+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 52
  1. Junior Member
    Join Date
    Oct 2004
    Posts
    20
    #1

    Default Career wise, OSCP or CEH?

    Hello everyone,

    I am about to immigrate to another country and I try to find ways to improve my CV quickly in 4-5 months. I have 12 years of network security and pentesting experience, but I do not have any certification except CCNA and SSCP.

    CEH is good to catch HR attention, but OSCP is much more reputable and challenging "IF" the HR knows about it. CEH is also much more easier to get, which is good for me as I am looking for something quick to get.

    Which one do you think I should get?

    Thanks.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2015
    Posts
    127
    #2
    Neither. CEH will only get you through certain doors. If it isn't called out explicitly in the job reqs you are interested in, it won't get you very far. Less so with OCSP. CISSP offers the best brand name.
    Reply With Quote Quote  

  4. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #3
    What you need to do is do a targeted job search in the country(ies) you are looking to move to and see what is being asked for. It could be CEH, probably not OSCP unless it's a very specialized position where the hiring manager knows about about the OSCP. Depending on what country, the CREST certifications might be very well known.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Sep 2015
    Posts
    23

    Certifications
    OSCE, OSCP, CEH, CCSK, MCSA
    #4
    If you are going for a pentest role I'd do OSCP.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Oct 2004
    Posts
    20
    #5
    @jelevated, CISSP is not the direction I want to take. I have zero interest in managerial positions.

    Here are two example ads that I might be interested.

    https://ca.indeed.com/viewjob?jk=281e1e6467be002a

    Cyber Security Analyst
    Reply With Quote Quote  

  7. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #6
    I ditto what jojo AKA florida gator says....

    We can give you a list of certs to pursue, what really matters is whats being asked for. If you get the CEH, or OSCP and nobody over there is asking for it, well you just wasted money.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    225

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE
    #7
    welcome to Canada

    I just hope that for the "Cyber Security Analyst", you are speaking french as Bombardier is a very "french" compagny.
    Reply With Quote Quote  

  9. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #8
    Quote Originally Posted by kurzon View Post
    Hello everyone,

    I am about to immigrate to another country and I try to find ways to improve my CV quickly in 4-5 months. I have 12 years of network security and pentesting experience, but I do not have any certification except CCNA and SSCP.

    CEH is good to catch HR attention, but OSCP is much more reputable and challenging "IF" the HR knows about it. CEH is also much more easier to get, which is good for me as I am looking for something quick to get.

    Which one do you think I should get?

    Thanks.
    reading the job description OSCP or CISSP is the best to get. CEH is a waste compared to OSCP and CISSP.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  10. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #9
    Technical Skills
    • 6+ years of experience in an information security role (offensive or defensive).
    • Expertise in the leading, execution and delivery of information security assessments.
    • Experience with the evaluation and development of security solutions and architectures.
    • A deep understanding of the common software and network security vulnerabilities.
    • Ability to analyze root causes and deliver strategic recommendations during client reviews.
    • OSCP, CISSP, CSSLP, or GIAC certifications an asset.
    • Ability to work internationally an asset.
    • Experience in working as part of an multi-geography team an asset.
    • Recommendations from one or more clients and/or colleagues an asset.


    Based on this alone.... OSCP is the best cert to get. You can choose between OSCP, CISSP, GIAC. So its really up to you. I would stay clear of CEH. Unless you have to get it for the job I would not waste me time with it.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    May 2016
    Posts
    1,632

    Certifications
    70-461, ITIL V3 F, ITIL OSA, ITIL ST
    #10
    50% of all security jobs I reviewed (over 10,000) either required or preferred the CISSP. C|EH was ~10% on average for that same group of security positions. However some of the security certs were around 1 - 2 %, I'd stay away from those......

