Trying Harder, an OSCP Journey

As I'm finishing up my PMP prep and getting ready to take the exam, I'd decided I was done with certs. Definitely any cert where you need to read and take a multi-choice exam for sure, but was thinking certs in general. Well last week my manager shocked me and told me he resigned, which really sucks for me. Aside from him being a great guy, awesome to work for, and someone who I've learned a lot from, he also paid for my CISM, CISA, CRISC, and now PMP that I'm about to take. So two things entered my mind, first, I want to make sure I have a solid out to our Cyber team if need be (or a new company/job) in case things go sideways in my current position, and second, I should see if he will cover one more cert before he leaves. So I decided OSCP was the perfect choice as it really accomplishes both.

So last night I got fully registered for PWK/OSCP. I'm not going to approach this like most people and spend inordinate amounts of time on it each and every night. But I've got at least 2 solid hours a day minimum that I will put towards it. I've done a ton of research on the OSCP for years now and have a war chest of resources saved in OneNote. As well I have an entire shelf full of every well known pentesting/hacking books out there. Now it's time to put everything to use. My start date is September 2nd, which happens to fall on my favorite day of the year, college football kickoff day. The good thing about practical certs like this is that I can sit in front of my tv with my laptop and practice away. I guess you can consider this thread the lazy mans OSCP journey. Will I be successful? Time will tell. I'm pretty damn good at researching, and pick things up really quickly and easily when it's a practical matter, so I've got that going for me.
Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up:​ OSCP
Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
«1

Comments

  • DollarhydeDollarhyde Member Posts: 111
    Good luck mate, you sure will do well in OSCP.
    ___________________________________________________________________________________________________________
  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    Dam Jojo you're killing me...How do I keep up with your pace? lol.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    GO JOJO!!!! you got the MOJO!!!!! icon_cheers.gif

    Happy friday!
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • scascscasc Member Posts: 465 ■■■■■■■□□□
    Best of luck with all endevours. Why dont you apply for his role and try be even more senior? if you really want to do the OSCP - great to do - but if you be even more senior - like a Director level for example, do you really need it? Unless you want to understand the intricacies and liaise with the techies.

    Ive noticed, certainly here in the UK, that to get the bucks, its more about strategy/risk/senior management than the Pen testing or other techie cyber fields - which is sad because they look so interesting and great to be involved with.

    Anyhow, let us know how you get on.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Thanks guys! Part of why I was done with certs was the stress. I'm approaching the OSCP as a fun endeavor. I plan on having fun while learning and taking a laid back approach. That doesn't mean I won't dedicate a good bit of time to it, I just want the effort to develop organically and not force it. That's the difference in how I approach things nowadays.

    scasc wrote: »
    Best of luck with all endevours. Why dont you apply for his role and try be even more senior? if you really want to do the OSCP - great to do - but if you be even more senior - like a Director level for example, do you really need it? Unless you want to understand the intricacies and liaise with the techies.

    Ive noticed, certainly here in the UK, that to get the bucks, its more about strategy/risk/senior management than the Pen testing or other techie cyber fields - which is sad because they look so interesting and great to be involved with.

    Anyhow, let us know how you get on.

    It would be great but, he's leaving due to the stress of his position. He is the Director and handles InfoRisk for the Insurance vertical for N/C/S America. I am responsible for one client in the Insurance vertical (their largest client period). I did help him with stuff for other companies he's responsible for, but it wasn't enough to keep him from being slammed. Besides that, I would want a 25% raise minimum to even consider it, and I would want to hire someone in my position to handle some of the easy but time consuming day to day tasks he was doing. But in general, as a Sr Manager already making into six figures, the extra time expenditure and stress isn't worth it at this point.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Good luck! I think with your body of work, you should be on track for success. Don't underestimate how much time you'll a) need to spend to do things like the lab report and/or exercises, or b) the time you want to spend to get the rush of that next root shell! :) Need any help, drop into the Discord! (I'm also on the netsecfocus slack with many others.)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • scascscasc Member Posts: 465 ■■■■■■■□□□
    JoJoCal19 wrote: »
    Thanks guys! Part of why I was done with certs was the stress. I'm approaching the OSCP as a fun endeavor. I plan on having fun while learning and taking a laid back approach. That doesn't mean I won't dedicate a good bit of time to it, I just want the effort to develop organically and not force it. That's the difference in how I approach things nowadays.




    It would be great but, he's leaving due to the stress of his position. He is the Director and handles InfoRisk for the Insurance vertical for N/C/S America. I am responsible for one client in the Insurance vertical (their largest client period). I did help him with stuff for other companies he's responsible for, but it wasn't enough to keep him from being slammed. Besides that, I would want a 25% raise minimum to even consider it, and I would want to hire someone in my position to handle some of the easy but time consuming day to day tasks he was doing. But in general, as a Sr Manager already making into six figures, the extra time expenditure and stress isn't worth it at this point.

    The painful joys of senior management - always has stress and time consuming as you have first hand experience. Yes I see your point - would have been nice to try going for it and developing your business case for the circa 20% raise and then have the authority to get 1/2 ppl to support you. What are your goals currently - I mean career wise? To continue as SM? Would you have done it if you had the raise?
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    I'm taking a single course through Stanford and it's killing me. I can't believe you are doing all those.....

    You are a beast.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    scasc wrote: »
    The painful joys of senior management - always has stress and time consuming as you have first hand experience. Yes I see your point - would have been nice to try going for it and developing your business case for the circa 20% raise and then have the authority to get 1/2 ppl to support you. What are your goals currently - I mean career wise? To continue as SM? Would you have done it if you had the raise?

    My goals career-wise were to get into Sr Management/C-level, however after working almost a decade at some of the largest F100 firms, I decided that wasn't for me. So my goal basically became make $120k+ per year, fully remote, not too stressful, for a manager I like. My current job NAILED all of those, and life was good (until my manager just resigned). Those are my career goals for IT/InfoSec. I have goals outside of my career that I am pursuing, and my eventual goal is to work for myself, making as much or more than I am now. But for my current situation, I just don't think the raise is worth it. Like I said, I'd need 25% to even entertain it, and depending on my discussions with management, that would determine if the 25% raise would even warrant me taking it. I dunno, part of me thinks I work quicker, and more efficiently than my manager does, so maybe it wouldn't be as stressful for me. But I saw first-hand the requests from his manager (and I ended up getting tasked directly by him too), and I just don't know if I want that. My family comes first in life and if I ever am in a position where something is in conflict, I choose my family. So I think staying where I am, or moving to our Cyber team are my only options.

    Good luck!

    Thanks!

    I'm taking a single course through Stanford and it's killing me. I can't believe you are doing all those.....

    You are a beast.

    I'd be lying if I said I wasn't a tad concerned. But remember, I'm approaching this as a fun endeavor to learn. I'm not worrying about the OSCP at the end. I'll definitely keep you in the loop on how things are going, and if it's still all fun and games for me.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JoJoCal19: What exactly is a "Cyber" team? :)
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    JoJoCal19 wrote: »
    As I'm finishing up my PMP prep and getting ready to take the exam, I'd decided I was done with certs. Definitely any cert where you need to read and take a multi-choice exam for sure, but was thinking certs in general. Well last week my manager shocked me and told me he resigned, which really sucks for me. Aside from him being a great guy, awesome to work for, and someone who I've learned a lot from, he also paid for my CISM, CISA, CRISC, and now PMP that I'm about to take. So two things entered my mind, first, I want to make sure I have a solid out to our Cyber team if need be (or a new company/job) in case things go sideways in my current position, and second, I should see if he will cover one more cert before he leaves. So I decided OSCP was the perfect choice as it really accomplishes both.


    So last night I got fully registered for PWK/OSCP. I'm not going to approach this like most people and spend inordinate amounts of time on it each and every night. But I've got at least 2 solid hours a day minimum that I will put towards it. I've done a ton of research on the OSCP for years now and have a war chest of resources saved in OneNote. As well I have an entire shelf full of every well known pentesting/hacking books out there. Now it's time to put everything to use. My start date is September 2nd, which happens to fall on my favorite day of the year, college football kickoff day. The good thing about practical certs like this is that I can sit in front of my tv with my laptop and practice away. I guess you can consider this thread the lazy mans OSCP journey. Will I be successful? Time will tell. I'm pretty damn good at researching, and pick things up really quickly and easily when it's a practical matter, so I've got that going for me.

    Its funny as hell because ive also been researching and have a stockpile of material that ive been going through for the OSCP also!
    Been going through things for almost 2 years running. Life and the fact that im really enjoying the study and details is what has slowed me alot. I hope to be ready by early to mid 2018 at the latest.
    I research like a madman, finding different perspectives of the same subject and discovering correlations between them to, in a sense, formulate a foundation.

    Off topic...how difficult was the pmp?
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    JoJoCal19: What exactly is a "Cyber" team? :)

    I know right, the awesome "Cyber" term everyone loves. In our case, our Cyber Security team encompasses security intelligence, event monitoring, SOC, DFIR, security analytics, Infra/App Sec, and vulnerability mgmt & pentesting. The last part is the area I'd love to move into. I work in IRM which is basically all of our GRC/Audit stuff. And specifically I am being billed out to a particular client-based cost center. The Cyber team is Corporate Security cost center.

    Dr. Fluxx wrote: »

    Off topic...how difficult was the pmp?

    I'm actually about to take it in a week or so. So far it's pretty easy and common sense stuff if you've got the requisite experience. I'm pulling 80-90% on practice tests with one pass of PMStudy materials.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • asiru77asiru77 Member Posts: 65 ■■□□□□□□□□
    JoJoCal19 wrote: »
    As I'm finishing up my PMP prep and getting ready to take the exam, I'd decided I was done with certs. Definitely any cert where you need to read and take a multi-choice exam for sure, but was thinking certs in general. Well last week my manager shocked me and told me he resigned, which really sucks for me. Aside from him being a great guy, awesome to work for, and someone who I've learned a lot from, he also paid for my CISM, CISA, CRISC, and now PMP that I'm about to take. So two things entered my mind, first, I want to make sure I have a solid out to our Cyber team if need be (or a new company/job) in case things go sideways in my current position, and second, I should see if he will cover one more cert before he leaves. So I decided OSCP was the perfect choice as it really accomplishes both.

    So last night I got fully registered for PWK/OSCP. I'm not going to approach this like most people and spend inordinate amounts of time on it each and every night. But I've got at least 2 solid hours a day minimum that I will put towards it. I've done a ton of research on the OSCP for years now and have a war chest of resources saved in OneNote. As well I have an entire shelf full of every well known pentesting/hacking books out there. Now it's time to put everything to use. My start date is September 2nd, which happens to fall on my favorite day of the year, college football kickoff day. The good thing about practical certs like this is that I can sit in front of my tv with my laptop and practice away. I guess you can consider this thread the lazy mans OSCP journey. Will I be successful? Time will tell. I'm pretty damn good at researching, and pick things up really quickly and easily when it's a practical matter, so I've got that going for me.

    Jojocal19 2nd september is my birthday :) , i am currently working on CRISC and sadly cannot break your record of clearing 3 ISACA certs in 43 days due to 2 month break which ISACA take in between test windows, i am also planning to start working on OSCP very soon plus you are very lucky to have such a boss who pay for your certs because i am not getting a job even after getting certs in fact not even an interview call icon_sad.gif
  • billowsbillows Member Posts: 12 ■□□□□□□□□□
    Good Luck! and i am in this journey also, lets try harder
  • euguieugui Member Posts: 9 ■□□□□□□□□□
    Try harder....good Luck! icon_wink.gif
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    May the gators grant you success!!!! FLORIDA GATORS!!!!icon_cheers.gif
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JoJoCal19 wrote: »
    I know right, the awesome "Cyber" term everyone loves. In our case, our Cyber Security team encompasses security intelligence, event monitoring, SOC, DFIR, security analytics, Infra/App Sec, and vulnerability mgmt & pentesting. The last part is the area I'd love to move into. I work in IRM which is basically all of our GRC/Audit stuff. And specifically I am being billed out to a particular client-based cost center. The Cyber team is Corporate Security cost center.

