+ Reply to Thread
Results 1 to 5 of 5
  1. Junior Member
    Join Date
    Mar 2013
    Posts
    12
    #1

    Default A little guidance required regarding OSCP

    Hi everyone,

    Let me explain my situation a little. I am currently in the final semester of Software Engineering, with specialization in Information Security. I wont really call it specialization as its UG level, and we only study introductory courses, depth is not that much, but breadth is reasonable. These are the relevant courses that i've taken:

    Comp. Networks
    Cryptography
    Network Security
    Computer Security
    Computer Forensics
    System Incident Handling

    I want to pursue OSCP, i've long had an interest in Penetration Testing. But i am in a dilemma of sorts; I have 2 months left off my degree, our university's placement department has started the recruitment drive. The thing is that its easier to get a better job (so to speak), through the university's placement department. But if i do so, i will probably end up in a Software development job, or maybe some networks related job, but the thing is that i am not sure that whether OSCP can be prepared for while having a full time job that is completely unrelated to penetration testing.

    Its like, i'll be working 8 hours a day, 5 days a week, continuously. And if i sign up for OSCP with that schedule, will i be able to prepare for it well enough, in those 90 days of lab access that i get? I can't exactly afford right now to get more days than that, neither do i want to.

    On the other hand, if i don't get a job just yet, and apply for OSCP after my degree finishes, by the end of May and start preparing for it; although i will be able to get OSCP that way but afterwards, to find a job, i'll be on my own, and won't really have the university's placement department's support.

    So i am not sure which path should i take? What would you guys suggest? Do you think that OSCP could be prepared for while having a full time job, or is there just no way at all? Also if i don't start getting security certs right away, my jobs (whichever i get) might have me venturing too far into other fields, that it might become hard to get into penetration testing from there, as to put it bluntly, i am after-all a programmer, not that much of a security guy just yet.

    I am inexperienced and have minimal knowledge, i really hope you guys with your experience will be able to guide me, Thanks.
    Last edited by mumair; 03-31-2013 at 08:44 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,706

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #2
    Welcome to TE, Hmm. off the top of my head, I would say get your job. While there are plenty of jobs out there for dev's and programmers, i'd say getting that first job on a resume is going to be critical. Besides, it will offer you an insiders view of a real company, and how IT and security are done, even if you aren't in that department.

    As far as the OSCP goes, you've proven in college that you can multitask and in SE that you can work on a hard deadline I assume. But the OSCP does require dedicated time and effort. You could look at something such as the SMFE, or eCPPT while you are working, and worry about the OSCP a year from now when you have a solid career foundation.

    My .02
    Reply With Quote Quote  

  4. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,827

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA
    #3
    I agree with Seph, take the first job you can get. You need to build up a foundation and you'll get that on your first job. There are a bunch of us who are working full time pursuing the OSCP. I think you'll find most people who are going for it work full time and not always in security. I'm in support and am hoping that it helps me make that jump out. As for the 90 days, most seem to believe it is enough to get the job done. 60 would be the minimum I tend to think.
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  5. Senior Member YuckTheFankees's Avatar
    Join Date
    Apr 2011
    Location
    United States of America
    Posts
    1,209

    Certifications
    A few..
    #4
    Get a job first, then you can focus on the OSCP. The majority of pentesters do not start off in the security field, they move over from jobs such as programmers/ network admin/ sys admin/ software engineer/etc. But your degree will definitely help in the pentesting realm.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Mar 2013
    Posts
    12
    #5
    Well, thankyou very much SephStorm, the_Grinch and YuckTheFankees for the advice. It seems that its pretty much unanimous then, that i should opt for the job first. Just one more question, i am potentially looking at 3 types of jobs, first is the obvious development job, another company that i might have a chance at, are offering a junior malware researcher position. And finally, theres this other company who are offering an internship of sorts, i don't know what exactly the internship will be about, but it most probably deals with deployment of security related softwares etc, like endpoint solutions and what not.

    Which in your opinion do you think would be the most rewarding, if at all, for someone who wants a career in penetration testing/network security etc, in the future?
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks