+ Reply to Thread
Page 3 of 3 First 123
Results 51 to 67 of 67

Thread: Oscp

  1. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #51
    Quote Originally Posted by Bl8ckr0uter View Post
    Would you say that it has been worthwhile and worth the money? Moreso than GPEN? Also (as I know you are a Senior security resource) all other things equal if you saw someone with OSCP, CCNP, CCNP:S vs someone with SSCP,CCNP,CCNP:S which person would you lean towards for a JR security analyst role (again all other things being equal including personality, experience, etc)?
    The $750 I paid for OSCP was definitely worth it, no doubt about it. OSCP is different than GPEN in that it actually pushes you to your limits. You'll be required to not only do research, but also learn new programming / scripting languages on the fly, etc.

    To answer your question, I would definitely consider someone with OSCP/CCNA for a JR security position as opposed to someone who only has CCNP/CCNP:S. You're looking for a security engineer, not a network engineer after all.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #52
    I guess I should as in your opinion which holds more value for JR level security analyst SSCP or OSCP?
    Reply With Quote Quote  

  4. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #53
    Quote Originally Posted by Bl8ckr0uter View Post
    I guess I should as in your opinion which holds more value for JR level security analyst SSCP or OSCP?
    In my opinion, OSCP holds more value than SSCP and CISSP. Some people might disagree with me on this, but I value 'technical' certifications a lot more than those who are solely based on 'theory'. Give two lines of shellcode to a CISSP and he/she will be clueless. Give them a copy of BackTrack 5 and ask them to encode a payload...the list goes on and on.

    Reading a 1200 page book in preparation for SSCP or CISSP isn't worth your time and money, unless it is a requirement to keep your job. I'm still looking for answers as to why I did it...

    Don't want to hijack this thread, so I apologize to the OP if I deviated from the original topic.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #54
    Quote Originally Posted by ipchain View Post
    In my opinion, OSCP holds more value than SSCP and CISSP. Some people might disagree with me on this, but I value 'technical' certifications a lot more than those who are solely based on 'theory'. Give two lines of shellcode to a CISSP and he/she will be clueless. Give them a copy of BackTrack 5 and ask them to encode a payload...the list goes on and on.

    Reading a 1200 page book in preparation for SSCP or CISSP isn't worth your time and money, unless it is a requirement to keep your job. I'm still looking for answers as to why I did it...

    Don't want to hijack this thread, so I apologize to the OP if I deviated from the original topic.
    Interesting. Very interesting indeed. Oh and ditto on the threadjack but this thing is so old I don't think anyone would mind if we breath a little life into it.

    I only planned to do SSCP because well, I don't really know to be honest. There was a job I wanted at one time that listed CISSP and SSCP as desirable so I guess that's why I planned to do it. I mean my goal isn't being a policy C&A type of infosec professional plus i don't want to do CISSP just yet. The OSCP course looks pretty interesting and fun. Part of the issue is that HR people don't care about OSCP for the most part. They only want CISSP and maybe GSEC or CEH. In fact until recently, the only security jobs in my area listed CISSP and that was it. I want to bring value to myself and to whatever company I work for and I think being able to validate security is what all security analyst should be able to do (hence OSCP). I don't know lol I'd love to do both but if it comes down to it, I need skills more than policy knowledge (since my next position will probably not be one where I am making policy).

    I could be wrong though so that's why I was asking you.
    Last edited by Bl8ckr0uter; 11-30-2011 at 06:14 PM.
    Reply With Quote Quote  

  6. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #55
    Quote Originally Posted by Bl8ckr0uter View Post
    Part of the issue is that HR people don't care about OSCP for the most part. They only want CISSP and maybe GSEC or CEH.
    Unfortunately, that is indeed part of the problem in the world we live in. While CISSP touches on certain topics that are of paramount importance to the overall security of an organization, the reality is that most organizations already have standards, policies, procedures and guidelines in place. So, if you are looking to hire a CISSP to manage your firewall and do intrusion detection/prevention, chances are your organization will have to pay for additional training as that individual will not have the appropriate set of skills to do the job. If that is the case, then WHY did you require the CISSP certification in the first place? I truly respect every CISSP holder, but I don't see much value in the credential itself.

    OSCP deals with the offensive side of security, meaning the bad guys who are trying to break into your organization's network. What about the defensive side? Well, if you know the offense, then you should know what to do to prevent bad guys from breaking in. CISSP tells you that you should have firewalls, but it doesn't tell you how the bad guys can bypass them. CISSP might tell you to use split-DNS and load-balancers as a best practice, but it does not tell you that attackers can still find the real IPs and attack them. Security goes beyond CISSP, OSCP/OSCE and any of SANS' certifications, to be honest with you. Security can get real deep real quick, so only those who can see and understand the 'whole' picture will be able to make a difference.

