What do you think of elearnsecurity vs offensive security ROI and skills for a "newb"

JohnGrub

Hello,

First I'm only a developer (.net, SQL, php, etc...) with basic knowledge of Comptia Sec+.
I want to try a practical security certification. The goal I want to reach is to be fully operational as a security pentester (web application)

Looking on the internet, I saw only two worth (correct me if I'm wrong or incomplete ) practical online training : offensive security and elearnsecurity

At my level, the certification I could do are eWPT, OSCP (since web application course of offensive security only available in the US)

How good would I be fully operative (as in getting valuable consultant jobs) after taking elearnsecurity or offensive sec certification ? I'm only beginning in web app pentesting
Would investing my money in elearsecurity be worth ? (The whole internet seem to consider offensive security as a holly grail... so I don't know)

I know some of you have experimented those so good and bad critics on those cert will help me understand a lot...

Thanks

jamesleecoleman

Have you looked at the syllabus for each of the certifications?

I would also suggest checking out the eJPT though eLearnSecurity in order to get your started.

JohnGrub

Yes I did. Obviously both syllabus look really interesting. eWPT is of course definitely centered on web apps testing ; OSCP has a portion about web apps testing. So OSCP look more daunting to me.

But you know what ? Syllabus are just words. The content may be less profitable. People talk a lot about OSCP but very less is said about ROI for elearnsecurity.

Monster query gave me : More than 400 jobs for OSCP and ONLY ONE reply for eWPT. Hmm if at least the content of eWPT is good then I don't care.

That's why I'm asking for comments ;especially if you've experienced one or both trainnings

TheFORCE

Every certificate is a stepping stone for another one higher up the ladder, if your goal is OSCP then start lower to get the foundation and then build on that to move higher. Just because something doesn't show in searches it doesnt mean the knowledge you gain won't show either, the opposite actually that knowledge will show up on your interviews or even later for your otjer certs.

globalenjoi

I can't offer much but my opinion on this, but the same thought was in my head before. OSCP does get more hits and seems much more valuable. However, I don't believe the "try harder" mantra of the OSCP is a good way to get started in something you've never done before, especially for me being new to the infosec field. I ended up paying for the PTP course on eLearnSecurity to learn the important foundation skills, with the goal of tackling the OSCP later this year. As said earlier, these are stepping stones. It makes more sense to me to start with eLearnSecurity and then move to the OSCP successfully, rather than start and fail the OSCP two, three, or four times.

Mike7

SANS do have online options for their GPEN and GWAPT certifications. CEH helps get your CV pass HR and is a requirement for some DoD jobs while OSCP is foreign to HR and some recruiters. Unless you have been "hacking" for a while, you may want to start from entry level certs in order to build foundational skills before moving to advanced certs such as OSCP and OSCE. eLS courses may not be as well recognised but do provide practical content; the ROI is from the knowledge gained and not so much the recognition gained from the certification. OSCP do provide ROI from both the knowledge gained and recognition aspects but may be too advanced and difficult for entry level folks. A couple of us are doing eLS certs to build that knowledge before moving to OSCP.

McxRisley

I would suggest going with either the eJPT or OSCP first before taking a course that focuses only on web apps and here's why. Knowing ONLY web apps will only get you so far, you need to understand the other side of things as well. As someone who is currently enrolled in the PWK course, I can tell you that you will have your fair share of web app testing in this course. In fact almost all of the machines I have rooted so far have had web apps.

Now back to my first sentence, about doing eJPT or OSCP first, I'll give you my honest opinion. I feel like doing the eJPT before OSCP is not needed and not necessary. You can learn everything in the eJPT for much cheaper or even free if you have good enough google-foo. I didn't do any e-learn courses, I looked at them but after reading reviews and looking over the courses I decided that it would be a waste of time and money for me because I could learn all of that stuff on my own. I purchased a few courses on Udemy.com that were on sale for $10 each and the material was way more in-depth than that of the e-learn courses. The only difference is that when I finished my Udemy course, I didn't get a piece of paper that says I know something.

Dr. Fluxx

McxRisley wrote: »

I would suggest going with either the eJPT or OSCP first before taking a course that focuses only on web apps and here's why. Knowing ONLY web apps will only get you so far, you need to understand the other side of things as well. As someone who is currently enrolled in the PWK course, I can tell you that you will have your fair share of web app testing in this course. In fact almost all of the machines I have rooted so far have had web apps.

Now back to my first sentence, about doing eJPT or OSCP first, I'll give you my honest opinion. I feel like doing the eJPT before OSCP is not needed and not necessary. You can learn everything in the eJPT for much cheaper or even free if you have good enough google-foo. I didn't do any e-learn courses, I looked at them but after reading reviews and looking over the courses I decided that it would be a waste of time and money for me because I could learn all of that stuff on my own. I purchased a few courses on Udemy.com that were on sale for $10 each and the material was way more in-depth than that of the e-learn courses. The only difference is that when I finished my Udemy course, I didn't get a piece of paper that says I know something.

Good to know about elearn security.
I have an acct on udemy and its nice to know I can get better info and training there for a lot cheaper.

UnixGuy

@MaxRisley:

Thanks for the tip, I'll check out udemy.

Are you sure that those udemy courses as deep as the eCPPT? It's not the knowledge in the slides/videos, it's the practical LABs. Do Udemy courses have labs?


even the eJPT is fully lab based!

McxRisley

The instructor for the udemy courses I used is Zaid Sabih, his are the only ones worth buying from what I saw content wise in the others. As for the question about labs, he walks you through setting up your own lab, which is very simple and takes less than an hour.

tedjames

I took Zaid's course on creating your own lab. Excellet course! I can recommend it for anyone needing help in that area. In fact, I've also signed up for one of his other courses. When I finish the eJPT, I'll be taking that one.

McxRisley wrote: »

The instructor for the udemy courses I used is Zaid Sabih, his are the only ones worth buying from what I saw content wise in the others. As for the question about labs, he walks you through setting up your own lab, which is very simple and takes less than an hour.