How old are the passers the oscp exam?

gunmr

I wondering how old did you pass the exam? i have a few questions in my mind. i have no job experience with this sector and im 19.
i have information on linux (intermediate) , scripting with python, bash script on linux and a little network.i read penetration test books every day. is oscp too early for me? How old are the passers the oscp exam?

SteveLavoie

At 19, your priority should be to get a degree,some entry-level certs (A+, Network+) then work experience. It is the time in your life to get your degree, later it will be harder (work, kids, house, all those kind of distraction).

HR recruiter would probably just overlook your CV if you dont have a degree... OSCP or not. Or in the long run, it will come bite your ass.

I did the equivalent of an Associate Degree (Cegep) and I didnt pursue a Bs. C, and this limit me a bit. Now I am 40, and it would be so much harder to get it. My goal are now to get CISSP in 2017 and OSCP in 2018.

McxRisley

To answer your first question, I'm 26 and just recently passed the OSCP. I would agree with the above post in saying that getting your degree should be you number one priority rght now. I also wouldnt recommend jumping straight into OSCP without a good base knowledge which you could get from entry level certs and mid level certs such as: network +, security +, CSA+, eJPT and others. Penetration testing is a VERY broad field and invovles all things IT, without that base level of knowledge you most likely wont understand the how and why of things. Now this doesnt mean that you couldnt be successful in the course but it will defintely be much more difficult for you. I would suggest doing security + and eJPT first to get a feel for things.

supasecuritybro

I partly agree with the top two replies. My first question would be, is your college paid for? That is the foundational answer to respond first.

If it is, go to college and take some lower level certs to get you started. I would recommend Sec +, CSA+ , eJPT, then OSCP.

If it is not paid for and you want some advice, here is my two cents.

Pay for yourself to do the eJPT from eLearnSecurity (~$300 investment). I think this is a great one since I have seen it really let me know what I was getting myself into. If you are comfortable, then get the OSCP. I think you can get yourself some casual work to fund this doing some testing for people you know. You can start your own thing. It may be hard at first but you will be surprised how many people will need a person to test an app or check their website.

DO NOT GO INTO DEBT TO GET A DEGREE!! That is the worst mistake you will ever do. You may not have a great job now but that won’t be always. You can do your own thing and not get into the hamster wheel.

I have never had an interview ask me about my degree. Its always been show me how you would do this or explain what you find doing this. Of course if you ever need a job. If you need some more advice or want some more help, hit me up!

JasminLandry

I partly agree with what others have said as well. Yes I'd suggest going for a degree, but only if you have the money or if it's paid for. I haven't completed mine yet (in progress though) and it did cause problems when trying to find a job in security or more specifically in pentesting. I agree with what supasecuritybro said, don't go in debt for a degree, especially if you're from US, it's so damn expensive. I'm from Canada and it's really cheap compared to you guys down south so I can afford it to pay it myself. No work experience with an OSCP won't help you much to get a job as a pentester. I was passively looking for a job for a bit more than a year (I did have a job so it wasn't urgent), got a few interviews but no luck. I eventually did the OSCP and it took me another 6 months to find a job because companies were a bit scared to hire me since I didn't have any pentesting work experience.

That said, in my opinion you'd be better off to get a job, get experience, get a few certs and then OSCP to top it off and you'll be good to go.

Oh and I was 24 when I did it last summer.

McxRisley

Thats solid adive from JasminLandry, pretty much the exact thing I did. I managed to land a pen testing job just 2 weeks after getting my OSCP but I have been in InfoSec for a couple years and have other certs as well.

chrisone

Your job experience has nothing to do with you taking the cert. You have enough skill level to go through OSCP. Your lack of job experience is only towards you finding a job. You are young, you have to start out your career, employers will see you are just starting. No reason why you cant start your career with some certs under your belt.

This also has nothing to do with your future plans of getting a degree or not. Take PWK, start early, get your OSCP, find a job, get other certs, get a degree, get another job, enjoy life, get another degree, get another cert. There is no "official" methodology to go at this. You are not stuck or need to wait in order to get a job, take a cert, or go to college. Do all of the above when you want to, you are not barred by "experience."

Sign up for PWK, go get your OSCP.

gunmr

Thanks all of you for replies.I'm studying computer science.Actually i dont think take much cert. because the dollar is too high in my country and my college isnt pay for me.And im thinking i can for oscp because it will worth in turkey.
Maybe i will take oswp in this summer.What do you think for this idea?I heard its easier than oscp but im not sure it is worth for starting my career.

SteveLavoie

Get the basic one.. A+, Network+, to help you get your first job. I won't hired a OSCP with no experience at all, at least it would'nt be my first choice.

mindcrank

gunmr wrote: »

I wondering how old did you pass the exam? i have a few questions in my mind. i have no job experience with this sector and im 19.
i have information on linux (intermediate) , scripting with python, bash script on linux and a little network.i read penetration test books every day. is oscp too early for me? How old are the passers the oscp exam?

Hey man, I just passed the other day an I'm 30. I think if you have the funds and the ability to learn on your own - you can gain a lot from the PWK/OSCP course.

I would recommend an intermediate knowledge of Linux/Unix as well as Windows command-line instruction. Powershell would be good but not necessary. Basic bash scripting can save you a lot of time on tedious tasks, and an understanding of object oriented programming helps when you need to fix up some public exploits off exploit-db.com, notably python, C and ruby in that order. Knowing what they are supposed to look like, how for loops work, what formatting constraints they have (i.e. python has to be consistent with spacing and indentation or it won't run).

If you want some prep books, Id recommend:
Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman
The Hackers Playbook 2: Practical Guide to Penetration Testing by Peter Kim

If you want to get some vulnhub VM's that are similar to the OSCP course, go on the freenode irc to the #vulnhub channel and type "!oscp" and it will give you a list of similar vulnhub VM's to play with. Make sure you also look at the walkthroughs for them to learn different methodologies and tools.

Dr. Fluxx

supasecuritybro wrote: »

I partly agree with the top two replies. My first question would be, is your college paid for? That is the foundational answer to respond first.

If it is, go to college and take some lower level certs to get you started. I would recommend Sec +, CSA+ , eJPT, then OSCP.

If it is not paid for and you want some advice, here is my two cents.

Pay for yourself to do the eJPT from eLearnSecurity (~$300 investment). I think this is a great one since I have seen it really let me know what I was getting myself into. If you are comfortable, then get the OSCP. I think you can get yourself some casual work to fund this doing some testing for people you know. You can start your own thing. It may be hard at first but you will be surprised how many people will need a person to test an app or check their website.

DO NOT GO INTO DEBT TO GET A DEGREE!! That is the worst mistake you will ever do. You may not have a great job now but that won’t be always. You can do your own thing and not get into the hamster wheel.

I have never had an interview ask me about my degree. Its always been show me how you would do this or explain what you find doing this. Of course if you ever need a job. If you need some more advice or want some more help, hit me up!

I think in the IT field, we do have an advantage in that you dont necessarily need a degree per se (If you have a CCIE not just written but lab and even CISSPs) make good $$ but with a degree u can make more supposedly, but its not like youll never hit the six figure mark if you DONT have a degree.


Certain certs can help you along your path.


I could also throw in programming because IT is a very broad field.

Slyth

I was 23 when I passed the exam. I was personally self taught. I had no job experience in this field. Still have no job experience in the field but starting OSCE in the next month or so .