.

New OSCP struggling to get off the ground

<<

ITNinja

User avatar

Newbie
Newbie

Posts: 4

Joined: Thu May 15, 2014 1:56 pm

Location: East Tennessee

Post Thu May 15, 2014 3:01 pm

New OSCP struggling to get off the ground

Hi all,
I have been working as an IT professional for a little over 5 years. I have always wanted to get into security and hacking so I decided the best way to learn was a trial-by-fire into the OSCP course. Having little to no experience in security or hacking I plunged into the course and quickly bit off more than I could chew. Long story short, in the end I learned a ton and was awarded the OSCP certification.
I am looking for advice on what I can do now to get my foot in the door as a pentester. I have sent several resumes and applications, but I have yet to hear anything. I'm worried my lack of on-the-job experience is hurting my search. Any help would be greatly appreciated.
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 621

Joined: Sat Apr 17, 2010 12:12 pm

Post Fri May 16, 2014 5:40 am

Re: New OSCP struggling to get off the ground

Hi ITNinja.

Welcome to EH.Net. Congratulations on passing your OSCP, that is quite an accomplishment. So I want to start out by asking a few questions, what qualifications other than the OSCP do you have that may benefit an employer for a pentesting position? Any wireless hacking experience? Do you have a CEH in case you need to work with DoD? Outside of certifications, where are you looking for positions? Are you meeting the requirements of the postings? How does your resume look?If you like you can send it to one of us for review. I also have a few contacts I can reach out to, find out what companies are looking for in a Jr. Pentester. Also, you could look into trying to make a name for yourself by discovering vulnerabilities in a legal fashion, and getting your name out there as a vulnerability researcher or RE expert, ect.

Honestly though my first thought is that they want to see previous security experience. Rarely do people go directly into pentesting.
sectestanalysis.blogspot.com/‎
<<

ITNinja

User avatar

Newbie
Newbie

Posts: 4

Joined: Thu May 15, 2014 1:56 pm

Location: East Tennessee

Post Fri May 16, 2014 12:15 pm

Re: New OSCP struggling to get off the ground

Thanks for getting back with me! OSCP is my very first cert for pentesting and ethical hacking. I've been in more of a systems support role before then. When I made the decision to get into ethical hacking I was trying to decide between CEH and OSCP. I chose OSCP because that course fit my learning style best. I am going to get my CEH next. I am told it's a cakewalk compared to OSCP :) As far as experience I am just starting out. My current employer has delegated a lot of the security responsibilities to me. Since I understand the vulnerabilities, he believes I am more qualified to prioritize and implement the vulnerability fixes. As far as the requirements for the positions I lack previous experience as a pentester and some are asking for a 4 year degree which I do not have. Honestly I had hoped the OSCP would carry enough weight to get me in the door because of it's difficulty and high demand. Can I just PM my resume to you? Thanks for your help!

P.S I plan to write up my full OSCP story in the OSCP forum soon.
A+ Net+ OSCP
"Courage is not simply one the virtues, but the form of every virtue at the testing point"
-C.S. Lewis
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 621

Joined: Sat Apr 17, 2010 12:12 pm

Post Sat May 17, 2014 2:41 am

Re: New OSCP struggling to get off the ground

Of course you can, i'll do whatever I can to help.
sectestanalysis.blogspot.com/‎
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat May 17, 2014 10:10 pm

Re: New OSCP struggling to get off the ground

Congrats on the OSCP, that's quite an accomplishment! Based on the subject alone, I initially thought this thread would be someone whining about the OSCP being too difficult, so I was pleasantly surprised when I actually read your post.

If you haven't already done so, write a penetration tester version of your resume. Highlight all the security responsibilities in the role(s) you've had, and emphasize everything that's as close to penetration testing as you possibly can (network scanning, vulnerability analysis, patching, system hardening, password auditing, etc.). If you haven't done those things, get permission to do them, and then do them. See if you can even get some exploitation approved, so you can also add internal penetration testing activities.

