+ Reply to Thread
Results 1 to 11 of 11
  1. Junior Member
    Join Date
    Sep 2016
    Posts
    8
    #1

    Default What do you think of elearnsecurity vs offensive security ROI and skills for a "newb"

    Hello,

    First I'm only a developer (.net, SQL, php, etc...) with basic knowledge of Comptia Sec+.
    I want to try a practical security certification. The goal I want to reach is to be fully operational as a security pentester (web application)

    Looking on the internet, I saw only two worth (correct me if I'm wrong or incomplete ) practical online training : offensive security and elearnsecurity

    At my level, the certification I could do are eWPT, OSCP (since web application course of offensive security only available in the US)

    How good would I be fully operative (as in getting valuable consultant jobs) after taking elearnsecurity or offensive sec certification ? I'm only beginning in web app pentesting
    Would investing my money in elearsecurity be worth ? (The whole internet seem to consider offensive security as a holly grail... so I don't know)

    I know some of you have experimented those so good and bad critics on those cert will help me understand a lot...

    Thanks
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Dec 2007
    Location
    Grand Rapids, Michigan
    Posts
    1,830

    Certifications
    Network+ : A+ : Security+ : eJPT : Life+
    #2
    Have you looked at the syllabus for each of the certifications?

    I would also suggest checking out the eJPT though eLearnSecurity in order to get your started.
    Booya!!
    ------------------------------------------------------------------------------------------
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Sep 2016
    Posts
    8
    #3
    Yes I did. Obviously both syllabus look really interesting. eWPT is of course definitely centered on web apps testing ; OSCP has a portion about web apps testing. So OSCP look more daunting to me.

    But you know what ? Syllabus are just words. The content may be less profitable. People talk a lot about OSCP but very less is said about ROI for elearnsecurity.

    Monster query gave me : More than 400 jobs for OSCP and ONLY ONE reply for eWPT. Hmm if at least the content of eWPT is good then I don't care.

    That's why I'm asking for comments ;especially if you've experienced one or both trainnings
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #4
    Every certificate is a stepping stone for another one higher up the ladder, if your goal is OSCP then start lower to get the foundation and then build on that to move higher. Just because something doesn't show in searches it doesnt mean the knowledge you gain won't show either, the opposite actually that knowledge will show up on your interviews or even later for your otjer certs.
    Reply With Quote Quote  

  6. Member
    Join Date
    Feb 2016
    Posts
    86

    Certifications
    A+ CE, Security+ CE, GSEC
    #5
    I can't offer much but my opinion on this, but the same thought was in my head before. OSCP does get more hits and seems much more valuable. However, I don't believe the "try harder" mantra of the OSCP is a good way to get started in something you've never done before, especially for me being new to the infosec field. I ended up paying for the PTP course on eLearnSecurity to learn the important foundation skills, with the goal of tackling the OSCP later this year. As said earlier, these are stepping stones. It makes more sense to me to start with eLearnSecurity and then move to the OSCP successfully, rather than start and fail the OSCP two, three, or four times.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    942

    Certifications
    C****, C***, C**
    #6
    SANS do have online options for their GPEN and GWAPT certifications. CEH helps get your CV pass HR and is a requirement for some DoD jobs while OSCP is foreign to HR and some recruiters. Unless you have been "hacking" for a while, you may want to start from entry level certs in order to build foundational skills before moving to advanced certs such as OSCP and OSCE. eLS courses may not be as well recognised but do provide practical content; the ROI is from the knowledge gained and not so much the recognition gained from the certification. OSCP do provide ROI from both the knowledge gained and recognition aspects but may be too advanced and difficult for entry level folks. A couple of us are doing eLS certs to build that knowledge before moving to OSCP.
    Last edited by Mike7; 01-08-2017 at 02:20 AM.
    Reply With Quote Quote  

  8. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #7
    I would suggest going with either the eJPT or OSCP first before taking a course that focuses only on web apps and here's why. Knowing ONLY web apps will only get you so far, you need to understand the other side of things as well. As someone who is currently enrolled in the PWK course, I can tell you that you will have your fair share of web app testing in this course. In fact almost all of the machines I have rooted so far have had web apps.

    Now back to my first sentence, about doing eJPT or OSCP first, I'll give you my honest opinion. I feel like doing the eJPT before OSCP is not needed and not necessary. You can learn everything in the eJPT for much cheaper or even free if you have good enough google-foo. I didn't do any e-learn courses, I looked at them but after reading reviews and looking over the courses I decided that it would be a waste of time and money for me because I could learn all of that stuff on my own. I purchased a few courses on Udemy.com that were on sale for $10 each and the material was way more in-depth than that of the e-learn courses. The only difference is that when I finished my Udemy course, I didn't get a piece of paper that says I know something.
    Reply With Quote Quote  

  9. Member
    Join Date
    Jan 2017
    Posts
    96
    #8
    Quote Originally Posted by McxRisley View Post
    I would suggest going with either the eJPT or OSCP first before taking a course that focuses only on web apps and here's why. Knowing ONLY web apps will only get you so far, you need to understand the other side of things as well. As someone who is currently enrolled in the PWK course, I can tell you that you will have your fair share of web app testing in this course. In fact almost all of the machines I have rooted so far have had web apps.

    Now back to my first sentence, about doing eJPT or OSCP first, I'll give you my honest opinion. I feel like doing the eJPT before OSCP is not needed and not necessary. You can learn everything in the eJPT for much cheaper or even free if you have good enough google-foo. I didn't do any e-learn courses, I looked at them but after reading reviews and looking over the courses I decided that it would be a waste of time and money for me because I could learn all of that stuff on my own. I purchased a few courses on Udemy.com that were on sale for $10 each and the material was way more in-depth than that of the e-learn courses. The only difference is that when I finished my Udemy course, I didn't get a piece of paper that says I know something.
    Good to know about elearn security.
    I have an acct on udemy and its nice to know I can get better info and training there for a lot cheaper.
    Reply With Quote Quote  

  10. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,324

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #9
    @MaxRisley:

    Thanks for the tip, I'll check out udemy.

    Are you sure that those udemy courses as deep as the eCPPT? It's not the knowledge in the slides/videos, it's the practical LABs. Do Udemy courses have labs?


    even the eJPT is fully lab based!
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  11. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #10
    The instructor for the udemy courses I used is Zaid Sabih, his are the only ones worth buying from what I saw content wise in the others. As for the question about labs, he walks you through setting up your own lab, which is very simple and takes less than an hour.
    Reply With Quote Quote  

  12. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    455

    Certifications
    SSCP, Security+ +4
    #11
    I took Zaid's course on creating your own lab. Excellet course! I can recommend it for anyone needing help in that area. In fact, I've also signed up for one of his other courses. When I finish the eJPT, I'll be taking that one.

    Quote Originally Posted by McxRisley View Post
    The instructor for the udemy courses I used is Zaid Sabih, his are the only ones worth buying from what I saw content wise in the others. As for the question about labs, he walks you through setting up your own lab, which is very simple and takes less than an hour.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks