In a sea of cyber certification offerings surrounded by oceans of vocational and university programs all independently creating curricula, training methodologies and proficiency validations for information security professionals and practitioners, one program is developing a reputation for being undeniably credible when it comes to the penetration testing process and life cycle: the OSCP. The OSCP (Offensive Security Certified Professional) accreditation was created and is administered by the organization Offensive Security. Its value, however, may go far beyond pure proactive cybersecurity proficiency and touch upon more ethereal characteristics about the individuals who hold one.
The OSCP exam is the self-proclaimed “world’s first completely hands-on offensive information security certification.” Its goal is testing and certifying an ability “to be presented with an unknown network, enumerate the targets within their scope, exploit them and clearly document their results in a penetration test report.” The OSCP is 100 percent practical, contains no Q&A and no multiple choice. Sitting to take the OSCP takes 24 hours and strong internet access to connect virtually to a remote lab. Challenges presented to the test-taker are random, so everyone who sits gets a totally different experience while still measuring the same core skills. To certify you must complete the entire consecutive 24-hour exam and then write a report documenting the accomplishments within 24 hours of completing the practical. The exam is scored pass or fail. No core changes have been implemented in the exam process since the inception of the OSCP, and this approach is at the core of OSCP culture.
