OSCP Prep 2019 and CISSP - Advice
ger_saf
Member Posts: 17 ■■■□□□□□□□
Hey,
I need your advice and recommendation btw OSCP and CISSP.
I am certified already on CISA and CISM in 2018 and I am looking for another security professional certificate to do this year.
Also, in Sept 2017, I tried CISSP after 3 months of preparation and failed.
Brief, since I have CISA and CISM certificates, do I still need to try again CISSP or I can do OSCP?
I am an InfoSec guy ( 5 Years) in my company and with Network and System IT experiences (5 Years).
Any advice?
I need your advice and recommendation btw OSCP and CISSP.
I am certified already on CISA and CISM in 2018 and I am looking for another security professional certificate to do this year.
Also, in Sept 2017, I tried CISSP after 3 months of preparation and failed.
Brief, since I have CISA and CISM certificates, do I still need to try again CISSP or I can do OSCP?
I am an InfoSec guy ( 5 Years) in my company and with Network and System IT experiences (5 Years).
Any advice?
Comments
-
Eagle75799 Member Posts: 12 ■■■□□□□□□□What are your goals? Where do you want your career to go? OSCP and CISSP are very different focus, I would recommend deciding the direction you want to go with it, and decide what to pursue from there.
-
ger_saf Member Posts: 17 ■■■□□□□□□□Hey @Eagle75799,
I am looking for two careers path:
1. Knowledge in Defensive cyber security certifications such as CISSP, CISM and etc...
2. Knowledge in Offensive cyber security certifications such as CEH, OSCP and etc... -
McxRisley Member Posts: 494 ■■■■■□□□□□I think you are looking at this the wrong way here. CISSP and CISM are more managerial certs and give you a thousand mile high view with little depth and are not what I would classify as "defensive" pathed certs. The OSCP, while geared towards offensive tactics, is still an unmatchable defensive cert as well. It's pretty hard to defend against or detect an attack that you don't understand and before someone chimes in with "adpative defense and all the bells and whistles" these systems are never 100% accurate and still require knowledge of that tactics that they are alerting on in order to determine whether the alert is a positive or not.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
-
ger_saf Member Posts: 17 ■■■□□□□□□□Thanks @McxRisley, I understand that there is not 100% defensive/protection and even offensive. I used both words based on the concept and content of these material (CISM, CISSP and OSCP).Since I have CISA and CISM, let me go with OSCP now then after I will do CISSP.Thanks Guys.
-
LonerVamp Member Posts: 518 ■■■■■■■■□□Hate to say this, but you really haven't answered the question about what your goals are.I don't consider the CISSP to be a managerial cert, per se. I actually think of it as an advanced general security practitioner cert. It will get you noticed, but anyone worth their hiring manager position should probably consider CISA/CISM and CISSP to be roughly equivalent for most job roles.The OSCP is hands-on-lab and hands-off-self-research and will almost certainly give you a new perspective on offense tactics, how to read vulnerability notices, and what attackers do (and leave behind), especially so if you have not done any pen testing or popped root shells in the past.I think both have their place. If you want to learn more, I'd probably say OSCP has more upside. If you want something to continue to be marketable (though, honestly, 5 years experience is marketable enough for almost anything), CISSP will get you more calls.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
roninkai Member Posts: 307 ■■■■□□□□□□CISSP to keep you marketable, OSCP to keep you valuable浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP -
ger_saf Member Posts: 17 ■■■□□□□□□□dragonsden said:CISSP to keep you marketable, OSCP to keep you valuable
-
ger_saf Member Posts: 17 ■■■□□□□□□□LonerVamp my goal/target is to have my own business in InfoSec & CyberSecurity industry in 2021-2022.
Sofar, I have 5 years of experience in InfoSec management; 4 years in IT (Network and System Eng).
I know start a business is not something easy, I want to be ready, not just to have certificates (CISSP/OSCP/CISA/CISM) but important to have enough knowledge (managerial and technical hands-on ).