    OSCP and C|EH were both highly sought after for pen testing positions. In fact it was equal at 45% of all pen testing jobs either required or preferred the C|EH and OSCP (not necessarily together).

    http://www.techexams.net/attachments...job-review.jpg
    Last edited by DatabaseHead; 08-22-2017 at 01:32 PM.
    Position: Data Junky
    Reformed Cert Addict.
    Reply With Quote Quote  

  12. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #11
    Quote Originally Posted by kurzon View Post
    @jelevated, CISSP is not the direction I want to take. I have zero interest in managerial positions.
    Honestly you'd only be doing yourself a disservice to not go after the CISSP at some point. Far more than managerial positions ask for it.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    May 2016
    Posts
    1,632

    Certifications
    70-461, ITIL V3 F, ITIL OSA, ITIL ST
    #12
    Quote Originally Posted by JoJoCal19 View Post
    Honestly you'd only be doing yourself a disservice to not go after the CISSP at some point. Far more than managerial positions ask for it.
    In fact over 50% of 10,000 security jobs either required or preferred it. I can promise you not all of those were managerial. +1
    Position: Data Junky
    Reformed Cert Addict.
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Oct 2004
    Posts
    20
    #13
    Quote Originally Posted by SteveLavoie View Post
    welcome to Canada

    I just hope that for the "Cyber Security Analyst", you are speaking french as Bombardier is a very "french" compagny.
    Thank you for the welcome I showed those ads just as examples, I will not be applying any jobs for a couple of months as I don't have any intention to move yet.

    Thank you very much everyone for your opinions. The chart is very interesting DatabaseHead.

    I think I will go for OSCP for now. 4-5 months is enough to get prepared. And next year I will upgrade my SSCP to CISSP.

    I presume "CCNA, SSCP, OSCP, on the path to CISSP" would look nice enough to nail a decent job.
    Reply With Quote Quote  

  15. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #14
    Quote Originally Posted by kurzon View Post
    Thank you for the welcome I showed those ads just as examples, I will not be applying any jobs for a couple of months as I don't have any intention to move yet.

    Thank you very much everyone for your opinions. The chart is very interesting DatabaseHead.

    I think I will go for OSCP for now. 4-5 months is enough to get prepared. And next year I will upgrade my SSCP to CISSP.

    I presume "CCNA, SSCP, OSCP, on the path to CISSP" would look nice enough to nail a decent job.
    i would skip CCNA... its really not needed
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Apr 2016
    Posts
    103

    Certifications
    -->
    #15
    This is somewhat personal preference, but I'm not a fan of "on the path to" or "planned" or things like that. I might make an exception for something like a degree program where you have a set schedule and expected graduation date, but not for a certification exam. Save things like that for the interview.
    A+ || Network+ || Security+ || Project+ || Healthcare IT Technician || ITIL Foundation v3 || CEH || CHFI
    M.S. Cybersecurity and Information Assurance, WGU
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    May 2015
    Posts
    127
    #16
    CISSP for the name, OSCP for the brain.
    Last edited by jelevated; 08-23-2017 at 01:00 AM.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Jun 2012
    Posts
    128

    Certifications
    CISSP, CCENT, CASP, Linux+, LPIC-1, A+, Net+, Sec+, Project+, MTA Web/Database/Server Admin Fundamentals
    #17
    Quote Originally Posted by mgeoffriau View Post
    This is somewhat personal preference, but I'm not a fan of "on the path to" or "planned" or things like that. I might make an exception for something like a degree program where you have a set schedule and expected graduation date, but not for a certification exam. Save things like that for the interview.
    I've seen too many screw up were somebody quickly scans a resume and just sees a keyword like CISSP and assumes the candidate has it. That can create some negative feelings when the truth comes out. Better to just wait and not clutter your resume with things you don't have yet.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    May 2015
    Posts
    127
    #18
    Quote Originally Posted by Raisin View Post
    I've seen too many screw up were somebody quickly scans a resume and just sees a keyword like CISSP and assumes the candidate has it. That can create some negative feelings when the truth comes out. Better to just wait and not clutter your resume with things you don't have yet.

