Need Information regd OSCP certification and its scope

vighack

Hi Guys,I have completed CEH exam and I am planning of take OSCP examination (offensive-security's). Iknow equalent certifications are also available at SANS(GPEN or GCIH). OSCP is very economic compared to SANS in terms of pricing. But iheard lots of people talking abt SANS certifications than OSCP. Pleasegive me your openion on how recognised is it in the industry?Is itworth for what we are payingfor this course? How is the syllabus, doesit cover current attacks? or plain old technics which may not beworking in most of the current environments. suggest me if you knowany other good certifications...Note : Currently I m not working in Infosecurity related Projects , Will doing this certificate help me in getting a good job ?.Kindly let me know.Regards,Vignesh

paul78

Hello Vignesh - Welcome to TE.

Are you having a hard time getting a job with a CEH? What other experience do you have?

The certifications from Offensive Security and GIAC are both well known among information security professionals. GIAC is perhaps a bit more recognized. SANS is actually the organization that does the training - the certifying body for SANS course offerings is GIAC.

I cannot speak to Offensive Security's material but I have a little experience with SANS on-demand courses. I personally find the material at SANS excellent and well structured. But the GIAC exams itself are a bit 'lackluster'.

As for finding a job after obtaining certifications, there are plenty of threads in these forums about that Having a certification doesn't guarantee a job. And perhaps instead of rushing off to get another certification if you think that it will get you a job, it may be worthwhile to explore what challenges you are facing with trying to get a job. There are many dimensions that come into play when someone job seeks.

the_hutch

Speaking in terms of industry acceptance, its really going to depend on what type of job you are looking for.

SANS is more respected in general, within the information security / network security field. But if you are looking for an actual pen-testing job (which can be hard to come by), OSCP is the absolute standard and any recruiters that seek to hire pentesters know this.

the_hutch

But personally, I would never get a SANS certification if not paid for by my company. They are ridiculously over priced. Honestly, regardless of what type of job you are looking for, you are going to get more for your money with OSCP. I haven't taken it, but I've only heard positive things from people who have. As soon as I take my CISSP (in two weeks) and get notification that I passed...its on to OSCP for me.

Killj0y

I would agree SANS is expensive. If you can do both the GPEN and the OSCP, I would do it. They compliment each other very well. I think SANS has a program where you can volunteer for them and you can do the Ondemand version of their courses for $800. That is a lot cheaper than their normal prices. It is hard to compare the two. I learned more technical skills in the OSCP but I learned more soft skills doing GPEN.

JDMurray

SANS courses are very inexpensive from the business point of view. After sending a team of its security people to SANS training, an organization can expect to fix security problems that could result in 10-100 times the course costs in losses (both tangible and intangible). That's a positive ROI.

uyen_nguyen

yep, I totally agree on your view point. It is a good investment, very good one.

JDMurray wrote: »

SANS courses are very inexpensive from the business point of view. After sending a team of its security people to SANS training, an organization can expect to fix security problems that could result in 10-100 times the course costs in losses (both tangible and intangible). That's a positive ROI.

YuckTheFankees

the_hutch wrote: »

Speaking in terms of industry acceptance, its really going to depend on what type of job you are looking for.

SANS is more respected in general, within the information security / network security field. But if you are looking for an actual pen-testing job (which can be hard to come by), OSCP is the absolute standard and any recruiters that seek to hire pentesters know this.

I completely agree with you hutch.

the_hutch

JDMurray wrote: »

SANS courses are very inexpensive from the business point of view. After sending a team of its security people to SANS training, an organization can expect to fix security problems that could result in 10-100 times the course costs in losses (both tangible and intangible). That's a positive ROI.

I agree with you from a business perspective. And, as I said, I would totally go for it if my company would pay for it. SANS is a great company. But when you are speaking of personal investment, its a heavy hit to the pocket-book.

the_hutch

YuckTheFankees wrote: »

I completely agree with you hutch.

What's up man. I see you started OSCP. I'm still trying to decide if I want to do SPSE (SecTube Python Scripting Expert) first or if I should dive right in. In any case, I should be starting one or the other before the end of the month. Does the course recommend supplemental resources to fill in the knowledge gaps?

YuckTheFankees

The OSCP supplies a couple links to get additional information but you will definitely need to do outside research (depending on your skill level). The OSCP forum provides a lot of good information, so make sure to check the forum out when you need help or additional resources. The lab pdf and videos give provide a good foundation but not enough to pass the exam, that's for sure. I've spent about 10 hours on the course material and probably another 15 hours doing outside research (learning ASM, buffer overflows, some BASH and Python). Make sure to do the "Extra Mile Exercises".