Hey all,

I finally got to the point where I'm ready to take the next step as far as my certifications are concerned and I need your help.  I am trying to decided between taking the GPEN or OSCP, which do you all think is better?  I am looking for the certification that will give me the most knowledge and be the most fun to complete.  Money is not a concern, so I'm just looking for a quick poll.  Personally, I would like to do both but I don't know if I can swing that.  Anyhow, please comment if you have either of these certs or both.

Thanks,
themadhatter

Both certs are packed with good information.  The answer to your question revolves around what you want to learn.  Everything from SANS has a business take to it.  GPEN is focused making sure that you are covered, that you follow good processes, and also it has some great skills for the actual process.  It covers all the goodies with enumeration etc in an environment where if you have questions you have a direct person to ask about it.  It isn't as deep as the OSCP, but if you are interested in making sure that your practices are good etc, then it's a good place to start.  I had fun in the class but the steps to pen testing and business elements are a focus the whole way.

OSCP covers enumeration, exploit writing, and popping boxes.  There's tons of good stuff in there, and it's pretty much all skills and techniques with little focus on the business stuff like ensuring that you have a project scoped etc.  It goes more in depth into enumeration and exploitation, even walking you through creating your own exploit.  The courses are in video and PDF format, and there isn't just one person who is accountable for questions, but there are a number of venues for asking.  If you are looking for a class that is fun from start to end, then this class is definitely fun.  The only thing is, this class is what you make of it because of how it is delivered.  You have the ability to pick up tons of skills if you don't already have them, but it isn't as spoon fed as GPEN is.  

All in all, they both cover different material, and taking both of them wouldn't be a bad plan if you can at some point.  The question is what you want to focus on first.  If you are just starting and want some additional hand holding, go GPEN first. If you are already strong with linux and have some background with pen testing or security, then OSCP is a lot of fun.

Ryan has a great comparison there.

In my opinion GPEN is the way to start. They place a high priority on the whole process instead of just the technical parts. They also realize that popping boxes isn't the sole means into systems, where OSCP focuses on exploitation (mostly). I would def take the OSCP after the GPEN if i were starting from scratch though.

The GPEN cert also has more merit at the moment and includes a CTF day excersize. The GPEN is a written test where OSCP is a practical CTF.

Thanks again for the information everyone.  I think I am going to try to see if I can first for the GPEN then the OSCP.  Since both of these certs/courses seem like a decent amount of fun as well as high quality that would seem to be the best route.  Even if I have to foot the bill for the OSCP myself I think it would be worth it.  My main objective here is to learn as much as possible so I think both would be best.   

Thanks again,
themadhatter