Pre-OSCP Certs?
globalenjoi
Member Posts: 104 ■■■□□□□□□□
Hey everyone. I'm looking for some feedback or opinions on my learning track. Earlier this year, I passed my Sec+ exam, and have since received a couple promotions. I'm fresh into an information security role, and I've spent the last month training. I'm going through WAF training now, and I've got the SANS GSEC bootcamp coming up in Baltimore in October. Normally my company would pay for the SANS training, but I'm using my GI bill to cover the costs by doing a graduate certificate, and in return, the company is paying for hotel and airfare for me to attend rather than just doing it all online. Plus it means I get the money from the housing allowance... Pretty sweet deal!
So, back to my cert question! A goal for me is to get to the OSCP and develop some real penetration testing skills. I have GSEC in October, GCIH + NetWars in April (can only attend courses in MD because of GI Bill rules..), and GCIA next fall. I'd like to work on some relevant certs since I'm having to space my SANS stuff out. I was considering trying to knock out the SSCP, since I still have years to go before I can do the CISSP (which wouldn't mean anything without any experience). But I can't decide if it's worth doing, with all of my upcoming SANS courses and certs, and I don't know if it's worth any extra time if the goal is OSCP. I was thinking about paying for the penetration testing course from Offensive Security. I've also seen several recommendations of the eLearnSecurity courses. Is it worth doing both courses if I have zero pentesting experience? Any info is welcome!
So, back to my cert question! A goal for me is to get to the OSCP and develop some real penetration testing skills. I have GSEC in October, GCIH + NetWars in April (can only attend courses in MD because of GI Bill rules..), and GCIA next fall. I'd like to work on some relevant certs since I'm having to space my SANS stuff out. I was considering trying to knock out the SSCP, since I still have years to go before I can do the CISSP (which wouldn't mean anything without any experience). But I can't decide if it's worth doing, with all of my upcoming SANS courses and certs, and I don't know if it's worth any extra time if the goal is OSCP. I was thinking about paying for the penetration testing course from Offensive Security. I've also seen several recommendations of the eLearnSecurity courses. Is it worth doing both courses if I have zero pentesting experience? Any info is welcome!
Comments
eJPT -> CEH -> GCIH -> GPEN -> eCPPT -> OSCP
Definitely not saying you would need to get all of them! Just listing ones I thought of.
eCPPT > OSCP
The SANS courses will definitely be awesome, but the most bang for your buck and time will be the above route, unless you really need that classroom environment. The CEH is just an HR filter, most pen testing, even government ones, will acknowledge the OSCP so significantly that they'll hire you with just that, some relevant experience, and a decent interview with at most a contingency for the CEH or CISSP, for which they will pay the training for. That is only if they have to adhere to 8570 and it's written in the contract. So to reiterate:
For a job
eCPPT > OSCP
For fun and education
GCIH > GPEN
For HR Filters (which aren't a big deal in this specific field
CEH > CISSP
WGU, BS-IT, Security: C178, C255, C100, C132, C164, C173, C172, C480, C455, ORA1, C182, C168, C394, C393, C451, C698, C697, C176, C456, C483, C170, C175, C169, C299, C246, C247, C376, C179, C278, C459, C463, C435, C436.
Legend: Completed, In-Progress, Next
As a pentester it would be highly valuable to have a CISSP or similar.
As a security officer it would be highly valuable to have a pentesting cert.
Don't bubble/limit yourself because someone else "dislikes" something else.
2023 Cert Goals: SC-100, eCPTX
For now, I think the practical skillset would benefit me more, so the eCPPT and OSCP are attractive. I'm not planning to leave my company anytime soon, and I count myself lucky to have shifted into an information security position within a year without any prior IT experience. I'm not opposed to the CISSP, but I'm still 4 years out from even qualifying for the cert, so I'm not really in a rush there. But I was thinking that since most of the SSCP material seems so similar to Sec+ and GSEC, I might be able to snag an extra cert in the process.
As far as the eJPT and eCPPT courses go, is it worth doing them both? Or is it normal to just jump in to the eCPPT course?
The eJPT and eCPPT are good to get familiar with the Pen Testing process and walk you through learning them. If you are completely new maybe eJPT would be the best to start. I wouldn't say it would be a huge thing to just start with the eCPPT though.
Can't say I heard of the eCPPT before, I did a job search, everything within 100 miles of Washington DC, zero hits, OSCP got 22 hits and GPEN 27 hits, what value is the eCPPT? Does it give you base knowledge, (something like a CCENT to pass the CCNA), that will make is easier for you to pass the OSCP? Also a thousand bucks for a training no one recognizes looks pretty steep in my opinion.
elearnsecurity.com
Check them out.
Would other, non security training assist more - like linux or networking courses?