December 4, 2012 at 12:40 pm #805824772433Participant
This may be a question for our UK members, but is there any comparison between The CESG Check certification and OSCP?
I know I’m not comparing apples with apples and CHECK status is to assure that the tester is qualified to test on HMG (Her Majesty’s Government Infrastructure) but on a technical standpoint, how do they compare with each other?
December 4, 2012 at 2:28 pm #51088MaXeParticipant
CHECK and CREST is all about money, OSCP is about learning (even price-wise). CREST is e.g., a non-profit organisation, but have you seen their certification prices? And those are just certifications, no courseware included.
Anyway, certification wise, both should test you fairly, depending on which level you go for, as CHECK has several levels, while OSCP is one level. You can always go for OSCE or OSEE, etc., to go to the next level though.
I know with CREST and I assume with CHECK as well, that report writing skills weighs a lot more than OSCP, as the latter is about technical skills, instead of being able to write a good report.
Another issue, at least from what I’ve heard from a few, is that they often run out of time with CREST and some with CHECK as well. Most of those I have talked with, that are CREST or CHECK certified, have never done any OffSec courses though, so it’s hard to say whether the people that did CHECK and/or CREST simply lacks technical knowledge or not.
But I do know that even very experienced people ran out of time with CREST. (A lot of information security companies in Australia (at least the more serious ones I guess) are getting CREST certified, as it may become mandatory soon lol.)
Another thing with CREST is that there is a theoretical test, and there might be one for CHECK as well. This test, at least for CREST is a bit crazy/funny, as it asks the “student” taking the test, questions that you are never going to use, well, except if time machines are invented or you test on equipment from the 80’s perhaps.
The last thing, is that at least with some if not all CHECK exams, is that they change every time. Meaning you can’t give out a cheatsheet, plus they require you to wipe all electronic equipment you brought into the examination room.
Some people dare to say it’s harder than OSCE, I say probably not in the sense of how technical it is, as OSCE in itself, is very technical if you don’t get any outside help and only follow the courseware, then you either gotta be really good or able to come up with solutions to new problems you have never seen, fast. (Even with 48 hours allocated. I have seen many people fail the first time. But also a few pass the first time, some of those that passed the first time didn’t do it 100% on their own.)
But if you don’t have CHECK or CREST, and you live and work in the UK, I suggest you get the certification as you will need it sooner or later.
December 5, 2012 at 11:31 am #51089RoleReversalParticipant
They both have their uses, and having done both I’d strongly suggest doing both (if UK based).
OSCP will develop a deep technical understanding, CHECK/CREST will help get you the work to put that understanding to the test.
That’s not to say the CHECK/CREST isn’t technically challenging, but having done OSCP first CHECK certification was a challenge, but not on the Bob/Pain/Sufferance scale.
My route: I self funded OSCP (cheaper of the two) to prove ability/commitment, then put CHECK through work’s budget 😉
December 5, 2012 at 10:36 pm #51090m0wgliParticipant
Just for clarification, which level of CHECK status is being discussed?
Where the difficulty of exams has been referred to, are they for the CREST/Tiger Scheme exams for CHECK Team Member status or the ones for CHECK Team Leader status?
December 7, 2012 at 12:52 pm #51091
December 7, 2012 at 1:25 pm #51092m0wgliParticipant
Thanks for the clarification and the link.
You must be logged in to reply to this topic.