If you have a career in Information Security and are intrigued by defensive and offensive techniques, consider becoming an Offensive Security Certified Professional (OSCP). The OSCP certification is designed to demonstrate the skills and knowledge necessary to be a penetration tester.
It’s a respected multi-dimensional certification for InfoSec professionals. In preparation for the exam, candidates learn and demonstrate penetration testing skills alongside sound concepts of cyber defense.
In this guide
- What is an OSCP certification?
- OSCP versus CEH
- Exam requirements
- Certification cost
- Exam overview
- Salary outlook
Becoming an OSCP establishes that you will be a valuable security team member because you have practical knowledge of attack methods used against infrastructure, systems, and devices. OSCPs are generally well-versed in identifying known and unknown vulnerabilities, including configuration mistakes.
What is an OSCP certification?
OSCP is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional’s knowledge of penetration testing methodologies using tools inherent in the Kali Linux distribution. Kali is an open-source, Debian-based Linux distribution that enables security and IT professionals to assess the security of their systems.
Hiring cybersecurity professionals who have the knowledge required to deploy malicious hacker tools and methods is especially valuable to any security team. Intimate knowledge of the offensive strategies likely to be used against their systems is vital to building an effective defense.
Holding an OSCP certification indicates the holder has acquired essential skills required to work in any of the following roles, among others:
- Security analyst
- Computer forensics analyst
- Security specialist
- Penetration tester
- Security engineer
- Security code auditor
- Malware analyst
- Security consultant
The growing acceptance within the security industry of offensive security certifications reinforces the belief that ethical hacking is a respectable profession, not just a practical ability. This acceptance has created a demand for the subset of computer and network skills once pursued only by malicious actors.
How does an OSCP differ from a CEH certification?
There are currently two prevalent penetration testing certifications available, the Certified Ethical Hacker (CEH) and the OSCP. Each fills a unique role in the cybersecurity industry, although jobs requiring one of these certifications will often accept either.
Individuals holding a CEH certification are qualified from a vendor-neutral perspective. The CEH validates their ability to think and act like malicious hackers. This certification is suited for non-penetration testers and people who lack detailed security knowledge as it focuses less on hands-on labs and is considered more of an entry-level certification than is the OSCP.
The OSCP certification is more hands-on and is highly focused on penetration testing using Kali Linux. It is typically recommended for more experienced information security professionals who want to make a profound and meaningful move into professional penetration testing.
OSCP candidates should be able to enumerate a machine, identify vulnerabilities, and develop solutions to produce shells. It is fair to say that the OSCP is the gold standard certification for penetration testing.
According to Payscale, the average salary for a CEH is $82,966, while an OSCP brings down $96,000.
What are the OSCP exam requirements?
OffSec’s Penetration Testing with Kali Linux (PWK/PEN-200) course packages include one or more exam attempts. After completing the course, or when the student feels ready, they can sit for the OSCP certification.
Unlike some professional certifications, there are no educational or work experience prerequisites for taking the OSCP exam. OffSec suggests that candidates should have a solid understanding of TCP/IP networking, reasonable Windows and Linux administration experience, and be familiar with basic Bash or Python scripting. Candidates take the exam as the concluding portion of the OffSec training course.
Students or professionals considering an OSCP certification should be problem-solvers and analytical thinkers. OffSec has designed the preparation course and exam to test candidates’ ability to apply critical thinking to problem-solving.
OSCP certification cost?
The PWK exam and its certification, the OSCP, are offered by OffSec as part of the PEN-200 training course. The PEN-200 self-guided Individual Course is $1,499. It includes 90-days of lab access and one exam attempt.
The Learn One subscription is $2,499/year and provides lab access for one year and two exam attempts. A Learn Unlimited subscription is $5,499/year and includes all OffSec Training Library courses plus unlimited exam attempts.
