After looking through a few certifications I have come to the end result that I will purchase the PWB courseware from the Offsec guys.

My main goal is to gain knowledge to support the Bachelors in Information Security I have. This looks like a great place to start.

I'm not a huge Linux person atm but I have been working more and more with Backtrack lately.

Is this course appropriate or should I start lower on the ladder?

I see a course from elearnsecurity but It does not look as good or come as highly recommended.

This is like the saying "opinions are like..." Here are a few things I'd like to throw out to you - for you to ponder.... Certification ... Learning... Which do you prefer?

Certification - overrated at times especially when one is seeking to "dump" - I need to pass this class!!!. You're likely to retain little and not learn at the end of the day.

Learning - always in fashion

There is no "wrong" course to learn from. I haven't taken eLearnSecurity's course because I don't need it - and I'm not saying this to be arrogant. I'd actually LOVE to take it for the sake of learning something, but at the end of the day, it doesn't benefit me so I choose to focus my money and time elsewhere. I would STILL learn from it I'm sure though. There are plenty of people here who have taken it and liked it alot. There were some who didn't.

As for the OSCP, you state you have little Linux experience (based off your statement: I'm not a huge Linux person atm but I have been working more and more with Backtrack lately.) so my perception/interpretation is, you will find the OSCP difficult and likely fail the first, second and perhaps the third time around. You WILL LEARN doing the OSCP but it might be akin to jumping into trigonometry without understanding basic algebra.

Back in 06/07 I started a "Pentesting 101" write up (http://infiltrated.net/pentesting101.html) where I laid down what I felt was a STRONG 52 week step-by-step to become a decent/well rounded pentester. It includes understanding the entire gamut of operating systems, networking, applications, etc.. There will NEVER be an "all inclusive" course to become a "ninja pentester" as there are too many variables (web applications, presentation layers, covert channels(networking), etc.) the key to it all is understanding as much as possible.

E.g., when I did my RWSP, I was completely on all their machines and was completely stumped on MSSQL syntaxing. Guess what? I come from a Linux/BSD/Solaris world. Postgres (check), MySQL (check), Oracle (check)... MSSQL? Nah, not my cup of tea. Had I taken the time for a refresher, I'd of not wasted time - in the end, I ran out of time. Anyhow, because of what you mention (minor *nix) experience, I suggest you start with ELearnSecurity, get comfortable with it, then aim for the OSCP only AFTER you're extremely comfortable with not only Linux, but a variety of topics.

Thanks for the replies, I am currently looking at the various other options posted here.

I did not mean to portray elearnsecurity as a bad option, just that the PWB course looks better after looking at both. Price is sort of a major factor here so we will see what the budget boils down to.

I will keep you posted and thanks for all the info.

In my opinion, in your case, the best place to start will be hacking dojo. It will start you from the basic, and while it will cost you less money you'll get an inside view of the pentest world. If you'll like it you'll learn a lot, if you'll not like... you'll save money and find yourself a new career path (firewalls, compliance...)

One of the biggest advantages of hackingdojo is that you will actually talk with the instructor (Tom) and you can ask him almost anything. On the oposites, doing OSCP you'll be on your own (in a lions cage  ).

While I've not taken the courses from the Dojo, yet, I have Tom's book (Professional Penetration Testing,) and it's a good read.  In addition, Tom is a member here (Grendel,) so along with others' experiences, you can ask him plenty, as well.

Good luck.

I don't think that just because you don't have that much Linux experience that you shouldn't take the course. I didn't have that much linux exp either and I passed on my first try. BUT I did have to work my ass off at it. I had to ramp up my Linux skills really fast and now they're acceptable. I just passed a couple weeks ago and documented my experience here if you're interested: http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html

The bottom line is if you have solid fundamentals, meaning you understand routing/protocols and how an OS works, you could probably get to where you need to be in 60-90 days. Quite frankly if you don't pass on the first try its not that big of a deal because you can retake for $60. Its not like you have to drop $500 to retake the exam. Put in the hard word and it will pay off.