A little guidance required regarding OSCP

Hi everyone,

Let me explain my situation a little. I am currently in the final semester of Software Engineering, with specialization in Information Security. I wont really call it specialization as its UG level, and we only study introductory courses, depth is not that much, but breadth is reasonable. These are the relevant courses that i've taken:

Comp. Networks
Cryptography
Network Security
Computer Security
Computer Forensics
System Incident Handling

I want to pursue OSCP, i've long had an interest in Penetration Testing. But i am in a dilemma of sorts; I have 2 months left off my degree, our university's placement department has started the recruitment drive. The thing is that its easier to get a better job (so to speak), through the university's placement department. But if i do so, i will probably end up in a Software development job, or maybe some networks related job, but the thing is that i am not sure that whether OSCP can be prepared for while having a full time job that is completely unrelated to penetration testing.

Its like, i'll be working 8 hours a day, 5 days a week, continuously. And if i sign up for OSCP with that schedule, will i be able to prepare for it well enough, in those 90 days of lab access that i get? I can't exactly afford right now to get more days than that, neither do i want to.

On the other hand, if i don't get a job just yet, and apply for OSCP after my degree finishes, by the end of May and start preparing for it; although i will be able to get OSCP that way but afterwards, to find a job, i'll be on my own, and won't really have the university's placement department's support.

So i am not sure which path should i take? What would you guys suggest? Do you think that OSCP could be prepared for while having a full time job, or is there just no way at all? Also if i don't start getting security certs right away, my jobs (whichever i get) might have me venturing too far into other fields, that it might become hard to get into penetration testing from there, as to put it bluntly, i am after-all a programmer, not that much of a security guy just yet.

I am inexperienced and have minimal knowledge, i really hope you guys with your experience will be able to guide me, Thanks.

Find more posts tagged with

Comments

SephStorm

Welcome to TE, Hmm. off the top of my head, I would say get your job. While there are plenty of jobs out there for dev's and programmers, i'd say getting that first job on a resume is going to be critical. Besides, it will offer you an insiders view of a real company, and how IT and security are done, even if you aren't in that department.

As far as the OSCP goes, you've proven in college that you can multitask and in SE that you can work on a hard deadline I assume. But the OSCP does require dedicated time and effort. You could look at something such as the SMFE, or eCPPT while you are working, and worry about the OSCP a year from now when you have a solid career foundation.

My .02

the_Grinch

I agree with Seph, take the first job you can get. You need to build up a foundation and you'll get that on your first job. There are a bunch of us who are working full time pursuing the OSCP. I think you'll find most people who are going for it work full time and not always in security. I'm in support and am hoping that it helps me make that jump out. As for the 90 days, most seem to believe it is enough to get the job done. 60 would be the minimum I tend to think.

YuckTheFankees

Get a job first, then you can focus on the OSCP. The majority of pentesters do not start off in the security field, they move over from jobs such as programmers/ network admin/ sys admin/ software engineer/etc. But your degree will definitely help in the pentesting realm.

mumair

Well, thankyou very much SephStorm, the_Grinch and YuckTheFankees for the advice. It seems that its pretty much unanimous then, that i should opt for the job first. Just one more question, i am potentially looking at 3 types of jobs, first is the obvious development job, another company that i might have a chance at, are offering a junior malware researcher position. And finally, theres this other company who are offering an internship of sorts, i don't know what exactly the internship will be about, but it most probably deals with deployment of security related softwares etc, like endpoint solutions and what not.

Which in your opinion do you think would be the most rewarding, if at all, for someone who wants a career in penetration testing/network security etc, in the future?