+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 41
  1. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #1

    Default Trying Harder, an OSCP Journey

    As I'm finishing up my PMP prep and getting ready to take the exam, I'd decided I was done with certs. Definitely any cert where you need to read and take a multi-choice exam for sure, but was thinking certs in general. Well last week my manager shocked me and told me he resigned, which really sucks for me. Aside from him being a great guy, awesome to work for, and someone who I've learned a lot from, he also paid for my CISM, CISA, CRISC, and now PMP that I'm about to take. So two things entered my mind, first, I want to make sure I have a solid out to our Cyber team if need be (or a new company/job) in case things go sideways in my current position, and second, I should see if he will cover one more cert before he leaves. So I decided OSCP was the perfect choice as it really accomplishes both.

    So last night I got fully registered for PWK/OSCP. I'm not going to approach this like most people and spend inordinate amounts of time on it each and every night. But I've got at least 2 solid hours a day minimum that I will put towards it. I've done a ton of research on the OSCP for years now and have a war chest of resources saved in OneNote. As well I have an entire shelf full of every well known pentesting/hacking books out there. Now it's time to put everything to use. My start date is September 2nd, which happens to fall on my favorite day of the year, college football kickoff day. The good thing about practical certs like this is that I can sit in front of my tv with my laptop and practice away. I guess you can consider this thread the lazy mans OSCP journey. Will I be successful? Time will tell. I'm pretty damn good at researching, and pick things up really quickly and easily when it's a practical matter, so I've got that going for me.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2015
    Posts
    104
    #2
    Good luck mate, you sure will do well in OSCP.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2011
    Location
    DMV
    Posts
    214
    #3
    Dam Jojo you're killing me...How do I keep up with your pace? lol.
    Reply With Quote Quote  

  5. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    965

    Certifications
    Sec+, MTA, MCP
    #4
    GO JOJO!!!! you got the MOJO!!!!!

    Happy friday!
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  6. Member
    Join Date
    Jun 2016
    Posts
    86
    #5
    Best of luck with all endevours. Why dont you apply for his role and try be even more senior? if you really want to do the OSCP - great to do - but if you be even more senior - like a Director level for example, do you really need it? Unless you want to understand the intricacies and liaise with the techies.

    Ive noticed, certainly here in the UK, that to get the bucks, its more about strategy/risk/senior management than the Pen testing or other techie cyber fields - which is sad because they look so interesting and great to be involved with.

    Anyhow, let us know how you get on.
    Reply With Quote Quote  

  7. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #6
    Thanks guys! Part of why I was done with certs was the stress. I'm approaching the OSCP as a fun endeavor. I plan on having fun while learning and taking a laid back approach. That doesn't mean I won't dedicate a good bit of time to it, I just want the effort to develop organically and not force it. That's the difference in how I approach things nowadays.


    Quote Originally Posted by scasc View Post
    Best of luck with all endevours. Why dont you apply for his role and try be even more senior? if you really want to do the OSCP - great to do - but if you be even more senior - like a Director level for example, do you really need it? Unless you want to understand the intricacies and liaise with the techies.

    Ive noticed, certainly here in the UK, that to get the bucks, its more about strategy/risk/senior management than the Pen testing or other techie cyber fields - which is sad because they look so interesting and great to be involved with.

    Anyhow, let us know how you get on.
    It would be great but, he's leaving due to the stress of his position. He is the Director and handles InfoRisk for the Insurance vertical for N/C/S America. I am responsible for one client in the Insurance vertical (their largest client period). I did help him with stuff for other companies he's responsible for, but it wasn't enough to keep him from being slammed. Besides that, I would want a 25% raise minimum to even consider it, and I would want to hire someone in my position to handle some of the easy but time consuming day to day tasks he was doing. But in general, as a Sr Manager already making into six figures, the extra time expenditure and stress isn't worth it at this point.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  8. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #7
    Good luck! I think with your body of work, you should be on track for success. Don't underestimate how much time you'll a) need to spend to do things like the lab report and/or exercises, or b) the time you want to spend to get the rush of that next root shell! Need any help, drop into the Discord! (I'm also on the netsecfocus slack with many others.)
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  9. Member
    Join Date
    Jun 2016
    Posts
    86
    #8
    Quote Originally Posted by JoJoCal19 View Post
    Thanks guys! Part of why I was done with certs was the stress. I'm approaching the OSCP as a fun endeavor. I plan on having fun while learning and taking a laid back approach. That doesn't mean I won't dedicate a good bit of time to it, I just want the effort to develop organically and not force it. That's the difference in how I approach things nowadays.




    It would be great but, he's leaving due to the stress of his position. He is the Director and handles InfoRisk for the Insurance vertical for N/C/S America. I am responsible for one client in the Insurance vertical (their largest client period). I did help him with stuff for other companies he's responsible for, but it wasn't enough to keep him from being slammed. Besides that, I would want a 25% raise minimum to even consider it, and I would want to hire someone in my position to handle some of the easy but time consuming day to day tasks he was doing. But in general, as a Sr Manager already making into six figures, the extra time expenditure and stress isn't worth it at this point.
    The painful joys of senior management - always has stress and time consuming as you have first hand experience. Yes I see your point - would have been nice to try going for it and developing your business case for the circa 20% raise and then have the authority to get 1/2 ppl to support you. What are your goals currently - I mean career wise? To continue as SM? Would you have done it if you had the raise?
    Reply With Quote Quote  

  10. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #9
    Good luck!
    Currently working on: Resting
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    May 2016
    Posts
    1,632

    Certifications
    70-461, ITIL V3 F, ITIL OSA, ITIL ST
    #10
    I'm taking a single course through Stanford and it's killing me. I can't believe you are doing all those.....

    You are a beast.
    Position: Data Junky
    Reformed Cert Addict.
    Reply With Quote Quote  

  12. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #11
    Quote Originally Posted by scasc View Post
    The painful joys of senior management - always has stress and time consuming as you have first hand experience. Yes I see your point - would have been nice to try going for it and developing your business case for the circa 20% raise and then have the authority to get 1/2 ppl to support you. What are your goals currently - I mean career wise? To continue as SM? Would you have done it if you had the raise?
    My goals career-wise were to get into Sr Management/C-level, however after working almost a decade at some of the largest F100 firms, I decided that wasn't for me. So my goal basically became make $120k+ per year, fully remote, not too stressful, for a manager I like. My current job NAILED all of those, and life was good (until my manager just resigned). Those are my career goals for IT/InfoSec. I have goals outside of my career that I am pursuing, and my eventual goal is to work for myself, making as much or more than I am now. But for my current situation, I just don't think the raise is worth it. Like I said, I'd need 25% to even entertain it, and depending on my discussions with management, that would determine if the 25% raise would even warrant me taking it. I dunno, part of me thinks I work quicker, and more efficiently than my manager does, so maybe it wouldn't be as stressful for me. But I saw first-hand the requests from his manager (and I ended up getting tasked directly by him too), and I just don't know if I want that. My family comes first in life and if I ever am in a position where something is in conflict, I choose my family. So I think staying where I am, or moving to our Cyber team are my only options.


    Quote Originally Posted by veritas_libertas View Post
    Good luck!
    Thanks!


    Quote Originally Posted by DatabaseHead View Post
    I'm taking a single course through Stanford and it's killing me. I can't believe you are doing all those.....

    You are a beast.
    I'd be lying if I said I wasn't a tad concerned. But remember, I'm approaching this as a fun endeavor to learn. I'm not worrying about the OSCP at the end. I'll definitely keep you in the loop on how things are going, and if it's still all fun and games for me.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  13. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #12
    @JoJoCal19: What exactly is a "Cyber" team?
    Currently working on: Resting
    Reply With Quote Quote  

  14. Member
    Join Date
    Jan 2017
    Posts
    96
    #13
    Quote Originally Posted by JoJoCal19 View Post
    As I'm finishing up my PMP prep and getting ready to take the exam, I'd decided I was done with certs. Definitely any cert where you need to read and take a multi-choice exam for sure, but was thinking certs in general. Well last week my manager shocked me and told me he resigned, which really sucks for me. Aside from him being a great guy, awesome to work for, and someone who I've learned a lot from, he also paid for my CISM, CISA, CRISC, and now PMP that I'm about to take. So two things entered my mind, first, I want to make sure I have a solid out to our Cyber team if need be (or a new company/job) in case things go sideways in my current position, and second, I should see if he will cover one more cert before he leaves. So I decided OSCP was the perfect choice as it really accomplishes both.


    So last night I got fully registered for PWK/OSCP. I'm not going to approach this like most people and spend inordinate amounts of time on it each and every night. But I've got at least 2 solid hours a day minimum that I will put towards it. I've done a ton of research on the OSCP for years now and have a war chest of resources saved in OneNote. As well I have an entire shelf full of every well known pentesting/hacking books out there. Now it's time to put everything to use. My start date is September 2nd, which happens to fall on my favorite day of the year, college football kickoff day. The good thing about practical certs like this is that I can sit in front of my tv with my laptop and practice away. I guess you can consider this thread the lazy mans OSCP journey. Will I be successful? Time will tell. I'm pretty damn good at researching, and pick things up really quickly and easily when it's a practical matter, so I've got that going for me.
    Its funny as hell because ive also been researching and have a stockpile of material that ive been going through for the OSCP also!
    Been going through things for almost 2 years running. Life and the fact that im really enjoying the study and details is what has slowed me alot. I hope to be ready by early to mid 2018 at the latest.
    I research like a madman, finding different perspectives of the same subject and discovering correlations between them to, in a sense, formulate a foundation.

    Off topic...how difficult was the pmp?
    Reply With Quote Quote  

  15. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #14
    Quote Originally Posted by veritas_libertas View Post
    @JoJoCal19: What exactly is a "Cyber" team?
    I know right, the awesome "Cyber" term everyone loves. In our case, our Cyber Security team encompasses security intelligence, event monitoring, SOC, DFIR, security analytics, Infra/App Sec, and vulnerability mgmt & pentesting. The last part is the area I'd love to move into. I work in IRM which is basically all of our GRC/Audit stuff. And specifically I am being billed out to a particular client-based cost center. The Cyber team is Corporate Security cost center.


    Quote Originally Posted by Dr. Fluxx View Post

    Off topic...how difficult was the pmp?
    I'm actually about to take it in a week or so. So far it's pretty easy and common sense stuff if you've got the requisite experience. I'm pulling 80-90% on practice tests with one pass of PMStudy materials.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  16. Member
    Join Date
    Jul 2016
    Location
    Toronto ON
    Posts
    54

    Certifications
    A+ Network+ Security+ CCNA-R&S CISSP CISM CISA CRISC
    #15
    Quote Originally Posted by JoJoCal19 View Post
    As I'm finishing up my PMP prep and getting ready to take the exam, I'd decided I was done with certs. Definitely any cert where you need to read and take a multi-choice exam for sure, but was thinking certs in general. Well last week my manager shocked me and told me he resigned, which really sucks for me. Aside from him being a great guy, awesome to work for, and someone who I've learned a lot from, he also paid for my CISM, CISA, CRISC, and now PMP that I'm about to take. So two things entered my mind, first, I want to make sure I have a solid out to our Cyber team if need be (or a new company/job) in case things go sideways in my current position, and second, I should see if he will cover one more cert before he leaves. So I decided OSCP was the perfect choice as it really accomplishes both.

    So last night I got fully registered for PWK/OSCP. I'm not going to approach this like most people and spend inordinate amounts of time on it each and every night. But I've got at least 2 solid hours a day minimum that I will put towards it. I've done a ton of research on the OSCP for years now and have a war chest of resources saved in OneNote. As well I have an entire shelf full of every well known pentesting/hacking books out there. Now it's time to put everything to use. My start date is September 2nd, which happens to fall on my favorite day of the year, college football kickoff day. The good thing about practical certs like this is that I can sit in front of my tv with my laptop and practice away. I guess you can consider this thread the lazy mans OSCP journey. Will I be successful? Time will tell. I'm pretty damn good at researching, and pick things up really quickly and easily when it's a practical matter, so I've got that going for me.
    Jojocal19 2nd september is my birthday , i am currently working on CRISC and sadly cannot break your record of clearing 3 ISACA certs in 43 days due to 2 month break which ISACA take in between test windows, i am also planning to start working on OSCP very soon plus you are very lucky to have such a boss who pay for your certs because i am not getting a job even after getting certs in fact not even an interview call
    Reply With Quote Quote  

