Just recently decided to join, hoping to rub elbows with fellow security practitioners and contribute...
I want to pursue a security cert or 2 to sharpen my skills and improve my marketability, I have experience and am not new to security.
in the past I've held CCNA, Solaris, CWNA & other related vendor certs.
(most long expired but I am going to renew my CCNA.)
Though I don't really consider myself an expert, I am somewhat versed in security, networking, linux (incl. using backtrack), compiling from source, using sniffers, wireshark, testing exploits & using frameworks like metsaploit, etc...
I also have moderate experience in Reverse Engineering, developing IDS & AntiVirus signatures, analyzing exploits & threats and using commercial tools & vulnerability scanners.
My coding skills should be considered mediocre to weak at best.
I have basic understanding of ASM & how the stack works, know what a function in C is & how to write one.
Script wise, so-so I can get by and Google is my friend when I get stuck...
I've dabbled in Python, Perl & C, but again I'm not an expert.
I am definitely rusty on alot of the reverse & debugging stuff having not done it in a while but I can pick right back up.
With that said, I am debating whether to take the OSCP or OSCE course.
I've looked over the course Syllabus for both & like the subject matter both have to offer.
I did notice that I do already have experience in many of the areas covered in PWB/OSCP (same applied for the eCPPT which I also looked at).
I've been a PenTest Linux Distro user since the days of Auditor, Phlax, etc... So I think I can pass on alot of the intro to Backtrack stuff.
I know how to use nmap, snort, tcpdump, etc..familiar with network attacks, arp poisoning, etc...
I want my money to be well spent, which means I don't want to too much re-hash of stuff I already am familiar with.
I want to (hopefully) master something new, improve, learn skills & techniques and get certified in the process.
I took Saumil Shah's Exploitation Lab at Blackhat 2011 last summer and had a blast, I did just fine in that class.
But that was instructor led & focused on 1 area.
I have much to learn in the areas of shellcode writing, exploit writing, vulnerability discovery & web app testing.
As well, I would ultimately like to not be dependent on pre-packaged exploits and tools.
What do you guys think, go for OSCE or am I asking for it (in pain)?
I'm not looking for the easier route (note: by no means am I saying OSCP is easy!), but I also can't throw money around and would not want to get in way over my head by biting off more than I can chew.
My anticipated 'hard core' study time I can commit to would be about 2 months, fortunately my present engagement allows me time to study & work from home I would like to use this time wisely and develop + polish skills.
My next cert after getting a Pen Test cert would be the CREA or GREM certs.