    In retrospect, if I had a choice, I would do OSCP/OSCE over any SANS' certification except maybe SANS 660 or SANS 709/710.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #56
    +Rep. Thank you very much for your perspective. I think I know which way I am going to go.
    Reply With Quote Quote  

  8. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #57
    Quote Originally Posted by Bl8ckr0uter View Post
    +Rep. Thank you very much for your perspective. I think I know which way I am going to go.
    Anytime buddy. I hope you were able to find some value in what I said.
    Reply With Quote Quote  

  9. um yea i know some stuffs demonfurbie's Avatar
    Join Date
    Jul 2010
    Location
    alabama
    Posts
    1,798

    Certifications
    mct: 70-680, a+, network+, security+ (comptia tri-force) project+, ciw foundations, ciw javascript something
    #58
    i wanna do this line of certs but sadly im gonna have to do the ones HR departments/DoD see useful first
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot
    Reply With Quote Quote  

  10. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #59
    I didn't realize this was a resurrected thread. In any case, my current plan is to hopefully go through SANS 542 at the end of the year during the holidays (maybe try for the cert in Q1) and eventually go through the OSCP some time next year. I figure it'll be a good warm-up round before a real pentesting course.

    My only experience with Offensive Security is the OSWP, and that was a blast ... even if it was more on the short and sweet side of things. The course fee isn't a big deal for me, but the time requirement is. With my current job, I barely have any spare cycles during weeknights or weekends since I need to be productive almost constantly. I can take a few days off to go through SANS 542, but the OSCP will probably take me at least two or three months out of me, and that's extremely expensive in terms of time management.

    But I've spent the last couple of years focused mostly on the defensive side. I need to see how it works in the other direction so I can help improve the defensive posture at work. The OSCP would be the ideal plan for that.
    Reply With Quote Quote  

  11. Cyber Ninja III rogue2shadow's Avatar
    Join Date
    Apr 2010
    Location
    MD
    Posts
    1,498

    Certifications
    CISSP, GXPN, OSCE, OSCP, OSWP, CEH, CNDA, CPT, Security+, Network+, A+
    #60
    I'm 100% starting this in January with the 90 day package. Maybe we should start up a thread about the lab experience and the pain we endure throughout it (of course without revealing any specifics).
    Reply With Quote Quote  

  12. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #61
    Quote Originally Posted by rogue2shadow View Post
    I'm 100% starting this in January with the 90 day package. Maybe we should start up a thread about the lab experience and the pain we endure throughout it (of course without revealing any specifics).
    That is a great idea. Perhaps we can even motivate each other!
    Reply With Quote Quote  

  13. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #62
    I wanted to stop in and say thanks for all the info in this thread. I don't know how the future will go, I've been studying for the GCIH but I dont think im going to take the exam, while I would love to have my first SANS cert, its just too cost prohibitive (I won the course so I didnt have to pay for it). I hope to do a well written review of it soon. In any case, I'm going to focus on saving money for the rest of my military commitment, and hopefully taking a real vacation, a cruise or visiting a country/new state.

    On the infosec side, I dont know if im going to go o college, I just havent found a perfect fit yet, a school that offers classes online, no SAT/ACT requirement, paid for by TA and has (entry level)programming classes and decent reviews. AMU seems to be the best fit, i'll keep my eyes on it.

    For certs, i'm going to hold off, I have a few years before I can get any security experience if my current situation is any indication, so there is no use wasting the money now. If I do do one next year, im thinking OSCP. MAYBE if I can do that then my last year in i'll look at the OSCE or GPEN. Then into the real world
    Reply With Quote Quote  

  14. Senior Member YuckTheFankees's Avatar
    Join Date
    Apr 2011
    Location
    United States of America
    Posts
    1,209

    Certifications
    A few..
    #63
    I think we should start a new tread for everyone who's going to attempt the OSCP soon. I'm starting this course in the beginning of Jan.
    Reply With Quote Quote  

  15. InfoSec Pro ibcritn's Avatar
    Join Date
    Nov 2010
    Posts
    338
    #64
    I wanted to do the 90 day OSCP in Jan. 2012 as well.
    Reply With Quote Quote  

  16. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #65
    Quote Originally Posted by ibcritn View Post
    I wanted to do the 90 day OSCP in Jan. 2012 as well.
    Looks like I should be resuming my OSCP studies by Jan 2012 as well. Study group anyone? Let's create a different thread so we can start bouncing ideas off each other!
    Reply With Quote Quote  

  17. InfoSec Pro ibcritn's Avatar
    Join Date
    Nov 2010
    Posts
    338
    #66
    Quote Originally Posted by ipchain View Post
    Looks like I should be resuming my OSCP studies by Jan 2012 as well. Study group anyone? Let's create a different thread so we can start bouncing ideas off each other!
    Sounds like a great idea! I know R2Shadow will be doing it in Jan. and between those participating we can really pull our knowledge and resources to make for a better learning environment.

    If you create the link, just post here and I will join the thread.
    Reply With Quote Quote  

  18. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #67
    Here is the link to the new thread.
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 3 First 123

Social Networking & Bookmarks