    Exactly. Speaking of CISSP, ISC2 absolutely does not allow test passers to mention CISSP anywhere on their resume. Infact if you have it on your resume that is submitted for endorsement you will be asked to remove it before they endorse you. People used to use "Associates of ISC2 working Toward CISSP". I guess too many people thought that was just as good as CISSP (for DoD purposes, it is). A lot of people out there misrepresenting themselves, "Associate of CISSP", "CISSP Associate". No, really, guys. Search google: "site:linkedin.com CISSP associate"... Franken titles that don't exist and are actually against the new rules. It would be like passing CCIE Route Written exam and calling yourself an "Associate of CCIE Security".
    Last edited by jelevated; 08-23-2017 at 07:57 AM.
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    Oct 2004
    Posts
    20
    #19
    Thank you all for your valuable advice. Although I didn't have any intention of misrepresentation, mentioning CISSP might be risky.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    384

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #20
    When I scan resumes if I see someone has a certification or education section and they list a certification "in progress", they get tossed. If they list it under "other", they're fine. It annoys the heck out of me how many people try to pretend they have a certification they don't have. Tell me what you're chasing but don't try to sneak it under my nose.
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  22. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    968

    Certifications
    Sec+, MTA, MCP
    #21
    Quote Originally Posted by kurzon View Post
    I presume "CCNA, SSCP, OSCP, on the path to CISSP" would look nice enough to nail a decent job.
    Actually its not. You either have the cert or you don't and until you have the cert you aren't even allowed to put that on your resume. Also NEVER assume.
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  23. Not a Senior Member
    Join Date
    Apr 2010
    Location
    Alberta, Canada
    Posts
    130

    Certifications
    WGU BSIT, VCP 5, MCITP: EA W2K8, MCITP: Enterprise Technician, A+, Security+, MCTS: Exchange 2007, MCTS: Win 7,MCTS: SCCM,CEH, CCNA,VCAP5-DCA
    #22
    With all the security jobs i have looked at (including KPMG, Major Banks, and Consulting Firm).


    OSCP = You need this to do your job. Mandatory (Hiring Manager needs it, shows you can do your job)
    CISSP = This will get you past the HR Department. Job might also require this to meet certain standards or obligation.

    At the end of the day, you need both. But I would do OSCP first, since you should be able to get some jobs with that alone.
    Last edited by asurania; 08-24-2017 at 07:34 PM.
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Oct 2004
    Posts
    20
    #23
    It is a shame for the industry that I must obtain a certificate which I do not intend to follow its path just to pass the HR.

    In my opinion, OSCP+SSCP makes much more sense than OSCP+CISSP.
    Reply With Quote Quote  

  25. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #24
    Quote Originally Posted by kurzon View Post
    It is a shame for the industry that I must obtain a certificate which I do not intend to follow its path just to pass the HR.
    Not that we disagree, but it is what it is and if you want to greatly increase your odds of making it past HR and at least landing an interview, then you'll invest $600 or so into your career. Again, with your experience it shouldn't be hard. Some of my former colleagues felt the same way and refused my advice to get it, and a couple of them listened and obtained it. Guess which ones are either still unemployed or stuck where they are....
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    May 2015
    Posts
    127
    #25
    Quote Originally Posted by kurzon View Post
    It is a shame for the industry that I must obtain a certificate which I do not intend to follow its path just to pass the HR.
    You can either do it and get it out of the way or continuously try and fight it. I know this is an OSCP or CEH thread but you asked for HR related items and we are telling you what HR (in most cases) is looking for. There is most certainly great talent out there who is not certified and has absolutely no plans to be certified any time soon but not everyone is at this caliber (you may be, I have no idea). If you have software development chops for instance, you will be preferable to a CISSP for many security related roles.. However there are absolutely CISSPs with Dev, opsec, net, red team type experience. And these are the people who get the most interest from hiring managers.

    It isn't as cut and dry as "certified" vs "technical". Nope, thats what some try to make it seem as but its too simplistic. Really its "certified" vs "technical" vs "technical folks who are also certified". The third group is, based on what I've seen, an elite pool because the number of folks who get certified in the first place is pretty small. There are plenty of certified nerds hanging around here, just take a look. Why wouldn't a hiring manager take a look at them first? At worse you interview someone who has atleast a minimum understanding of security concepts (although they shouldn't have been endorsed if it was only "minimal").

    After becoming certified my response rate was 80%. For every five applications for which the CISSP was mentioned, I would get four call backs. Let that sink in. Nowadays its a tiny bit lower since I'm not looking as aggressively but again. You can fight it or just play by the rules. The rules are silly ( I mean, really, I don't think anyone from MIT CSAIL is a CISSP, and no one will question them on that, ever.) , sure, but unless someone proposes an alternative for the cyber security industry, this is where we are at today.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks