Unlike other fields, cybersecurity certifications do carry value and especially for penetration testing. This post will go over why certifications may be valuable for both getting a job and advancing your skillset. In particular, there is a series of certifications from an organization called offensive security, where all of the exams require real-time hacking of systems under time constraints. They are highly respected and very useful for someone interested in learning how to hacker computers.
CEH
The certified ethical hacker is a certification offered by EC-Council that introduces people to the concepts and techniques used by computer hackers. I would consider the CEH to be an introductory level certification, it’s primarily theory-based and doesn’t require in-depth knowledge before studying for the certification. If you’re brand new and you want to get a good understanding of what a hacker does, what the process of professional ethical hacking looks like and some of the tools people use, the CEH would be a good place to start. EC Council also offers some improved versions of the CEH such as CEH practical where you can get some hands-on experience.
OSCP
This certification and all of the certifications below that begin with an “O” are offered by offensive security. OSCP stands for offensive security certified professional and is a hands-on penetration testing course and certification. This certification is a step up from the CEH. While CEH is more theory-based, like your traditional classroom course, OSCP is centered around learning by doing. The training involves getting access to a virtual lab where you will be required to hack into different machines in an attempt to compromise all of the machines within the lab environment. The exam itself requires you to hack into a certain amount of systems within the time limit given and then you must provide a written write-up of your findings. The write-up portion is meant to simulate what you would be expected to do for a client. This certification gives you a good idea of the level of skill required to perform a professional penetration test.
OSWP
Offensive security wireless professional (OSWP) focuses on training students to audit, compromise and secure wireless devices. This means things like securing routers from ease dropping, packet analysis and WPA attack techniques. This is similarly difficult as the OSCP but it focuses on wireless attacks. I wouldn’t recommend this certification unless you want to specialize in this niche.
OSEP
This course focuses on evasion techniques and breaching defenses. According to the offensive security website, this course is one step above the OSCP and OSWP in terms of difficulty. This course teaches advanced pen-testing techniques centered around evading detection by security controls.
OSWE
OSWE, Offensive security web application and exploitation teaches you how to exploit web applications. This includes looking at web application source code, SQL injections, XSS and other web-based attacks. Web application and mobile penetration testing is a growing specialty, almost every company has a website or web application. It’s one of the first things new companies want to test for security and it’s a great specialty to consider.
OSED/OSEE
These two certifications focus on the development of computer exploits. If you’re interested in being a very good malware author (someone that creates computer malware), these two courses may be the most interesting for you. They teach you how to create exploits from scratch that can bypass common security mitigations. If you’re interested in working for the government developing cyber weapons then this may be a good starting point for you. There are people called “Cyber Arms Dealers” that create advanced computer malware that they sell to governments for large sums of money, easily 6 figures and possibly 7 figures for well-written programs.
CISSP
This is a very different type of certification but it can still be relevant depending on what your end goal is. The CISSP is a management-level certification and teaches the principles of risk management that would be useful for being a security professional in a big company. CISSP is probably the most requested certification in job applications and is very useful if you’re interested in going into any type of management or team lead type of position. It’s not a technical certification and it doesn’t focus on penetration testing specifically, but it can be useful in advancing your career.
Final Thoughts
Certifications in information security can be useful, especially for getting past the HR person. Many times job applications will ask for at least 1 relevant certification and it can be hard to get an interview without one, so there’s value in it for that reason alone. More than that, many of these certifications here can help you facilitate your learning and advancing your skillset. Particularly the certifications offered by offensive security are well respected for demonstrating a good understanding and ability to hack into systems. If you’re serious about becoming a professional hacker and you’re not sure where to begin, I would consider looking into one of these certifications.