Are Offensive Security certifications worth it?
Pursuing an Offensive Security certification can open up lucrative career opportunities in the fast-growing penetration testing and proactive security fields.
Summary: Becoming an Offensive Security Certified Professional demonstrates competence in the fields of penetration testing. As organizations take an increasingly proactive approach in protecting their critical assets against a constantly growing threat of cyberattacks, earning the certification is a great start for any cybersecurity career.
As organizations shift from purely defensive information security to more proactive and offensive strategies, certifications in the space are becoming highly sought after. One of the most popular is the Offensive Security Certified Professional (OSCP) certification, provided by Offensive Security.
Arguably one of the toughest decisions for those looking for a career in information security is which certification to pursue. Not only is the field vast, but each area also comes with its own set of standards, certifications, and career opportunities. For example, certifications such as CISSP primarily cater to managerial positions in information security. By contrast, OSCP is a specialized certification for the more technically-oriented field of penetration testing.
What is penetration testing?
Penetration testing is an area of ethical hacking whereby security professionals working under contract with their clients deliberately attempt to hack into their network by finding vulnerabilities. Penetration testers then compile a comprehensive report detailing the findings and provide remediation advice. Because these reports are typically aimed at less technical audiences, pen testers need various soft skills such as report writing and an understanding of key business priorities and use cases.
OSCP versus CEH
As part of the broader field of ethical hacking, would-be pen testers often find themselves choosing between the OSCP or CEH (Certified Ethical Hacker) certifications. Both credentials are highly valuable, although, of these two, only the CEH is recognized by the US DoD baseline certification. That said, OSCP is typically more useful for those interested in becoming top-tier penetration testers because it is more specialized.
What are the other Offensive Security certifications?
Offensive Security provides three penetration testing certifications, the most popular of which is the OSCP. The others are Offensive Security Wireless Professional (OSWP) and Offensive Security Experienced Penetration Tester (OSEP). Candidates typically start with OSCP before embarking on the more specialized OSWP and/or the advanced OSEP certification.
Offensive Security also offers the Offensive Security Web Expert (OSWE) certification for web application penetration testing. Additionally, they offer three advanced exploit development certifications: Offensive Security Exploit Developer (OSED), Offensive Security macOS Researcher (OSMR), and Offensive Security Exploitation Expert (OSEE).
OSCP serves as a baseline credential for all the other Offensive Security accreditations or similar ones offered by other organizations. As such, it is the most valuable of the lot, serving as an entry into the highly rewarding field of penetration testing.
What are the requirements for becoming an OSCP?
Candidates interested in pursuing a career in penetration testing often start with the OSCP or equivalent credential, assuming that they already have a reasonable grounding in cybersecurity. Although there are no formal prerequisites for entering the course, candidates need a solid understanding of Kali Linux, administering Windows and Linux environments, TCP/IP networking, and basic scripting knowledge. Before enrolling, candidates should consider taking a generalized course in offensive security and penetration testing to get up to speed.
Candidates will also need to allow at least three to six months to complete the course, depending on their current employment and availability status. Registering for the exam costs $999, but it includes enrollment in the official PEN-200 (PWK) course from Offensive Security and 30 days of lab access. The exam itself takes just under 24 hours with online proctoring, but breaks are allowed during this time.
Earning the OSCP credential is as much a test of endurance as anything. Soft skills, such as report writing and good teamwork, are also essential. As such, becoming an OSCP is not for everyone, and it is a major undertaking even for those who already have technical prowess.
Why earning the OSCP is worth the money and effort
Those who embark on the journey to becoming professional pen testers need to have plenty of stamina and a never-give-up attitude. However, the time, effort, and money involved make the certification well worth pursuing.
Earning the OSCP certification should be good enough to start working as a pen tester almost anywhere in the world. According to ZipRecruiter, the average salary for OSCPs is $93,300 per year in the US. Obtaining an even higher-level certification, such as OSWE, can open the door to an annual salary of around $200,000.
Holding a widely respected penetration testing credential like OSCP is not just about enjoying a higher earning potential but also about career stability. Penetration testers are in enormous and constantly growing demand as the skills gap expands. For example, the US Bureau of Labor Statistics estimates that the demand for information security analysts, for which penetration testing plays a key role, will grow by 33% by the end of the decade. At the same time, there are still not nearly enough professional and accredited penetration testers to satisfy demand.
Becoming an OSCP is undeniably difficult, and it is not for everyone. After all, there are many other career paths in information security, so the real answer to the question of whether OSCP is worth the effort or not is largely a matter of personal preference.
Those looking for more leadership and management roles may instead prefer pursuing the CISSP accreditation. That said, anyone interested in ethical hacking and penetration testing will find that the OSCP certification is one of the best and most rewarding in the industry.
Cybrary for Teams is an all-in-one workforce development platform that helps organizations develop stronger cybersecurity skills, prepare for new certifications, and track team progress.