.

OffSec/eLearnSec vs. more traditional certs...

<<

Artholm3

Newbie
Newbie

Posts: 10

Joined: Fri Apr 09, 2010 12:07 am

Post Wed May 05, 2010 10:22 am

OffSec/eLearnSec vs. more traditional certs...

I'm curious about the "validity" of the more hands-on security training methods online and how they are seen in the real world. This is not disparaging either of the mentioned programs, I've simply found that I learn better by actually doing hands-on work vs only reading/notes :)
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed May 05, 2010 12:27 pm

Re: OffSec/eLearnSec vs. more traditional certs...

So you don't think there is 'hands-on' in Offsec's training???  I can assure you, there's plenty.  That's what the lab packages are for, and the 24-hour long practical, hands-on exam, at the end.  I'm starting Offsec's OSCP v3 this Sunday.  I'll let you know more of my thoughts, thereafter, but others have already spoken to the validity of their training.

And I believe there are labs with eLearnSec's stuff, too...

<edit> no offense intended, just wondering why you'd think as you did, that's all...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Artholm3

Newbie
Newbie

Posts: 10

Joined: Fri Apr 09, 2010 12:07 am

Post Wed May 05, 2010 12:48 pm

Re: OffSec/eLearnSec vs. more traditional certs...

hayabusa wrote:So you don't think there is 'hands-on' in Offsec's training???  I can assure you, there's plenty.  That's what the lab packages are for, and the 24-hour long practical, hands-on exam, at the end.  I'm starting Offsec's OSCP v3 this Sunday.  I'll let you know more of my thoughts, thereafter, but others have already spoken to the validity of their training.

And I believe there are labs with eLearnSec's stuff, too...

<edit> no offense intended, just wondering why you'd think as you did, that's all...


After re-reading my post, hayabusa, i simply phrased that badly. OffSec has excellent labs as does eLearn's courses.

I'm just worried how a potential employer might react to hearing "I'm an OSCP" if they aren't familiar with the course versus hearing "I am Sec+/GPEN/GSEC certified."

Hopefully that makes a bit more sense and again, I'm NOT taking shots at the courses offered by OffSec or eLearnSecurity.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed May 05, 2010 2:03 pm

Re: OffSec/eLearnSec vs. more traditional certs...

<grin>  :P  There you go, I think you worded your thoughts better, now.  And I certainly understand that thinking.  Unless you're really involved, specifically, in penetration testing, etc, you don't often hear about OSCP and other similar certifications and classes.

This is something you DO have to consider, when applying to a potential or new employer.  However, most employers 'hopefully' aren't looking at the certifications, alone (unless you're moving into management, then I see it happen that way, a lot ! <EVIL GRIN>)  Generally, you'll have technical interviews and such, where you'll need to prove what you know, and show your value. 

On my resume, for example, I not only list the certification name, but I also give a little detail on what each one is (not a lot, as most initial reviewers could care less, but enough that the next person to see it might look more closely.)  You should also list your experience and such, in a way that can grab their attention, and really help them to focus on your value, as a candidate for their position / opening.  Then, as you move forward, and talk with them, more, you can explain the similarities and contrasts between what certs you hold, and others that they might be more familiar with. 

Finally, if an employer flat out insists on you holding one of the other certs, then it really doesn't matter what certs you have, and you just have to either talk them through it, and explain that you WILL get their required certs, or move on to the next openings out there.

HTH, and is a little more clearly tailored to what you were asking.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed May 05, 2010 3:02 pm

Re: OffSec/eLearnSec vs. more traditional certs...

I would agree with hayabusa.  Most employers, especially in HR, wouldn't know what the OSCP certification is.  They are only aware of the standards, like CISSP and Security+.  However, if you resume made it to your future direct supervisor, he/she will likely know and appreciate the OSCP certication if you are applying for a pen-testing position.  In other words, I think that the OSCP may open a second door for you, once you already through the front door.
~~~~~~~~~~~~~~
Ketchup
<<

Artholm3

Newbie
Newbie

Posts: 10

Joined: Fri Apr 09, 2010 12:07 am

Post Wed May 05, 2010 3:30 pm

Re: OffSec/eLearnSec vs. more traditional certs...

Ketchup wrote:I would agree with hayabusa.   Most employers, especially in HR, wouldn't know what the OSCP certification is.  They are only aware of the standards, like CISSP and Security+.   However, if you resume made it to your future direct supervisor, he/she will likely know and appreciate the OSCP certication if you are applying for a pen-testing position.   In other words, I think that the OSCP may open a second door for you, once you already through the front door.

<grin> Oh the joys of being a hands-on learner... But seriously, wise words there, Ketchup. I definitely want to be a pen-tester over a network admin etc. so I'm banking on the more specialized technical training may give me a leg up. Now just need a *nix laptop and tuition fees, lol
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed May 05, 2010 6:08 pm

Re: OffSec/eLearnSec vs. more traditional certs...

The *nix laptop is neither here nor there.  You can boot to a bootable BackTrack CD/DVD/USB Stick, or you can always use VMWare and run Linux / BackTrack from within.  (However, if your reason is to become intimately familiar with everyday *nix, then I understand you.  (Dual boot, or again, boot the CD/DVD and run live, so you can always go back to Winderz when you want to.)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

What90

Full Member
Full Member

Posts: 120

Joined: Sat Jun 09, 2007 2:23 am

Location: Syndey, Australia

Post Wed May 05, 2010 10:22 pm

Re: OffSec/eLearnSec vs. more traditional certs...

Hello Artholm3,

I'd have to say it depends :-)

These (OSCP, eLearning, GPEN) courses are targeted at teaching specific skills, thus specific, specialised roles in a company. Having these skills/certs is great but they have to fit in with an employer’s need for them to be required, thus having HR identify what they  are in the first place.

If you're looking at working in normal company with no or minimal security skills, planning or direction, the only qualification the HR staff will recognize is the CISSP or CISM/CISA, as Ketchup mentioned. These have no hands on components but are seen as industry “standards” for security. They may even just look for OS skill sets with the word security tacked on the end or a certain vendor (Cisco/Juniper/etc) certs.

The security specific company should know, or at least check, what different security certs are. The certs with solid hands on experience proves a certain level of understand and ability.  I’ve seen CV’s with certs I’ve never heard of, but after a quick check I know whether to say “Wow!” or “hmmm”. As new courses/certs appear, they either become adopted in to the industry after a while or disappear.

If you’re looking for the right training to get your dream job, hit the job web site and find similar roles. They be asking for certain skills, training and knowledge, so flip that to a course and you’ll be one step closer to get that job!
<<

konectics

Post Thu May 06, 2010 4:48 pm

Re: OffSec/eLearnSec vs. more traditional certs...

OffSec's Penetration Testing Training with BackTrack course is pretty good.  Fully hands on.  Their course covers most pentest tools that come with BackTrack 4 in a lab environment.

The price for the course is really unbeatable and worth every cent.  Something comparable from SANS would run you five times the cost.

Now, they made it clear up front that they expect hard work on your part.  Most of the modules and labs expect you to do homework and prompt you for further reading and experimentation.

I definitely suggest that you have some linux, shell scripting and possibly perl/python programming skills to get the most out of the course. 

As far as potential employers, sure, they like to see CISSP in your resume, but once you go into the initial interview, the techies will ask a lot of questions and know if you really have a grasp for the subject at hand.

I'd suggest you examine what field of infosec you want to get into; pen testing, incident handling, security analyst, etc., and immerse yourself in it.  Read all you can from books, webinars, hands-on courses, build a lab, etc.

Best of luck!

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software