  17. Junior Member Registered Member
    Join Date
    Aug 2017
    Posts
    11
    #16
    Good Luck! and i am in this journey also, lets try harder
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    Jul 2017
    Posts
    7
    #17
    Try harder....good Luck!
    Reply With Quote Quote  

  19. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    965

    Certifications
    Sec+, MTA, MCP
    #18
    May the gators grant you success!!!! FLORIDA GATORS!!!!
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  20. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #19
    Quote Originally Posted by JoJoCal19 View Post
    I know right, the awesome "Cyber" term everyone loves. In our case, our Cyber Security team encompasses security intelligence, event monitoring, SOC, DFIR, security analytics, Infra/App Sec, and vulnerability mgmt & pentesting. The last part is the area I'd love to move into. I work in IRM which is basically all of our GRC/Audit stuff. And specifically I am being billed out to a particular client-based cost center. The Cyber team is Corporate Security cost center.
    Gotcha. Good luck.
    Currently working on: Resting
    Reply With Quote Quote  

  21. Senior Member LordQarlyn's Avatar
    Join Date
    May 2011
    Location
    Iraq
    Posts
    207

    Certifications
    CISSP, ITILv3, CCNA, A+, Net+, Security+, Server+, MCP, MCSA 2003
    #20
    I read up on the OSCP exam, and wow, one really has to know what they are doing, a 100% practical exam. That is a certification that carries some teeth right there. I never had the desire to get into network penetration myself, but hats off to those who pass this exam and get the certs!
    Reply With Quote Quote  

  22. Member
    Join Date
    Aug 2017
    Posts
    64

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #21
    Good luck, sir! I also start on the 2nd. If you ever need a study buddy or just someone to vent to, I'm here.
    Reply With Quote Quote  

  23. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #22
    Actually looks like I have to hold off on my OSCP journey. Although my then manager approved the training, accounting kicked back my expense report and wanted different documentation than just the pdf invoice OffSec sends, and I had to edit and resubmit my expense report. Well that manager is no longer there and my new manager balked at approving my expense report for the training as it's not 100% directly related to my current position. Unfortunately all I can do is have OffSec refund my corp AMEX and pay for it myself. I don't really want to do that right now, so looks like I'm going to hold off on it for now. I'll take a look at it when I get my bonus early next year. So I guess no OSCP for me right now
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  24. Member
    Join Date
    Aug 2017
    Posts
    64

    Certifications
    A+, Net+, Sec+, Linux+, LPIC-1, C|EH, CCNA R&S
    #23
    Yuck. Are the cyber jobs at your company remote? If so, I'd say you should still go for it. You never know if a new manager is going to make you want to jump ship.
    Reply With Quote Quote  

  25. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    965

    Certifications
    Sec+, MTA, MCP
    #24
    Quote Originally Posted by JoJoCal19 View Post
    Actually looks like I have to hold off on my OSCP journey. Although my then manager approved the training, accounting kicked back my expense report and wanted different documentation than just the pdf invoice OffSec sends, and I had to edit and resubmit my expense report. Well that manager is no longer there and my new manager balked at approving my expense report for the training as it's not 100% directly related to my current position. Unfortunately all I can do is have OffSec refund my corp AMEX and pay for it myself. I don't really want to do that right now, so looks like I'm going to hold off on it for now. I'll take a look at it when I get my bonus early next year. So I guess no OSCP for me right now
    nahhh try harder....

    You can still study the resources on the forum and then when you can take it you will already be ready to take the exam. There are plenty of resources that are available to study to prepare for the OSCP
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  26. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #25
    Quote Originally Posted by m4v3r1ck View Post
    Yuck. Are the cyber jobs at your company remote? If so, I'd say you should still go for it. You never know if a new manager is going to make you want to jump ship.
    Most of them are, so that's still my goal for after bonus time next year. I've been networking with the folks over on the Cyber team, so I'm getting my name out there.


    Quote Originally Posted by ITSpectre View Post
    nahhh try harder....

    You can still study the resources on the forum and then when you can take it you will already be ready to take the exam. There are plenty of resources that are available to study to prepare for the OSCP
    I actually plan on it. For now I'm focusing on Python and Linux for a few months. I've also got the eLearn PTPv4 course I'm going to go through as prep for the OSCP. I should be in great position to go for the OSCP after I get my bonus early next year.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks