OSCP Prep 2019 and CISSP - Advice

ger_safger_saf Member Posts: 17 ■■■□□□□□□□

I need your advice and recommendation btw OSCP and CISSP.   
I am certified already on CISA and CISM in 2018 and  I am looking for another security professional certificate to do this year.   
Also, in Sept 2017, I tried CISSP after 3 months of preparation and failed. 

Brief, since I have CISA and CISM certificates, do I still need to try again CISSP or I can do OSCP?
I am an InfoSec guy ( 5 Years) in my company and with Network and System IT experiences (5 Years). 

Any advice?


  • Eagle75799Eagle75799 Member Posts: 12 ■■■□□□□□□□
    What are your goals? Where do you want your career to go? OSCP and CISSP are very different focus, I would recommend deciding the direction you want to go with it, and decide what to pursue from there.
  • ger_safger_saf Member Posts: 17 ■■■□□□□□□□
    Hey @Eagle75799

    I am looking  for two careers path:
    1.  Knowledge in Defensive cyber security certifications such as CISSP, CISM  and etc...
    2. Knowledge in Offensive cyber security certifications such as CEH, OSCP and etc...
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    edited March 2019
    I think you are looking at this the wrong way here. CISSP and CISM are more managerial certs and give you a thousand mile high view with little depth and are not what I would classify as "defensive" pathed certs. The OSCP, while geared towards offensive tactics, is still an unmatchable defensive cert as well. It's pretty hard to defend against or detect an attack that you don't understand and before someone chimes in with "adpative defense and all the bells and whistles" these systems are never 100% accurate and still require knowledge of that tactics that they are alerting on in order to determine whether the alert is a positive or not.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • ger_safger_saf Member Posts: 17 ■■■□□□□□□□
    Thanks @McxRisley, I understand that there is not 100% defensive/protection and even offensive.  I used both  words based on the concept and content of these material (CISM, CISSP and OSCP).

    Since I have CISA and CISM, let me go with OSCP now then after I will do CISSP.

    Thanks Guys.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Hate to say this, but you really haven't answered the question about what your goals are.

    I don't consider the CISSP to be a managerial cert, per se. I actually think of it as an advanced general security practitioner cert. It will get you noticed, but anyone worth their hiring manager position should probably consider CISA/CISM and CISSP to be roughly equivalent for most job roles.

    The OSCP is hands-on-lab and hands-off-self-research and will almost certainly give you a new perspective on offense tactics, how to read vulnerability notices, and what attackers do (and leave behind), especially so if you have not done any pen testing or popped root shells in the past.

    I think both have their place. If you want to learn more, I'd probably say OSCP has more upside. If you want something to continue to be marketable (though, honestly, 5 years experience is marketable enough for almost anything), CISSP will get you more calls.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • roninkaironinkai Member Posts: 307 ■■■■□□□□□□
    CISSP to keep you marketable, OSCP to keep you valuable
    浪人 MSISA:WGU
    2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
  • ger_safger_saf Member Posts: 17 ■■■□□□□□□□
    CISSP to keep you marketable, OSCP to keep you valuable
    I like this.....I prefer valuable then after marketable.
  • ger_safger_saf Member Posts: 17 ■■■□□□□□□□
    LonerVamp my goal/target is to have my own business in InfoSec & CyberSecurity industry in 2021-2022. 
    Sofar, I have 5 years of experience in InfoSec management; 4 years in IT (Network and System Eng).

    I know start a business is not something easy, I want to be ready, not just to have certificates (CISSP/OSCP/CISA/CISM) but important to have enough knowledge (managerial and technical hands-on ).
Sign In or Register to comment.