+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 28
  1. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #1

    Default OSCP market value

    Hi gang,

    I was just wondering how acquiring this certification would benefit someone looking for a new job and in job hunting in general. I, like many in the industry, think highly of it because it's awesome No need to get into why as we are all familiar . However, I have read that the recruiters and people in HR aren't that familiar with it and would be more impressed if they see a CCNA/CCNP Security, for example. What is more, that it is recognized among sec pros but not the hiring people. Do you think it's true? I know that when people get CEH, the calls start increasing and the OSCP is waaay more of a proof of someone's expertise.

    I plan on getting the OSCP(haven't decided on when exactly) because it would be super cool, extremely fun and a great way to learn more and improve. Any other benefits come second. Also, by the looks of it, I'm not going to need a new job soon because I like my current one a lot. So, basically, this is something I have been curious about for some time and decided to see what others think.
    Reply With Quote Quote  

  2. SS -->
  3. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,616
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #2
    As we always suggest, search for the cert in the postings on major job boards (dice, monster, linkedin, etc.) and see how many hiring managers are asking for it. This will indicate the market value of the cert as a mechanism for getting you a first interview.

    The OSCP is specifically for application penetration testing. Those very specialized jobs are much less common than the IT networking jobs that ask for the CCNA/CCNP.

    The CEH seems to be gaining interest among hiring managers mostly because of its acceptance by the US DoD, and not because the knowledge and skills tested for by the CEH are actually needed by the employer. That is, employers who want their employers to have the CEH will not necessarily be asking the employees to do any hacking in their job.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  4. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #3
    Thanks for the reply. I got a bit confused because as I was going through security offers on the web, I saw a few where the required certs didn't really match the position. I work in network security but since we are a fairly small company that does pretty serious stuff, I help around in the network administration and everything pen testing related. I must say I'm really enjoying it. I am starting to consider working strictly as a pen tester more seriously than before.
    Reply With Quote Quote  

  5. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,616
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #4
    Never assume that the people putting together job descriptions and requisitions understand anything about the certs they are asking for. Many things asked for in a job description are suggested by individual people in an organization, or collected hearsay from online sources. And there is rarely a final review by an SME committee to ensure the job description actually fits the position or makes sense. In many cases, hiring managers will be glad to take someone who fits 66-75% of the skills and experience being asked for. With this in mind, never not apply for an interesting position because you don't think you match the job description. Only the hiring manager can judge if you are what s/he is looking for or not.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  6. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #5
    Quote Originally Posted by JDMurray View Post
    Never assume that the people putting together job descriptions and requisitions understand anything about the certs they are asking for.
    Oh yeah, the classic "The applicant must have CCIE or CCNA"...
    Reply With Quote Quote  

  7. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #6
    I think there will be two categories of employers:

    1) Those who know what OSCP is because they themselves are awesome With these, your chances to gain employment will increase. These will be few and far between, based on my SWAG.

    2) Those who don't know what OSCP is. These will be much more common than #1. I don't think having OSCP will hurt your chances, it just won't make difference. At the same time, you have a chance to sell it during an interview ("- What are some achievements that you're proud of?")


    P.S. I'm in the same boat - planning to do OSCP one day just for its awesomeness
    Reply With Quote Quote  

  8. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #7
    I'm definitely going to start doing that. Thanks, I love it when experienced people share their point of view because it really helps people like me who are in the beginning of their career. ChooseLife, yeah that's what I estimated But, agreed, in the light of the fact that we posses awesomeness, we should still get it and have a blast.
    Reply With Quote Quote  

  9. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #8
    Quote Originally Posted by Master Of Puppets View Post
    in the light of the fact that we posses awesomeness, we should still get it and have a blast.
    Amen to that!
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Apr 2012
    Location
    Shreveport, LA
    Posts
    102

    Certifications
    OSCP, CISSP, CCNP Security, CEH, Security+, GIAC GAWN
    #9
    Like JDMurray said, when I first decided that pen testing is what I wanted to do, I started stalking the job boards for those positions to see what was required. The big name companies usually fell into two camps, those that listed no certifications but the areas you were expected to be proficient at with verifiable experience and those that listed the usual suspects (CISSP, etc). I've had 3 interviews over the past couple months (two for pentest, one for a CIRT team) and all were impressed that I had OSCP and said that pushed me to the top of the short list

