OSCP Prep 2019 and CISSP - Advice

Hey,

I need your advice and recommendation btw OSCP and CISSP.
I am certified already on CISA and CISM in 2018 and I am looking for another security professional certificate to do this year.
Also, in Sept 2017, I tried CISSP after 3 months of preparation and failed.

Brief, since I have CISA and CISM certificates, do I still need to try again CISSP or I can do OSCP?
I am an InfoSec guy ( 5 Years) in my company and with Network and System IT experiences (5 Years).

Any advice?

Find more posts tagged with

cissp

oscp

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Eagle75799

What are your goals? Where do you want your career to go? OSCP and CISSP are very different focus, I would recommend deciding the direction you want to go with it, and decide what to pursue from there.

ger_saf

Hey @Eagle75799,

I am looking for two careers path:
1. Knowledge in Defensive cyber security certifications such as CISSP, CISM and etc...
2. Knowledge in Offensive cyber security certifications such as CEH, OSCP and etc...

McxRisley

I think you are looking at this the wrong way here. CISSP and CISM are more managerial certs and give you a thousand mile high view with little depth and are not what I would classify as "defensive" pathed certs. The OSCP, while geared towards offensive tactics, is still an unmatchable defensive cert as well. It's pretty hard to defend against or detect an attack that you don't understand and before someone chimes in with "adpative defense and all the bells and whistles" these systems are never 100% accurate and still require knowledge of that tactics that they are alerting on in order to determine whether the alert is a positive or not.

ger_saf

Thanks @McxRisley, I understand that there is not 100% defensive/protection and even offensive. I used both words based on the concept and content of these material (CISM, CISSP and OSCP).

Since I have CISA and CISM, let me go with OSCP now then after I will do CISSP.

Thanks Guys.

LonerVamp

Hate to say this, but you really haven't answered the question about what your goals are.

I don't consider the CISSP to be a managerial cert, per se. I actually think of it as an advanced general security practitioner cert. It will get you noticed, but anyone worth their hiring manager position should probably consider CISA/CISM and CISSP to be roughly equivalent for most job roles.

The OSCP is hands-on-lab and hands-off-self-research and will almost certainly give you a new perspective on offense tactics, how to read vulnerability notices, and what attackers do (and leave behind), especially so if you have not done any pen testing or popped root shells in the past.

I think both have their place. If you want to learn more, I'd probably say OSCP has more upside. If you want something to continue to be marketable (though, honestly, 5 years experience is marketable enough for almost anything), CISSP will get you more calls.

roninkai

CISSP to keep you marketable, OSCP to keep you valuable

ger_saf

dragonsden said:

CISSP to keep you marketable, OSCP to keep you valuable

I like this.....I prefer valuable then after marketable.

ger_saf

LonerVamp my goal/target is to have my own business in InfoSec & CyberSecurity industry in 2021-2022.
Sofar, I have 5 years of experience in InfoSec management; 4 years in IT (Network and System Eng).

I know start a business is not something easy, I want to be ready, not just to have certificates (CISSP/OSCP/CISA/CISM) but important to have enough knowledge (managerial and technical hands-on ).