Question about the variation in the knowledge thought throughout the wide range of qualifications from different providers, and even in different courses from the same providers.

After fantastic advice here I've taken up and am working through my eCPPT certification. Overall I'm finding it not to bad, but I'm noticing a lot of overlap with self taught knowledge I obtained through reading a ton of books on security related topics (I.e. Web Application Hackers Handbook, etc).

Digging deeper into many of the syllabuses of further certificates, I'm noticing a lot of the material seems common throughout. Information gathering techniques, enumeration, vulnerability assessment, exploitation,  post-exploit and maintaining access etc. Now obviously this is always going to happen to a point - these are central tenants of pen testing! My question is though how much value do you see in doing a range of certificates? Does this change if we're talking the same organisation vs different organisations?

I.e. What percentage of knowledge overlap would there be between OCSP and OSCE? Would someone who has completed OSCP & OSCE get value out of obtaining GPEN? Is every course going to talk about the variant of nmap scans or do they start getting more specialized rather than 'from the ground up?' and hence rehashing a lot of the fundamentals.

These answers help me figure out the value of pursuing multiple certificates. If a certificate is $1000+ but I gain a heap of new knowledge then I think it's fantastic value. If it costs $1000+ and I relearn 90% of the knowledge from other courses, but only 10% new then it's value relatively goes down. I also must note that I'm not meaning to be critical in any way of eCPPT when I'm asking these questions, it seems to be a good course. As I'm fortunate enough to be doing this out of interest (at this stage) rather than for career purposes I can be a bit more choosy with the qualifications I pursue.

I've decided to bite the bullet and go for some certificates, making eCPPT as my first. I know there isn't a 'right' answer for this, but I'd love to know people's opinions on which model is better, the prepaid 30 hours vs the 30 days unlimited.

Each have their obvious pros and cons, but what I'd really like to know is how much time does the typical student spend in the labs? Knowing this from you wonderful people that have completed the exam can change a viewpoint from "oh ill spread things out" to "crap I'm going to have to spend so much time in there 30 hours will never be enough - I better get the days and cram as much as I can".

Feedback is greatly appreciated.

Thanks for your feedback so far, anyone else is certainly welcome.

I'm starting to rethink and seriously lean towards certificates. To answer a point raised I'm doing currently enrolled in the masters online, but I've just got access to the course material. It all seems extremely basic, and I'm confident I could pass each subject with my self taught knowledge right now. I admit this is only the first 4 of 16 subjects, but I'm realising how largely theoretical the degree will be.

I'm fortunate enough that I'm pretty happy in my current field, so these qualifications (whatever type) is 90% because I enjoy learning, 10% because if I feel like it I can change professions slightly easier in the future. I think looking at it now perhaps the practical knowledge will be more useful, and enjoyable, for me at the moment.

Cost wise certificates to a point make sense. The masters will set me back $25600, which is an expensive learning experience. Admittedly it's nice I can defer paying it (hecs-help in Australia), but ill have to fork out eventually. Certificates are not cheap either, but it's all relative.

Sorry I know some of the above didn't have a direct question, I'm more thinking out loud and asking for a double check on my thought process The biggest unknown I had was how limiting will and engineering degree be in applying for jobs as oppose to a specific IT degree. It seems the answer is a little but not as significant as I expected.

TL;DR most likely use the degree as a foot in the door showing work ethic and problem solving, then use certificates to demonstrate technical ability in the relevant areas as ill probably enjoy the technical learning a little more, end up with less debt and be reasonably valuable regardless.

Thanks!!

Hello everyone. I've got a question as to the industry perception of degrees vs certificates. I'm interested in pen testing, and at this stage am largely self taught on the topic. We all know however the world goes around on pieces of paper, so if I want to get a job in the industry I'll need to obtain some formal qualifications.

I've got a degree in engineering, and was considering going back to university to do a masters in network and computer security. This would allow me to at least have an IT related university degree, which could help a lot in job applications. On the other hand I strongly believe certificates would probably provide more useful hands on knowledge specific to pen testing; but I'm unsure how they are typically viewed by industry.

So, the question really comes down to if you were a perspective employer what would you look at more favourably? Someone with a masters degree, or someone who had done a reasonable amount of certificates in the area?

Location wise Australia if matters.

Thanks all.