OSCP Prep 2019 and CISSP - Advice

ger_safger_saf Posts: 15Member ■■■□□□□□□□
Hey,

I need your advice and recommendation btw OSCP and CISSP.   
I am certified already on CISA and CISM in 2018 and  I am looking for another security professional certificate to do this year.   
Also, in Sept 2017, I tried CISSP after 3 months of preparation and failed. 

Brief, since I have CISA and CISM certificates, do I still need to try again CISSP or I can do OSCP?
I am an InfoSec guy ( 5 Years) in my company and with Network and System IT experiences (5 Years). 

Any advice?
Tagged:

Comments

  • Eagle75799Eagle75799 Posts: 7Member ■■□□□□□□□□
    What are your goals? Where do you want your career to go? OSCP and CISSP are very different focus, I would recommend deciding the direction you want to go with it, and decide what to pursue from there.
  • ger_safger_saf Posts: 15Member ■■■□□□□□□□
    Hey @Eagle75799

    I am looking  for two careers path:
    1.  Knowledge in Defensive cyber security certifications such as CISSP, CISM  and etc...
    2. Knowledge in Offensive cyber security certifications such as CEH, OSCP and etc...
  • McxRisleyMcxRisley Eye of Barad-dûr Posts: 444Member ■■■■□□□□□□
    edited March 4
    I think you are looking at this the wrong way here. CISSP and CISM are more managerial certs and give you a thousand mile high view with little depth and are not what I would classify as "defensive" pathed certs. The OSCP, while geared towards offensive tactics, is still an unmatchable defensive cert as well. It's pretty hard to defend against or detect an attack that you don't understand and before someone chimes in with "adpative defense and all the bells and whistles" these systems are never 100% accurate and still require knowledge of that tactics that they are alerting on in order to determine whether the alert is a positive or not.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • ger_safger_saf Posts: 15Member ■■■□□□□□□□
    Thanks @McxRisley, I understand that there is not 100% defensive/protection and even offensive.  I used both  words based on the concept and content of these material (CISM, CISSP and OSCP).

    Since I have CISA and CISM, let me go with OSCP now then after I will do CISSP.

    Thanks Guys.
  • nealeneale Posts: 16Member ■■■□□□□□□□
    i will like to recommend you OSCP
  • LonerVampLonerVamp Senior Member Posts: 253Member ■■■■□□□□□□
    Hate to say this, but you really haven't answered the question about what your goals are.

    I don't consider the CISSP to be a managerial cert, per se. I actually think of it as an advanced general security practitioner cert. It will get you noticed, but anyone worth their hiring manager position should probably consider CISA/CISM and CISSP to be roughly equivalent for most job roles.

    The OSCP is hands-on-lab and hands-off-self-research and will almost certainly give you a new perspective on offense tactics, how to read vulnerability notices, and what attackers do (and leave behind), especially so if you have not done any pen testing or popped root shells in the past.

    I think both have their place. If you want to learn more, I'd probably say OSCP has more upside. If you want something to continue to be marketable (though, honestly, 5 years experience is marketable enough for almost anything), CISSP will get you more calls.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, CISSP, OSWP, CCNA Cyber Ops, Sec+
    2019 goals: GWAPT, Linux+, SLAE (possible: SEC573, CCSP, Splunk F&PU)
  • dragonsdendragonsden Senior Member San DiegoPosts: 225Member ■■■□□□□□□□
    CISSP to keep you marketable, OSCP to keep you valuable
    Dragonsden, MSISA:WGU
    CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
    Currently Studying: DevSecOps / Ansible
    Love FreeNAS? Well, this guy is giving away a FreeNAS 'NAS' for 'FREE'!
    > https://wn.nr/45PX4m
Sign In or Register to comment.