Penetration Testing mailing list archives

Re: OSCP

From: "JB" <pentest () jitonline net>
Date: Wed, 17 Dec 2008 07:45:04 -0500 (EST)

I hold both a CISSP and a OSCP... here is why:

The CISSP does not claim technical competence... it means that
1. The holder knows at least a little about each of the 10 domains and has
proved it
2. That the holder is committed to continuing security education
3. The holder has held some role with security responsibilities for at
least 3-4 years

It is an easy way to weed out people who are actually willing to put in
the time on security and really have the interest.

A CISSP is NOT a technical certification

The OSCP is a certification that demonstrate that the holder at least has
a semblance of a clue how to use common security tools. To pass the OSCP,
you actually have to PERFORM a penetration test - that means get SYSTEM or
root on multiple machines using only the basic tools (Nessus, Core Impact,
etc are not permitted, and the vulnerabilities do not have metasploit
modules written for them). It is not a point and click certification. That
being said... you do not have to be the most skilled hacker to get
certified.

So why certify? Certification demonstrates active commitment to the
trade... not that the holder is the most worthy candidate for a job. That
is what the interview and recommendations are for!!! When I interview a
candidate for employment, I tend to ask situational questions to assess
whether the person before me actually knows what he is talking about, or
pulling it out of his a$$. I also ask the candidate to discuss challenges
that he has faced in his performance of security duties (and we have all
faced challenges). In the end, I will make my decision based not solely on
a certification. That being said... if I have two EQUALLY qualified
candidates (experience, interview, etc match up closely), then yes -
certification may become a tie breaker as the one who has spent the
additional time to obtain and maintain the certification shows a stronger
commitment to security.

JB


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

Re: OSCP, (continued)
- Re: OSCP Andre Gironda (Dec 05)
- Re: OSCP Nick (Dec 05)
- Re: OSCP christopher . riley (Dec 12)
  - Re: OSCP Andre Gironda (Dec 12)
    - Re: OSCP Chris Griffin (Dec 12)
    - Re: OSCP Andre Gironda (Dec 13)
    - Re: OSCP christopher . riley (Dec 15)
    - Re: OSCP Gichuki John (Dec 16)
    - RE: OSCP Eduardo Di Monte (Dec 18)
    - RE: OSCP christopher . riley (Dec 18)
    - Re: OSCP JB (Dec 18)
    - Re: OSCP s0h0us (Dec 19)
    - Re: OSCP Taras P. Ivashchenko (Dec 18)
    - Re: OSCP Pete Herzog (Dec 18)
    - Re: OSCP christopher . riley (Dec 18)
- Re: OSCP Craig Wilson (Dec 18)
  - RE: OSCP Leach, Paul (Dec 18)
- Re: OSCP jfvanmeter (Dec 18)
- Re: OSCP Wolf (Dec 18)
  - Re: OSCP NeZa (Dec 18)