The OSCP & Me

I’ve been on the path of cybersecurity for a number of years. I’ve always loved working on computers. Growing up I was the IT guy of my family. I remember helping my parents set up their home network for their business and using that same network to have LAN parties with friends. I never developed a true technical skill set but I was always curious how computers interacted with each other. That curiosity is what’s blazed a trail in the cyber security industry for me. Who knew you could make a career out of googling?

I had gotten my CISSP a few years ago. The work experience requirements are more broad than you might think — I’ve not yet technically had a job in IT but my career has always focused on one or more of the security domains, primarily risk management, governance, and compliance. When I got it, however, I felt that it did not bridge the IT gap I was hoping for. On my own time I was gaining a lot of technical skills that left me content. At work I used a tool called Alteryx which allowed me to start thinking more like a developer and work with different IT areas. It also allowed me to start incorporating what I learned at home by adding scripting with .bat files and using python to automate some of the boring stuff.I was picking up new skills left and right and knew I wanted to work in a more technical capacity, so I started my job search.

I started working on certifications with Azure and Cisco and they weren’t scratching the ‘technical itch’ I was looking for. Through my job searches I found countless job postings requesting Certified Ethical Hacker or the OSCP designations. I did some digging and the cyber security community has a ton of respect for people with the OSCP but the CEH could be better for HR filters. Since the previous certs I got weren’t heavy in any technical sense, I really wanted to get the OSCP. An insane 24 hour, live, box hacking exam sounded like the perfect challenge. The $999 price tag however, made me want to seek out other options.

Rather than drop a cool thousand dollars on an exam, which admittedly does also include training, I decided I would gain the necessary competencies and hold off on getting the certification itself. The certification itself won’t get me a job but the experience, knowledge, capabilities, and networking I would need to gain in order to pass it would certainly be a boon to my career.

So I put together a list resources to help me on my journey. Hackthebox, Vulnhub, and Tryhackme all provide excellent training opportunities. For the purposes of this blog, I am going to work primarily with vulnhub since I won’t be banned from the service by sharing my solutions, thoughts, and ideas with you. You can see what I have currently scheduled and completed here. I want this blog to be a documentation of my path to becoming a security expert and provide some alternative paths to breaking into the cyber security industry.