I’ve been a NetAdmin for five years and have a strong grasp of TCP/IP and firewalls. I want to move into offensive security. Which certifications are actually respected by recruiters right now? Should I go for the CEH, or is the OSCP still the king for landing a hands-on role?
3 answers
Your background in networking is a massive advantage! Most hackers struggle because they don't understand the underlying protocols. Regarding certifications, the OSCP (Offensive Security Certified Professional) is still the most respected for "hands-on" roles because the exam is 24 hours of actual hacking. CEH is often requested by HR for government or large corporate roles but is seen as more theoretical. I’d suggest starting with the eJPT for a confidence boost, then diving into the OSCP. Also, spend time on platforms like Hack The Box or TryHackMe to build a portfolio of "pwned" machines to show recruiters.
The certification path is clear, but do you think it's necessary to learn a programming language like Python or Bash before attempting these exams?
Don't forget the importance of "Soft Skills." Being an ethical hacker is 20% hacking and 80% explaining to the client why the vulnerability matters and how to fix it.
Frank is right. If you can't write a clear report that a C-level executive understands, the technical hack doesn't provide much value to the business.
Absolutely, Arthur. You don't need to be a software developer, but being able to read and modify exploit scripts is vital. Python is the industry standard for hacking scripts, and Bash is essential for navigating Linux environments. Knowing how to automate repetitive tasks will save you hours during an actual penetration test and is a skill that separates junior testers from senior-level professionals in the field.