OffSec InfoSec Certifications in the Job Market

A couple of weeks ago we published our comic Try Harder song, praising the OSCP certification and our students in general. It was really well received by our alumni, who related closely to the theme of “Try Harder“. However, there is a more serious undertone to this than meets the eye.

Information Security Certifications Mean Little Today

The intent of an Information Security certification is to provide confirmation that a specific individual has specific characteristics related to the field. The concept is great, you get a certification and use that as proof to a potential employer that you actually know your stuff. As this is a complex field, this is wonderful for an employer as it provides some level of assurance that the person you are hiring to do the work actually is competent.

The problem is, a number of certifications on the market just don’t provide that level of assurance. Like many IT certifications of the late 90s, a multiple choice test approach where you get the majority of the questions correct is enough to win you the certification. This leads to memorization quests on the part of test takers, where they focus more on what the right answer is and not so much on what the right answer means. The obvious result from this has been that many people just don’t respect infosec certifications.

On the other hand, with Infosec professionals at a shortage, the need for an effective measure of ones technical abilities has never been so critical and urgent – and this is where we believe we’re making a difference.  With our entry level certification (the OSCP) now identified by organizations as a leading technical certification – more and more are starting to use the OSCP as an industry standard.

Interestingly, it’s not only the private industry that has responded to the OSCP certification – we’re seeing more and more government entities incorporate Offsec in their information security training programs. The latest example for this is the UK Government Ministry of Defense – which has placed the OSCP on the shortlist of desirable qualifications for potential job candidates.

Offensive Security Certification Reviews

Googling around for Offsec course reviews should give you a general feeling for what our courses are like. We’ve put together a couple of quotes and references which we thought were specifically relevant to the state of the job market today:

The strong technical foundation of the Offensive Security training content, coupled with a rigorous testing process has established the OSCP certification as the most relevant education in the pen-testing space. Accuvant LABS requires any prospective consultants to pass the OSCP exam before applying to our attack & penetration team. -VP of the Attack and Penetration Testing Team, Accuvant.

A recent article in the IATAC magazine (the Cyber Security and Information Systems Information Analysis Center) covered the OSCP certification in one of their publications, and here’s what they had to say about it:

The Offensive Security approach is one that warrants a closer look. It is a shame that all certifications across all disciplines cannot be provided based upon performance and real-world demonstration of mastery in a particular area.

Join the Offensive Security Certified Group

This acceptance has come at a price however, as the OSCP certification is quite difficult to attain compared to other industry certifications. What makes the OSCP so effective for companies to use as a measuring stick of skills – also causes quite a shock for many candidates that are used to an easier, more relaxed, certification process. The OSCP certification requires actual effort to be put forth in order to succeed.

If you are ready to put in the effort it takes, if you are ready to “Try Harder“, be sure to check out the our online Penetration Testing with Kali course. The rewards for your career will be well worth it.

The OSCP certification, in my opinion, proves that it’s holder is able to identify vulnerabilities, create and modify exploit code, exploit hosts, and successfully preform tasks on the compromised systems over various operating systems. – Trenton