    But my reason for getting the OSCP was to prove to myself that I could do it. It was the best certification experience I've ever had that I truly felt like I learned something and truly reflected my abilities. In fact, discussing this with during an interview and explaining the passion for infosec is what landed me my new job as a 'Vulnerability Engineer'

    EDIT: so to quickly actually answer the question, yes, it has market value. HR might not know what it means but I can almost guarantee you that the guys/gals conducting the tech interview will now what it is and respect it
    Reply With Quote Quote  

  11. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #10
    Quote Originally Posted by jasong318 View Post

    EDIT: so to quickly actually answer the question, yes, it has market value. HR might not know what it means but I can almost guarantee you that the guys/gals conducting the tech interview will now what it is and respect it
    That's what I was hoping for because it does deserve some respect although it seems a lot of people are going for it for other reasons(including us obviously )
    Reply With Quote Quote  

  12. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #11
    Saying hello to awesomeness, means kissing your social life goodbye. I haven't gone out in months. The course is a blast though. You will learn a ton (more through your own trials and tribulations in the lab, than you will from the material). I'm about to hit my 90 day mark...time to renew
    Reply With Quote Quote  

  13. Member Killj0y's Avatar
    Join Date
    Mar 2010
    Location
    www.agoonie.com
    Posts
    39
    #12
    Quote Originally Posted by the_hutch View Post
    Saying hello to awesomeness, means kissing your social life goodbye. I haven't gone out in months. The course is a blast though. You will learn a ton (more through your own trials and tribulations in the lab, than you will from the material). I'm about to hit my 90 day mark...time to renew
    +1 And don't take it during Thankgiving or Christmas...
    Reply With Quote Quote  

  14. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #13
    I have gotten used to sacrificing social life. I don't like it but I absolutely love the end result and the process of getting there so it won't be a problem. The friends understand but the hardest part has been explaining it to the girlfriend
    Reply With Quote Quote  

  15. Senior Member dmoore44's Avatar
    Join Date
    Sep 2010
    Location
    DFW
    Posts
    628

    Certifications
    Security+, CISSP, CEH
    #14
    Quote Originally Posted by the_hutch View Post
    Saying hello to awesomeness, means kissing your social life goodbye. I haven't gone out in months. The course is a blast though. You will learn a ton (more through your own trials and tribulations in the lab, than you will from the material). I'm about to hit my 90 day mark...time to renew
    How long have you been studying for OSCP? Are you paying out of pocket? I'd love to go through the course and get the cert myself... but I don't think I've got the budget for it, unless I can convince my employer to shell out for it...
    Enrolled
    Carnegie Mellon University MSIT: Information Security & Assurance

    Currently Reading

    School Books
    Reply With Quote Quote  

  16. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    1,211

    Certifications
    CISSP, CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #15
    I took the offensive security training, I did not take the exam I run out of lab time three times (after this situation I am coming back), anyway I went to an interview for Security Analyst and they offer me the position for two reasons, my IT exp and because I was fighting for OSCP (most of them took that training too).

    So there is market value AFTER you pass the HR filter....
    Reply With Quote Quote  

  17. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #16
    Good to know. After all, this cert turns out to be even cooler than I previously thought.
    Reply With Quote Quote  

  18. 1337sauce
    Join Date
    Jul 2011
    Location
    Ze South
    Posts
    1,539

    Certifications
    BS, Linux+, Security+, LPIC-1, MCSE Server 2012, MCSE Desktop, MCSA Server 2008, MCTS 70-[415,681], MCTS 74-409, VCA-DCV, Novell CLA/DCTS/CNS, HDI CSR
    #17
    I've been eying the OSCP, it looks like a very fun and challenging process that reaps rewards in the end!