The CEH is a multiple-choice marketing cert, so no, it's not going to hold a candle to the OSCP. It may open some doors with HR or recruiters, and it will satisfy a DOD checkbox if you're trying to go that route (but others can be used for that). Aside from potentially helping you get your foot in the door somewhere, it's really not well-respected by technical professionals. It's not going to hurt you, but you already have the one that matters to those people.

What's your official title? You first said you've been an IT professional for ~5 years, but your second post makes it sound like you've been in a support position that entire time. If so, that's getting to be a long time in a support role, and the lack of advancement may be viewed negatively by some people.

What other certifications do you have? Everything we do revolves around general IT, so certifications like the CCNA will definitely lend you more credibility. As great as the OSCP is, it doesn't encompass everything. I've met OSCPs who haven't been able to do basic network troubleshooting. A large component of penetration testing is explaining why the current configuration is vulnerable, how to remediate it, and what the potential repercussions of remediation may be. It's unlikely that someone who lacks those core skills and knowledge would be able to do those tasks well.

If you don't have a blog, start one. Put your OSCP review and other things you learn/are working on there. That will demonstrate your knowledge and writing skills (writing reports is a big piece of the equation, so make sure the message you're sending is that you're a competent writer). Unrelated, but the same is true for the quality of your resume. If there are errors and your thoughts are jumbled on such an important document, one can only imagine what the quality of your reports would look like. I'm not implying that your resume is in poor shape; I'm just emphasizing the important of making sure it's polished.

What are you doing for networking (the kind that doesn't involve bits and bytes)? Are there DC[Area Code], OWASP, ISSA, ISACA, etc. meetings in your area? BSides? Do you attend any larger conferences? DefCon will likely be overwhelming if you aren't yet acclimated to cons, but if nothing else, you should definitely head out to DerbyCon later this year. That should be a relatively short trip for you too. Snag your ticket quickly though; it's a smaller con that will sell out.

Are you open to relocating and/or traveling? You're not in a great area for InfoSec, or even IT in general, so being able to broaden your horizons will significantly increase your likelihood of success.
The day you stop learning is the day you start becoming obsolete.
<<

ITNinja

User avatar

Newbie
Newbie

Posts: 4

Joined: Thu May 15, 2014 1:56 pm

Location: East Tennessee

Post Mon May 19, 2014 8:03 am

Re: New OSCP struggling to get off the ground

Hi dynamik,
My official role is Technical Support Analyst, but I've been working with a medium sized business(around 250 users) with only a 3 person IT dept for about 4 of those years so the title does not really describe my day-to-day responsibilities. I've worked on server, routers, and switches on top of doing desktop support. I am well versed in Active Directory, DNS, DHCP, Citrix, Exchange, Group Policy, Terminal Services, etc. so I have a strong base in general IT. My other certs are A+ and Net +. I have never had anyone really critique my reporting, but I do know that a lot of how the OSCP is graded is based on reporting. I'll send you my resume for review. As far as relocation/travel I would prefer to travel, but relocation would be an option. I have also never blogged before so any advice on getting that started would be greatly appreciated. Thanks a lot this is very helpful!
A+ Net+ OSCP
"Courage is not simply one the virtues, but the form of every virtue at the testing point"
-C.S. Lewis
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 379

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon May 19, 2014 9:31 am

Re: New OSCP struggling to get off the ground

--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

ITNinja

User avatar

Newbie
Newbie

Posts: 4

Joined: Thu May 15, 2014 1:56 pm

Location: East Tennessee

Post Tue May 20, 2014 7:35 am

Re: New OSCP struggling to get off the ground

Thank you all. I'm so glad I found this board. Sounds like I need to slow down and start building the foundations I need in my current position. I believe I may have been a little too aggressive in finding a new position when I should be taking the opportunities to use my new skills in my current setting. I will keep my eyes open for new opportunities obviously. It's nice to get some perspective. :)
A+ Net+ OSCP
"Courage is not simply one the virtues, but the form of every virtue at the testing point"
-C.S. Lewis

Return to Career Central

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software