We have been on a security kick on the blog, especially with offensive security and penetration testing certifications such as the OSCP. It’s a great reason too, as infosec is hot right now and it’s a lot of fun to get paid to hack things legally. Pen testing can be difficult to get into, especially if you don’t have any experience. Although any IT experience is helpful, especially in server administration and network administration, not all companies are willing to train pen testers from scratch.
Anyone who has been in IT for any length of time knows where to start. Read every blog on the topic, create a home lab, and look into certifications. Self-directed learning is a key component of a successful IT career. There is no established protocol for formal training in this field. Pen testing is not an exception. With a wide range of content and systems that are vulnerable-by-design, it is easy to find resources online for self-learners looking to transition into pen testing.
A certification is still required for any resume to be considered a good one. Although the OSCP is a high standard that pen testers should strive for, it is not an easy goal. Both the time and expense required are significant. Perhaps you don’t have enough time between work, family and social commitments to study (15-20hrs per week for three months is not uncommon to prepare). Perhaps the shock of the PWK course will send you reeling. It costs $1,150 USD for three month’s lab access.
No worries! Let’s look at three courses and one cert that will satisfy your pen testing needs without making you a poor hermit.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Get certified as an ethical hacker
The CEH certification is administered by EC-Council. It certifies your ability to find “weaknesses or vulnerabilities in target systems…to assess security posture of a target(s). It costs $100 to apply and then $950 to test. This cert is not recommended for everyone.
The OSCP does not offer any training or courseware with the high price tag. Although they offer separate training, it is expensive. SPOTO offers self-training, but you must first be approved to become a self-trainer. For more information, click here and scroll down to the “Eligibility Requirements”.
Preparing for the CEH will “provide the tools and techniques used hackers and information security professionals alike in breaking into any computer system.” They focus on the “hacker mindset” so that you can understand how your enemy thinks and be able to attack your networks with systematic processes. You’ll be covering the five phases of ethical hacking, which include reconnaissance, gaining access and enumeration, as well as maintaining access and covering your tracks.
This sounds like the OSCP’s content. However, it is important to note that the exam only has multiple choice questions. The OSCP’s main selling point is its practical, hands-on nature. You will need to hack machines and write reports.
If you take that as a guideline, a multiple-choice exam on pen testing in the same vein as a CompTIA exam or Microsoft exam might not be as exciting. While you will be able to learn valuable content, you may not be able to perform pen testing. These are the steps to help you put your new skills to use.
So, Who is this Cert for?
EC-Council boasts that it is “ANSI 17024 compliant”, which is a general accreditation for awarding certifications across all fields, not just infosec. It is also an approved baseline certification for certain positions in the U.S. Department of Defense and is recognized training for GCHQ (the UK equivalent of the U.S. NSA). This makes the CEH a certification for high-ranking organists.
Categories
There are 4 Alternatives to the OSCP
