Even if it’s only my viewpoint, most of the information security professionals I know agree with me on this (and I know someone).
I must inform you that I became a pentester despite having zero certifications in the field (now I got 5 of them).
Since CEH is a multiple-choice exam, it teaches you nothing practical about pentesting, and I share this opinion with the vast majority of information security professionals I know.
- All The Different Fields in Cybersecurity You Can Work In
- What is the function of Twitter?
- Why Qatar is so famous?
- ক্রিপ্টোকারেন্সি (cryptocurrency) কি? ক্রিপ্টোকারেন্সির সুবিধা কি কি?
- ৩৯৯$ ডলার মূল্যের ডাটা রিকভারি সফটওয়্যার
Contrarily, OSCP is demanding and practical, but it only prepares you for a limited range of real-world encounters.
My impression is that OSCP is more similar to a CTF.
Real-world pentests typically go longer than 24 hours.
In some of my actual engagements, I have been putting specific equipment through their paces for as long as two weeks.
Moreover, systems in the wild are typically far better protected, with measures such as web application firewalls, Amazon CloudFront, etc., in place to prevent direct exploits.
In the PWK program, you’ll encounter this situation only rarely.
Furthermore, OSCP does not adequately prepare you for internal and Active Directory engagements, both of which are crucial in the working world (EDIT: The new PWK course added some Active Directory modules, but I have not yet switched to the new material because it is not yet reflected on the exam; therefore, I have not personally tested how well it prepares you for the exam. At this juncture in my life, I don’t see the value in spending $200 to upgrade to the latest material when I can just pay for an exam fee instead.
On the other hand, OSCP has a great reputation among HR professionals and is held by a smaller percentage of the population.
The LPT certification, also offered by EC-Council, has come highly recommended by those I’ve spoken with about it; it appears to be more realistic and includes some very interesting Active Directory configurations; however, I gather that you need the CEH certification before you can even attempt to take it.
Therefore, in my opinion, this is a fantastic option if you want to acquire CEH and then go for LPT; however, you may also consider going straight for OSCP.
- All The Different Fields in Cybersecurity You Can Work In
- What is the function of Twitter?
- Why Qatar is so famous?
- ক্রিপ্টোকারেন্সি (cryptocurrency) কি? ক্রিপ্টোকারেন্সির সুবিধা কি কি?
- ৩৯৯$ ডলার মূল্যের ডাটা রিকভারি সফটওয়্যার
It’s possible that none of them will be sufficient to land a pentesting job immediately. Many people I know who have earned pentesting certifications reported facing lengthy delays in getting work in the field.
This position fell into my lap unexpectedly when my boss expressed interest in having me join his team.
