OSCP- Define "entry-level"

I've been doing sifting through the security certs sub-forum and found that many people describe the OSCP as "entry-level" and even OffSec's website says the course requires only "a solid understanding of TCP/IP, networking and reasonable Linux skills."

I was wondering if anyone has gone from a CCNA-level networking background or help desk background straight into the OSCP? If so, what were your experiences? If no one has, what would the recommended path be from the help desk to OSCP?

I've been thinking about adding the OSCP to the my 2014 cert goals and I'm intrigued by the idea of going for a hands-on certification instead of the basic overview that the CEH provides. I don't want to jump in the deep-end and realized I've gone in to the OSCP thinking I'm being gutsy when I'm actually being stupid.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Master Of Puppets

There are different opinions regarding this one so here's mine.

Indeed, OSCP can be considered entry-level pen testing cert. However, entry-level in penetration testing does not equal entry-level in networking or programming. Can you start the course with just a solid understanding of TCP/IP and scarce Linux skills and still make it? Yes, there have been cases like that. You can pick up some thing as you go. IMHO, though, that would be a waste. The point of this is not to get through the course or the cert but to lean as much as you can and really advance in this field. It will be an utter waste to go into it and have to learn Python, scripting, Linux etc for the first time. You can do that on your own, without having to waste valuable lab time. I think the way to get the most out of this course is to do a little prep - learn Python and Bash, make sure you are really comfortable with Linux, read up on pen testing methodologies(there are a lot of great books all over the web that people recommend so I'm not going to list them here unless you want to), some people have problems compiling exploits in C so maybe take a look at that too and so on. Read up on people's experiences, see what they needed and research it. A lot more can be learned if your time is focused on the important stuff instead of having to go back.

Bear in mind that I haven't taken the course, I have just been interested in it for a long time. So this comes from personal opinion + a lot of research + asking around. I too plan to take it next year if something does not go wrong.

NovaHax

OSCP is definitely entry level. It certifies that you have the basic skills to break into a variety of different vulnerable configurations for network servers and hosts (both linux and windows varieties).

I think Master of Puppets describes it well. It is an entry-level course for penetration testing. But penetration testing is not an entry level discipline. There's a lot of ways to get there, but rarely do you jump from help-desk to pen-testing. Personally, I went help-desk > data-base administrator > vulnerability management > incident response > penetration testing. The database background helped me break into the InfoSec world because they needed someone to manage and sort through vulnerability scan data.

But in the end...what this course (and pen-testing in general) comes down to is determination and persistence. If you think you have that...I say go for it. If you want it bad enough...you'll get there. And its a relatively inexpensive course compared to other certification programs.

JayTheCracker

be familiar with Linux a bit more and learn some python, then i think u're good to go~!

010101

I would rank it like this:

preschool -> Security+ -> CEH -> several thousand miles of seperation -> CISSP -> OSCP -> OSCE -> ????

If the OSCP is entry level, what's above it?
1 cert?

redz

010101 wrote: »

preschool -> Security+ -> CEH -> several thousand miles of seperation -> CISSP -> OSCP -> OSCE -> ????

To be perfectly blunt, CISSP doesn't belong in there. It's part of an entirely different information security discipline. It'd more likely be a separate branch off the Security+.

NovaHax

010101 wrote: »

If the OSCP is entry level, what's above it?
1 cert?

Yes...OSCP is entry level. And why are you evaluating the industry skill-level of a certification based on how it fits within some certification track?

Offensive security alone has numerous more advanced certifications than OSCP. Though the certification track is not really linear.

Offensive Security Entry Level Certs:
1. PenTesting with Backtrack (OSCP)
2. Wireless Attacks - WiFu (OSWP)
3. Metasploit Unleashed (No Cert :-/)

Offensive Security Intermediate Level Certs:
1. Cracking The Perimeter (OSCE)

Offensive Security Advanced Level Certs:
1. Advanced Web-Attacks (OSWE)
2. Advanced Windows Exploitation (OSEE)

NovaHax

The exam length is also a big factor in how difficult the certification is to obtain...because some of these are brutal. The OSCP challenge wasn't too bad...but I can't imagine doing OSEE.

OSWP - 4 hour exam
OSCP - 24 hour exam
OSWE - 24 hour exam
OSCE - 48 hour exam
OSEE - 72 hour exam

Master Of Puppets

Agreed - there is a world of difference between OSCP and the others like OSCE and above.