The Ultimate Infosec Certifications Guide

[MalwareTech]

This one is very useful. It shows you which certifications correspond to which subfield of cybersecurity and their skill level.

https://pauljerimy.com/security-certification-roadmap/

[Stak-One]

Looks useful!

Out of curiosity, what's the MalwareTech take on the OSCP? Seems to still be regarded as the gold standard for pentesting by HR departments, but are there better certifications out there?

[LJKavster]

Would also be curious to get people's opinions on PNPT by TCM Academy 

[MalwareTech]

10 minutes ago, Stak-One said:

Looks useful!

Out of curiosity, what's the MalwareTech take on the OSCP? Seems to still be regarded as the gold standard for pentesting by HR departments, but are there better certifications out there?

I don't really know anything about it because I haven't ever taken any certs

[Vetrinus]

40 minutes ago, Stak-One said:

Looks useful!

Out of curiosity, what's the MalwareTech take on the OSCP? Seems to still be regarded as the gold standard for pentesting by HR departments, but are there better certifications out there?

For what it's worth from me, it's going to vary wildly with each business, if their HR staff is actually versed in what certs are good, it's the gold standard. If not, the CEH seems to be more well known and a more attractive cert for hiring managers even if you and I know it's pretty garbage.

[doctor_tran]

21 minutes ago, Vetrinus said:

For what it's worth from me, it's going to vary wildly with each business, if their HR staff is actually versed in what certs are good, it's the gold standard. If not, the CEH seems to be more well known and a more attractive cert for hiring managers even if you and I know it's pretty garbage.

It will vary massively between business, industry, and even geography. It's up to management / leadership to steer HR into valuing certain certs, degrees, experience, or education over others. HR knows nothing about the subject matter (even though they may try to claim they do). It's a dance that needs to occur between management / leadership and HR to set up the right recruiting, compensation, retention, training/development, and etc program for professionals. 

[clarkee]

1 hour ago, MalwareTech said:

I don't really know anything about it because I haven't ever taken any certs

FWIW: I am not a pentester.  I spend my day in Excel and PowerPoint, and the occasional Friday afternoon nmap'ing my way around our internal network looking for things to compromise.  My other certs are for sysadmin roles (redhat / jboss), but I do have CEH (lol) and CISSP....

I took OSCP in 2018 (before all the AD stuff was added) because I wasn't sure what to do next.  I found it to be a good laugh, not too difficult and the BOF stuff was quite trivial and entertaining to learn.

Prepped with HTB, did 90 days labs and then took the exam, passing first time.

It feels like it could be useful if you're a pentester - certainly it'll get you through recruitment droids as it's seen as the 'gold standard' in most business circles for pentesting gigs, but if *I* can pass it first time, it has to be considered an entry level certification.

Personally, believing that certs will give you a successful career is not going to work.  You have to show your own determination and drive.  Certs are usually introduction to a topic, passing an exam shows you have the basic knowledge, but the real learning is done in the real world.

[doctor_tran]

2 minutes ago, clarkee said:

occasional Friday afternoon nmap'ing my way around our internal network looking for things to compromise. 

Does your company know you are doing this? If not, I would worry about their ability to find a real adversary snooping around inside 😅

Also, be careful if you don't have permission to do this. If something breaks, you'll be the one holding the bag as they find who to blame and fire. 

[clarkee]

2 minutes ago, doctor_tran said:

Does your company know you are doing this? If not, I would worry about their ability to find a real adversary snooping around inside 😅

Also, be careful if you don't have permission to do this. If something breaks, you'll be the one holding the bag as they find who to blame and fire. 

Yes, I got permission from the Chief Security Officer before I started 😉

[doctor_tran]

15 minutes ago, clarkee said:

Yes, I got permission from the Chief Security Officer before I started 😉

This is the way 😎

[Zanidd]

3 hours ago, Stak-One said:

Looks useful!

Out of curiosity, what's the MalwareTech take on the OSCP? Seems to still be regarded as the gold standard for pentesting by HR departments, but are there better certifications out there?

I may not be malwaretech, but from what I heard the OSCP is "artificially made difficult" by the constraints set for the exam. I took the eCPPTv2 and it was a somewhat realistic pentesting scenario (although a bit outdated and for some maybe "too easy")

But I think in terms of HR filtering OSCP seems to be the main focus for most companies. But eCPPT as well as PNPT are catching on - they're just not as recognized right now as OSCP.

Edited November 6, 2022 by Zanidd

[garandou]

I'm always surprised by where a lot of these certs are placed along the Y-axis. BTL1 seems more like a beginner cert, for example.