Deep Dive into the PEN-200 Course and OSCP exam
The OSCP test preparation PEN-200 course is unique because it combines traditional course materials with hands-on simulations in a virtual lab environment. The course covers the following topics:
- Penetration Testing: What You Should Know
- Getting Comfortable with Kali Linux
- Command Line Fun
- Practical Tools
- Bash Scripting
- Passive Information Gathering
- Active Information Gathering
- Vulnerability Scanning
- Web Application Attacks
- Introduction to Buffer Overflows
- Windows Buffer Overflows
- Linux Buffer Overflows
- Client-Side Attacks
- Locating Public Exploits
- Fixing Exploits
- File Transfers
- Antivirus Evasion
- Privilege Escalation
- Password Attacks
- Port Redirection and Tunneling
- Active Directory Attacks
- The Metasploit Framework
- PowerShell Empire
- Assembling the Pieces: Penetration Test Breakdown
- Trying Harder: The Labs
The exam simulates a live network in a private VPN containing a small number of vulnerable machines. Candidates have 23 hours and 45 minutes to complete the exam. Once test takers have finished the exam, they have an additional 24 hours to upload the required documentation.
The documentation candidates provide as part of the exam includes a professional report describing the student’s exploitation process for each target. Students report all of the attacks, including all steps, commands issued, and console output in the form of a penetration test report. The documentation should be thorough enough that a technically competent reader can replicate the attacks step-by-step.
OffSec warns that the documentation requirements are stringent, and failure to provide sufficient documentation will result in reduced or zero points. They caution that once the student’s exam and lab report is submitted, the submission is final.
The exam is proctored via a virtual connection with screen sharing, chat, and webcam (without audio). Using phones or other electronic devices is not allowed while seated in your exam workstation.
The exam consists of penetrating five machines and submitting detailed reports. Sixty points are possible for the successful compromise of three independent machines and 40 points for attacking two client machines (AD set) for 100 possible points. Students can earn ten bonus points by completing at least 10 PWK lab machines with their detailed reports. Seventy points are required to pass the exam.
OffSec does not release the number of people that hold OSCP certifications or the exam success rate. They believe the exam-taking experience and perceived difficulty are different for everyone, and they don’t want to needlessly discourage or encourage students with numbers based on success or failure.
OffSec’s exam retake policy states that students who purchased the exam via an individual course package may schedule and reattempt an exam as follows:
- After the first failed exam, a student may schedule an exam retake after six weeks from their previous exam date.
- After the second failed exam, a student may schedule an exam retake after eight weeks from their last exam date.
- After the third failed exam onward, a student may schedule an exam retake after 12 weeks from their previous exam date.
Other “cooling off” requirements depend on how the student purchased the exam. More details about the exam retake policy can be found here.
OSCP salary information
The average salary for OSCP holders will vary because the certification applies to many security roles across numerous organizational types. Obtaining this certification will qualify a candidate for advancement to higher-paying positions or entitle them to additional pay in their current role.
With the high demand for experienced cybersecurity professionals in the market today, obtaining an OSCP will open doors for mid-level positions. As a security professional’s career develops, they should consider additional professional certifications. Read more about how to choose the best cybersecurity certifications here.
According to the job site Indeed, the average salary for cybersecurity professionals in roles that often require or compensate for OSCP certification is as follows:
- Software Architect – $132,201
- Penetration Tester – $116,422
- Lead Analyst – $108,598
- Security Analyst – $94,120
- Security Specialist – $75,966
The Bureau of Labor Statistics indicates that the job outlook for Information Security Analysts is expected to grow 33% from 2019 to 2029. This anticipated increase is much faster than the average rate of job growth.
The OSCP certification validates the technical skills needed to execute offensive white hat hacking. For security professionals with an established career in cybersecurity and hands-on hacking experience, becoming an OSCP is an excellent way to demonstrate their skills and expertise.
Security teams need individuals that can use information-gathering techniques to identify and enumerate targets running various operating systems and services. Analyzing, correcting, modifying, cross-compiling, and porting public exploit code are in-demand skills, and the outlook for growth in these areas is exceptional.
The OffSec PEN-200 test preparation training will equip candidates with the ability to write basic scripts and create automated tools to assist the pentesting process, conduct privilege escalation, and carry out client-side attacks.
Successful OSCP candidates understand the mechanics of vulnerabilities and think critically about leveraging the vulnerability into code execution. An aptitude for creative problem solving with lateral thinking skills will serve OSCPs well as they contribute to the overall success of their organization’s cybersecurity defense.