CHECK V OSCP?

This topic contains 5 replies, has 4 voices, and was last updated by  m0wgli 7 years ago.

  • Author
    Posts
  • #8058
     24772433 
    Participant

    This may be a question for our UK members, but is there any comparison between The CESG Check certification and OSCP?

    I know I’m not comparing apples with apples and CHECK status is to assure that the tester is qualified to test on HMG (Her Majesty’s Government Infrastructure) but on a technical standpoint, how do they compare with each other?

    http://www.cesg.gov.uk/servicecatalogue/CHECK/Pages/WhatisCHECK.aspx

  • #51088
     MaXe 
    Participant

    CHECK and CREST is all about money, OSCP is about learning (even price-wise). CREST is e.g., a non-profit organisation, but have you seen their certification prices? And those are just certifications, no courseware included.

    http://securityreactions.tumblr.com/post/32935107872/crest

    Anyway, certification wise, both should test you fairly, depending on which level you go for, as CHECK has several levels, while OSCP is one level. You can always go for OSCE or OSEE, etc., to go to the next level though.

    I know with CREST and I assume with CHECK as well, that report writing skills weighs a lot more than OSCP, as the latter is about technical skills, instead of being able to write a good report.

    Another issue, at least from what I’ve heard from a few, is that they often run out of time with CREST and some with CHECK as well. Most of those I have talked with, that are CREST or CHECK certified, have never done any OffSec courses though, so it’s hard to say whether the people that did CHECK and/or CREST simply lacks technical knowledge or not.

    But I do know that even very experienced people ran out of time with CREST. (A lot of information security companies in Australia (at least the more serious ones I guess) are getting CREST certified, as it may become mandatory soon lol.)

    Another thing with CREST is that there is a theoretical test, and there might be one for CHECK as well. This test, at least for CREST is a bit crazy/funny, as it asks the “student” taking the test, questions that you are never going to use, well, except if time machines are invented or you test on equipment from the 80’s perhaps.

    The last thing, is that at least with some if not all CHECK exams, is that they change every time. Meaning you can’t give out a cheatsheet, plus they require you to wipe all electronic equipment you brought into the examination room.

    Some people dare to say it’s harder than OSCE, I say probably not in the sense of how technical it is, as OSCE in itself, is very technical if you don’t get any outside help and only follow the courseware, then you either gotta be really good or able to come up with solutions to new problems you have never seen, fast. (Even with 48 hours allocated. I have seen many people fail the first time. But also a few pass the first time, some of those that passed the first time didn’t do it 100% on their own.)

    But if you don’t have CHECK or CREST, and you live and work in the UK, I suggest you get the certification as you will need it sooner or later.

  • #51089
     RoleReversal 
    Participant

    They both have their uses, and having done both I’d strongly suggest doing both (if UK based).

    OSCP will develop a deep technical understanding, CHECK/CREST will help get you the work to put that understanding to the test.

    That’s not to say the CHECK/CREST isn’t technically challenging, but having done OSCP first CHECK certification was a challenge, but not on the Bob/Pain/Sufferance scale.

    My route: I self funded OSCP (cheaper of the two) to prove ability/commitment, then put CHECK through work’s budget 😉

  • #51090
     m0wgli 
    Participant

    Just for clarification, which level of CHECK status is being discussed?

    Where the difficulty of exams has been referred to, are they for the CREST/Tiger Scheme exams for CHECK Team Member status or the ones for CHECK Team Leader status?

  • #51091
     RoleReversal 
    Participant

    Sorry, should have been clearer: my experience is with the Team Member level certs.

    Team Lead on old the to-do list (which I believe is far harder). Robin Wood has a good right up of his experiences with the TL level exams

  • #51092
     m0wgli 
    Participant

    Thanks for the clarification and the link.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?