[Florian]

11 hours ago, garandou said:

BTL1 seems more like a beginner cert, for example.

i just did the BTL1 about 3 days ago because bought it 4 months ago. 

just did around 1/4 of the Learning topics and a few labs. Passed the exam on first just because i know many of the "basic concepts" as a blue teamer 

[garandou]

1 hour ago, Florian said:

i just did the BTL1 about 3 days ago because bought it 4 months ago. 

just did around 1/4 of the Learning topics and a few labs. Passed the exam on first just because i know many of the "basic concepts" as a blue teamer 

That's the sign of a good cert, imo. I hate the ones wherein passing is more about knowing how to take the exam than knowing the skills.

[Florian]

47 minutes ago, garandou said:

That's the sign of a good cert, imo. I hate the ones wherein passing is more about knowing how to take the exam than knowing the skills.

True That

 

but it is def. entry level or "that level should be entry level"

[Zanidd]

4 hours ago, garandou said:

That's the sign of a good cert, imo. I hate the ones wherein passing is more about knowing how to take the exam than knowing the skills.

I think in that regard OSCP and eCPPT are a "good" cert to assess offensive sec skills. They both have a black box "pentest"-like environment that you need to pwn and write a report.

[zme]

I was looking for exactly something like this, cheers.

Although my second problem is I am a beginner and can't decide what subfield I enjoy the most. Just kinda following what I think my strengths are.

Don't know if i want to go for something like Linux+ or Security+ or both.

OSCP for sure.

 

[clarkee]

19 hours ago, Zanidd said:

I may not be malwaretech, but from what I heard the OSCP is "artificially made difficult" by the constraints set for the exam. I took the eCPPTv2 and it was a somewhat realistic pentesting scenario (although a bit outdated and for some maybe "too easy")

Artificially difficult?  Do you mean the moderation conditions?  I can understand why they enforced moderation after the level of fraud they were seeing, and the exam dumps that were made available online... either way, not a hard exam if you've ever run nmap and know how to search exploit-db 😄

6 hours ago, Florian said:

i just did the BTL1 about 3 days ago because bought it 4 months ago. 

just did around 1/4 of the Learning topics and a few labs. Passed the exam on first just because i know many of the "basic concepts" as a blue teamer 

We run all our SOC resources through BTL1, I'm planning on taking it myself this year in an attempt to stay connected to the fun end of the work...

[Zanidd]

3 hours ago, clarkee said:

Artificially difficult?  Do you mean the moderation conditions?  I can understand why they enforced moderation after the level of fraud they were seeing, and the exam dumps that were made available online... either way, not a hard exam if you've ever run nmap and know how to search exploit-db 😄

We run all our SOC resources through BTL1, I'm planning on taking it myself this year in an attempt to stay connected to the fun end of the work...

No, I was referring to the restriction of tools and the set time-limit.

[clarkee]

32 minutes ago, Zanidd said:

No, I was referring to the restriction of tools and the set time-limit.

gotcha!  24 hours *is* plenty of time... and the only restriction i saw was you're only permitted to use metasploit *once*.....

[ChickenKing]

I long for the day that CEH gets removed from the planet, such a lame cert, can't believe some employers still require it. It's multiple choice lol (last I checked)

[Florian]

wasn't there also a shit storm against EC Council because they behaved like assholes? hatespeech, rascis, misogyn etc? 

Edited November 7, 2022 by Florian

[Zanidd]

1 hour ago, clarkee said:

gotcha!  24 hours *is* plenty of time... and the only restriction i saw was you're only permitted to use metasploit *once*.....

I mean it’s probably doable in 24h with enough red bull, but why not give it a day more…

also they have a full set of restrictions, which outlines multiple tools/techniques

[clarkee]

they want you to understand what you're doing, and not just fire automated tools at the targets.  this doesn't make the exam hard, it's very straightforward.  again, 24 hours is *ages*, and you are allowed to take as many breaks as you want, even go to sleep 🙂

[RooBooga]

19 hours ago, clarkee said:

they want you to understand what you're doing, and not just fire automated tools at the targets.  this doesn't make the exam hard, it's very straightforward.  again, 24 hours is *ages*, and you are allowed to take as many breaks as you want, even go to sleep 🙂

Yeah, I agree. 24 hours, plus another 24 to write the report is pretty long, as exams go. And I appreciate that passing the exam actually demonstrates that you know how to do things step by step rather than relying purely on tools. Which you might be unable to use in an actual test (looking at you, Metasploit; AV has a tendency to not like meterpreter much). I do not have the OSCP yet, btw. I am training for it atm, though. Have to admit: I'm not finding it all that easy.