hi,
I've had my OSCP for about a year now. The OSCP was my first InfoSec cert and honestly was my introduction to the InfoSec world (you can read my OSCP testimonial for more details https://theitninja.wordpress.com/). I wasn't aware of how big a jump I took going straight for OSCP with no professional experience in security until I started talking with other InfoSec guys in my area. I'm wanting to obtain more certifications for my resume while I'm looking for the right place to sharpen my new skills, and I'm confused on where to go from here. I'm running into problems where I don't have a lot of experience yet and some recruiters just don't recognize the OSCP. Should I take a step back and obtain the entry level certs like CEH or Security + that's recognized by more recruiters, or should I progress to something else?

Comments

  • H3||scr3amH3||scr3am Posts: 563Member
    CEH, and CISSP are always great resume fodder, I'd suggest looking into them. with your lack of experience an SSCP might be more necessary. also consider the GSEC, although new and expensive, it's in demand by employers.
    WGU B.S. IT - Security Progress Start Date: Mar 1 2015 Transferred|Required|In Progress|Completed
    C176 C220 C221 C393 C394 C172 C178 C164 C457 C455 C456 C480 (42 CUs Xfered)
    C247 C299 (12 CUs Required to Graduate)
    C247
    C299 (12 CU In Progress)
    C182 ORA1 C459 C132 C168 C376 C483 C255 C278 C173 C169 C175 C484 C170 C179 C451 C100 C246
    C435 C436(68 CU Completed)
  • overthetopoverthetop Posts: 61Banned ■■□□□□□□□□
    what you said is 100% correct Mr. Ninja. I just put in OSCP in Indeed and got 279 hits. Ok Look at those job posting and see what other certifications compliment OSCP. Yes, CISSP is going to be on every security related job position listed in the entire world we all know that. I also see CEH and Security+, which might be "easier" to obtain and get you in the door with a job.
  • mjsinhsvmjsinhsv Posts: 167Member
    Depends on what your goals are really.
    Have you been working as a Pen tester?

    The CISSP is well respected and reading your blog it sounds like you have enough experience to take it.
    I wouldn't think the Security+ would do much for you.
    The CISA might help if you want to stick with Pen testing and audits.
  • docricedocrice Posts: 1,706Member
    The GSEC isn't new (although the exam is expensive). GIAC certifications have been around for a long time.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • SaSkillerSaSkiller Senior Member Posts: 323Member ■■■□□□□□□□
    I see this constantly, people ask for a cert recommendation for IT Sec and get sent to the OSCP. Its not good. OP isn't the first in this situation. Its always best to build a firm security foundation prior to going for an impactful cert like OSCP. I also advise avoiding the CISSP at this point. Start getting some experience, maybe do some security work on the side and do stuff on your blog, prove that you can apply the principles you learned in the OSCP and use all of this in your resume.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • TheITNinjaTheITNinja Posts: 2Registered Users ■□□□□□□□□□
    I was actually thinking about that as well SaSkiller. Use the time to apply what I've learned in my practice labs and then write up proof of concept and general security awareness articles instead of getting another cert.
  • impelseimpelse Posts: 1,226Member ■■■■□□□□□□
    You got one that it is good, now the complement would be Security+, CEH and CISSP. I would go in that order.

    Also try to do project on the side like OpenVAS, exploit development,etc, Like if it is your job and getting experience.
    Blog: learn-security.net

    Computer Support Houston Area: thehost1.com
  • NovaHaxNovaHax Posts: 502Member
    Yeah...unfortunately sometimes you have to play the HR game. While anyone in the industry knows that OSCP is far more impressive than Sec+ or CEH...the first person you interview with (the HR rep) doesn't know. Despite how impressive OSCP is, you are still WAY more likely to see Sec+ or CEH on a job description...and all that HR rep is looking for is someone that meets that description.
  • ramrunner800ramrunner800 Posts: 238Member
    I disagree with those who say it's a mistake to go OSCP first. The hard skills you develop in that course are awesome, and will help you be a rock star wherever you end up. They will really help you get through technical interviews with hiring managers as well. You just need some things on your resume to help you get past the HR drones so you can get into that interview. I think you're thinking along the right lines with CEH. As soon as I put CEH on my resume I started getting called for interviews.
    Currently Studying For: GXPN
  • markoskmarkosk Posts: 1Registered Users ■□□□□□□□□□
    I work as a pen tester for a large security firm and I can tell you that the OSCP is something that gives you some street cred immediately. We require this cert within 6 months of starting. If you want to become a pen tester, firms that know something about something will always appreciate what Offensive Security certs prove.

    If you liked the exploit development part of it, go on to OSCE or the GXPN. If the web apps were enjoyable, do the GWAPT. The OSWE is a huge leap from OSCP so unless you already have some very strong web hacking skills, I would avoid that for now.

    We tend to kind of laugh off the CEH for no other reason than a pen testing cert without labs of any kind don't mean a whole lot.

    Just my 2 cents based on interviewing more than 40 people for my team in the last year.
  • MrAgentMrAgent Posts: 1,301Member
    I would suggest getting the CEH. While its kind of a joke of a certification, it'll get you more calls/emails from recruiters.
    OP: Where are you located?
  • the_Grinchthe_Grinch Posts: 4,123Member ■■■■■■■■■■
    What do you currently do? At this point you'll probably need to really tailor your resume to push what you learned in the OSCP and then you'll start getting some hits. You'll probably need to apply to a lot of jobs, but the right one will see it and snag you.
    WIP:
    Python
    Java
Sign In or Register to comment.