First official blog post!
Been awhile since I wrote literally anything that wasn't a Twitter post, email or pen test report. Gotta say, it feels good. Anyways, to the topic:
Becoming an Offensive Security Certified Professional (OSCP) was a cool ride, then it wasn't, and now it's just a stepping stone to something more.
It took me a couple of years off and on to earn my OSCP, and it was always a looming hurdle in my mind as I became a new pen tester. Offensive Security is VERY good (and for good reason) at touting the cert as pretty much the only one that will help you prove a technical skillset in the early period of your career. I say early part of your career because it's true. The closer I got to getting it, the more I heard people say things about how it's a beginner cert, it's "easy", etc.
I didn't care what they said about it because it meant something to me, and still does. I got it on my second try, and honestly gave myself a 50/50 chance if I was being generous. When I finished in about 18 hours and knew I had it pending my report being accepted, it was one of the most incredible feelings I have had in recent memory: I got in to this industry later than many, had a chip on my shoulder to prove something, and now had proved it. I had proven that I belong here, proven I could do it, and generally finally felt like I "made" it.
Within about 2 days, all those feelings were gone.
Am I still proud of it? Yes. Was it a big personal achievement? Yes. Is it an achievement that truly does set you apart? Maybe. Will it hang on my wall perfectly opposite my webcam as a not so subtle reminder to all that I have it? No. Did it make me feel like I made it and now I can coast? Absolutely not.
Here's the thing: all the things people said about it being a beginner cert, that it's only the start, etc. were now 100% right, but only after I achieved it. Everything is hard as you work towards it, and then easy after you get it. The only thing that diminishes it as an achievement is if you stop learning after it.
The 2 days I bathed in glory of earning my OSCP were great, and while I wish that feeling lasted a bit longer, it also strengthened my resolve for the next thing, whatever that is (I am looking at you, OSEP).
I'll add the caveat that certs don't mean a thing as long as you can prove you can do the work, and that is something I truly believe. I got my OSCP because it was personal for me and because I learn better with prepared material I can learn from as a base. Offsec is great for this, and all of their training has amazing material.
Whatever you choose, even if it's the CEH, Pentest+, eJPT, SANS class, etc, just know that they are all achievements and are worth celebrating... until you stop learning!