    Gotcha. Good luck.
  • LordQarlynLordQarlyn Member Posts: 693 ■■■■■■□□□□
    I read up on the OSCP exam, and wow, one really has to know what they are doing, a 100% practical exam. That is a certification that carries some teeth right there. I never had the desire to get into network penetration myself, but hats off to those who pass this exam and get the certs!
  • m4v3r1ckm4v3r1ck Member Posts: 29 ■■□□□□□□□□
    Good luck, sir! I also start on the 2nd. If you ever need a study buddy or just someone to vent to, I'm here.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Actually looks like I have to hold off on my OSCP journey. Although my then manager approved the training, accounting kicked back my expense report and wanted different documentation than just the pdf invoice OffSec sends, and I had to edit and resubmit my expense report. Well that manager is no longer there and my new manager balked at approving my expense report for the training as it's not 100% directly related to my current position. Unfortunately all I can do is have OffSec refund my corp AMEX and pay for it myself. I don't really want to do that right now, so looks like I'm going to hold off on it for now. I'll take a look at it when I get my bonus early next year. So I guess no OSCP for me right now icon_sad.gif
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • m4v3r1ckm4v3r1ck Member Posts: 29 ■■□□□□□□□□
    Yuck. Are the cyber jobs at your company remote? If so, I'd say you should still go for it. You never know if a new manager is going to make you want to jump ship.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    JoJoCal19 wrote: »
    Actually looks like I have to hold off on my OSCP journey. Although my then manager approved the training, accounting kicked back my expense report and wanted different documentation than just the pdf invoice OffSec sends, and I had to edit and resubmit my expense report. Well that manager is no longer there and my new manager balked at approving my expense report for the training as it's not 100% directly related to my current position. Unfortunately all I can do is have OffSec refund my corp AMEX and pay for it myself. I don't really want to do that right now, so looks like I'm going to hold off on it for now. I'll take a look at it when I get my bonus early next year. So I guess no OSCP for me right now icon_sad.gif

    nahhh try harder....

    You can still study the resources on the forum and then when you can take it you will already be ready to take the exam. There are plenty of resources that are available to study to prepare for the OSCP
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    m4v3r1ck wrote: »
    Yuck. Are the cyber jobs at your company remote? If so, I'd say you should still go for it. You never know if a new manager is going to make you want to jump ship.

    Most of them are, so that's still my goal for after bonus time next year. I've been networking with the folks over on the Cyber team, so I'm getting my name out there.

    ITSpectre wrote: »
    nahhh try harder....

    You can still study the resources on the forum and then when you can take it you will already be ready to take the exam. There are plenty of resources that are available to study to prepare for the OSCP

    I actually plan on it. For now I'm focusing on Python and Linux for a few months. I've also got the eLearn PTPv4 course I'm going to go through as prep for the OSCP. I should be in great position to go for the OSCP after I get my bonus early next year.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • fredlwalfredlwal Member Posts: 44 ■■■□□□□□□□
    Can someone send me the link to the slack group?
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    JoJoCal19 wrote: »
    I actually plan on it. For now I'm focusing on Python and Linux for a few months. I've also got the eLearn PTPv4 course I'm going to go through as prep for the OSCP. I should be in great position to go for the OSCP after I get my bonus early next year.

    Your the best GATOR in the world JoJo. Thats what im doing now before I dive into the OSCP.... I said "why do i want the eJPT when I can just tackle the beast OSCP" so im sharpening my tools to take it down....
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • B_sherkatB_sherkat Registered Users Posts: 2 ■□□□□□□□□□
    Hey , i was wondering if anyone has a link to the URL for the people who are doing OSCP ? i just started mine last month :)
  • HornswogglerHornswoggler Member Posts: 63 ■■□□□□□□□□
    I'm sure you'll make the most of your extra prep time, sorry to hear about the delay.

    I'm almost three weeks into the course and the things I wish I knew better are: C programming and python scripting. Everybody's background is different so take that with a grain of salt.
    2018: Linux+, eWPT/GWAPT
  • PersianImmortalPersianImmortal Member Posts: 124 ■■□□□□□□□□
    Best of luck, mate!
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    So OSCP is back on! I'm set to start on 9/30. I spoke to management again about the expense, and they are requesting approval from senior management to get it approved. Based on this situation and also some things since my manager left, I feel like I can't afford to not take the course, so I've decided that if management doesn't get the approval for it, then I will just pay the bill (corp card) myself. I want to go ahead and move forward with the OSCP so that I have an ace in my back pocket if I need it.

    So I'm doing the command line course on Code Academy, and then doing the Git and Python course before the 30th. As well I am going to do some preliminary studying of buffer overflows using my eLearnsecurity material.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Sign In or Register to comment.