    ::looks at everyone in thread::

    I think I'll get my CCNA/:S first though
    Reply With Quote Quote  

  19. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #18
    Yes, I am paying out of pocket. Just took down my hardest one yet. Its so awesome when you finally crack the challenging ones...the best feeling of accomplishment. This latest one required exploitation of a local file disclosure vulnerability, followed by a pass the hash authentication bypass vulnerability, followed by a well-disguised unrestricted upload vulnerability. All had to be done in sequence to gain full system access. I didn't stop for about 6 straight hours, and managed to crack it.

    So now I've only got 6 boxes left, including Pain and Sufferance. My report for the lab network is already over 200 pages long. But planning on taking the test in two weeks. Wish me luck.
    Last edited by the_hutch; 05-28-2013 at 04:29 AM.
    Reply With Quote Quote  

  20. Senior Member YuckTheFankees's Avatar
    Join Date
    Apr 2011
    Location
    United States of America
    Posts
    1,209

    Certifications
    A few..
    #19
    So now that you've been in the course for some time now...how much knowledge of C/C++ and ASM do you need? What material did you use for C/C++ and ASM?
    Reply With Quote Quote  

  21. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #20
    Quote Originally Posted by YuckTheFankees View Post
    So now that you've been in the course for some time now...how much knowledge of C/C++ and ASM do you need? What material did you use for C/C++ and ASM?
    To be honest, I haven't needed to learn any C or ASM (and I haven't even seen any C++ exploits, as its a higher level language and not really used for exploit development). The only time you ever use assembly (and I was surprised by this) is during the exploit development module. I think this module sometimes freaks people out, because they think they will need to do it in the course. But that is the only time you will ever use the debugger in the course. You will never use it in all your time in the lab, nor on the exam (if you are using a debugger in those environments, or working at the assembly level...then you're doing it wrong). I suppose the module is just for informational purposes (in the same way that the ARP spoofing, rootkits and malware modules are). The course isn't about writing exploits. From what I understand, that is what OSCE is really all about. The OSCP course, on the other hand, is about researching and using already existing exploits for well documented vulnerabilities. What makes the course difficult (and this is true of real world pen-testing) is being able to identify the right attack vectors to focus your attention on. Once you've got that figured out, the course isn't too difficult (aside from the ridiculous amount of time that some of the boxes take to find that initial foothold). Hope that helps... I'll try to provide more insight after taking the exam.
    Reply With Quote Quote  

  22. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #21
    Being familiar with core programming concepts will work in your favor; however, you can learn all of the C / python / ASM you need during the course if you put in the time and effort to learn it. Having said that, I wouldn't venture to say the only time you will work with a debugger and ASM is during the exploit development module And the statement that you will not have to use your exploit development / assembly skills on the exam couldn't farther from the truth, but I cannot comment too much on that!

    As with anything in life, what you get out of PWB/OSCP depends on you and the time and effort you put into it.

    Hope this helps.
    Reply With Quote Quote  

  23. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #22
    Well, I suppose ipchain would know better than me, as far as the exam. To be honest, this comes as quite a surprise to me. I never used it in the course though, and I've popped nearly every box in the main network. I guess I've got some surprises in store for me on the exam. Thanks for the insight.
    Reply With Quote Quote  

  24. Senior Member bobloblaw's Avatar
    Join Date
    Dec 2012
    Location
    Memphis, TN
    Posts
    226

    Certifications
    CISSP, CEH, S+/A+/P+/N+
    #23
    I'm really looking forward to reading a break down of your OSCP journey (after your brain gets cooked in a couple weeks). If I ever pull the trigger on OSCP, I'm going to annoy the hell out of you.
    Reply With Quote Quote  

  25. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #24
    LOL...definitely. I have no problem providing direction for anyone on these forums who is interested in taking the course. It is definitely a challenge (if it wasn't, I wouldn't be dishing out more money for an extension), and it would probably be nearly impossible without at least a few pushes in the right direction. Assuming you've been able to identify a system name through info gathering, you can get automated hints for each system by entering it into the IRC chat...(ex. !bob). These hints are often so cryptic that even once you've popped the box, they still don't make sense. Just another element of the course that will have you bashing your head against the wall.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    May 2007
    Posts
    430

    Certifications
    CISSP, GCIA
    #25
    Good luck, Justin! Always nice to read your threads
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks