Underrated Ethical Hacking Certs (Better than OSCP)
Summary
TLDRThe video discusses alternatives to the OSCP (Offensive Security Certified Professional) certification for those starting out in ethical hacking or cybersecurity. It critiques the high cost and difficulty of OSCP for beginners and highlights better options like TryHackMe, Hack The Box CPTS, and others. These alternatives offer affordable, hands-on training to build practical skills in penetration testing and cybersecurity. The speaker emphasizes the importance of choosing beginner-friendly certifications, focusing on practical skills for job interviews, and exploring red teaming for advanced learners.
Takeaways
- 💡 The OSP (Offensive Security Certified Professional) is considered the gold standard for ethical hacking certifications, but it's expensive and difficult, especially for beginners.
- 🛑 OSP costs about $1,649 for one exam attempt and 90 days of lab access, and many people need more time and attempts, leading to higher costs.
- 🙅 C (Certified Ethical Hacker) is not recommended either, as it’s multiple-choice based and lacks practical, hands-on training.
- 💪 Try Hack Me is a highly recommended, beginner-friendly, and affordable platform for learning ethical hacking, offering courses with hands-on experience.
- 🎯 Beginners should start with Try Hack Me’s 'Pre-Security' and 'Introduction to Cyber Security' courses to build a solid foundation in networking, Linux, and basic security.
- 🚀 For those ready to advance, Try Hack Me’s 'Junior Penetration Testing' course offers intermediate-level learning on web applications, network security, and privilege escalation.
- 🏋️ Hack The Box's CPTS (Certified Penetration Testing Specialist) is another recommended course for those seeking deeper knowledge and challenges in penetration testing.
- 🧠 INE’s EJPT (eLearnSecurity Junior Penetration Tester) and ECPPT (eLearnSecurity Certified Professional Penetration Tester) are praised for their hands-on, structured learning.
- 🏁 Red Team training, like Zero Point Security's Red Team Ops 1 & 2, is for advanced learners looking to emulate real-world hacking scenarios.
- 🔀 For those unsure about penetration testing, focusing on general cybersecurity skills and defensive technologies before diving into penetration testing is a good approach.
Q & A
What is the OSP certification, and why is it considered the gold standard?
-The OSP (Offensive Security Professional) certification is known for being the gold standard in ethical hacking and penetration testing because it focuses on hands-on, practical knowledge. Passing the OSP exam demonstrates a practical level of skill necessary for penetration testing jobs.
Why is the OSP certification not recommended for beginners?
-The OSP certification is costly, challenging, and time-consuming for beginners. It costs around $1,649 for one exam attempt and 90 days of lab access. Most beginners require more than 90 days and often need multiple attempts, leading to frustration and higher costs.
What are some alternative certifications or courses recommended for beginners?
-Alternatives like TryHackMe and Hack The Box are recommended for beginners. They offer practical, hands-on training at a lower cost. Courses like TryHackMe's Pre-Security and Introduction to Cyber Security are beginner-friendly and build foundational knowledge.
Why is focusing only on free challenges and Capture the Flag (CTF) exercises not enough to land a cybersecurity job?
-Free challenges and CTF exercises provide limited practical skills. Employers seek candidates with comprehensive training and certifications, which demonstrate the ability to handle real-world cybersecurity tasks beyond just completing challenges.
What makes TryHackMe's junior penetration testing learning path valuable for beginners?
-TryHackMe's junior penetration testing learning path is rated intermediate but provides a structured, step-by-step approach to learning offensive security. It covers important topics like web application security, network security, and privilege escalation, essential for ethical hacking.
How does Hack The Box's CPTS course differ from OSP?
-Hack The Box's CPTS (Certified Penetration Testing Specialist) course is more challenging than OSP, with a 10-day exam compared to OSP's 24-hour exam. CPTS is highly respected in the hacking community and provides deeper, hands-on knowledge, making it ideal for experienced learners.
What is the role of Red Teaming in penetration testing?
-Red Teaming is an advanced form of penetration testing where testers simulate real-world attacks to assess an organization's security. Red Teaming requires advanced skills in reconnaissance, active directory exploits, and access without detection, making it more challenging than regular penetration testing.
What is the eJPT certification, and who is it for?
-The eJPT (eLearnSecurity Junior Penetration Tester) certification is ideal for beginners who want an introduction to penetration testing. It provides hands-on knowledge and covers essential cybersecurity topics, even for those not interested in becoming full-time penetration testers.
What are the key differences between the OSP exam and its training program?
-While the OSP exam is highly regarded, the training provided by Offensive Security is often criticized for being inadequate. The training lacks structure and requires learners to figure out much on their own, whereas other programs like Hack The Box or INE offer more comprehensive and practical training.
What should someone who doesn't want to be a penetration tester focus on instead?
-If someone isn't aiming to become a penetration tester, they should focus on broader cybersecurity training. Courses in defensive technologies, general cybersecurity knowledge, and GRC (Governance, Risk, and Compliance) are good starting points for those wanting a more generalist role in cybersecurity.
Outlines
🤔 Choosing the Right Ethical Hacking Certification
This paragraph discusses the dilemma faced by individuals considering ethical hacking training. It introduces the OSCP certification, which is regarded as the gold standard for penetration testing jobs, but warns against it for beginners due to its high cost and complexity. The speaker also criticizes the CEH certification, highlighting its lack of practical skills, making it unsuitable for interview preparation. The paragraph sets the stage for exploring alternative certifications that are more affordable, practical, and beginner-friendly.
💡 TryHackMe: A Beginner-Friendly and Affordable Option
The focus here is on TryHackMe, a popular and affordable platform for learning ethical hacking. It's praised for being beginner-friendly and offering practical courses for a low subscription cost, with discounts for students. The speaker emphasizes that relying solely on free content and challenges, like Capture the Flag, isn’t enough to secure a cybersecurity job. Instead, the speaker recommends structured courses such as 'Pre-Security' and 'Introduction to Cyber Security' to build a solid foundation before moving on to more advanced topics like penetration testing.
🚀 Intermediate Pathways: Junior Penetration Testing and Red Teaming
This paragraph introduces more advanced learning paths on TryHackMe, such as the 'Junior Penetration Testing' course, rated as intermediate. The course covers crucial topics like web application testing, Burp Suite, Metasploit, network security, and privilege escalation. The speaker also mentions the 'Red Teaming' path, which is more advanced and focuses on simulating real-world hacking scenarios, including active directory exploitation. These courses are designed to build in-depth penetration testing skills and are considered challenging but valuable for those pursuing a cybersecurity career.
🔐 Hack The Box and CPTS: Advanced Ethical Hacking
This section highlights Hack The Box's CPTS certification as an alternative to OSCP. While Hack The Box offers free challenges, the speaker stresses that the real value lies in their structured courses and certifications. The CPTS exam is notably harder than OSCP, lasting 10 days compared to OSCP’s 24-hour exam, and passing it is a testament to one’s expertise in penetration testing. The speaker recommends beginners start with TryHackMe before attempting Hack The Box to make the learning curve less steep. The platform is also recognized for offering discounts for students.
🔑 Sponsored Section: North Pass Business for Cybersecurity Compliance
In this brief sponsored section, the speaker introduces North Pass Business, a password manager designed for businesses to improve productivity and adhere to cybersecurity standards like ISO 27001 and SOC 2. It emphasizes North Pass's ability to enhance security through features like end-to-end encryption and auto-login. The speaker highlights that organizations often spend significant resources on password management, and North Pass helps streamline this process while ensuring compliance. A limited-time offer with a discount code is also shared.
📚 INE: Comprehensive Cybersecurity Training
This paragraph introduces INE, previously known as eLearnSecurity, as a top-tier provider of cybersecurity training. The platform offers courses for both beginners and advanced learners, covering topics like penetration testing, web application security, and digital forensics. The speaker recommends the EJPT course for those new to penetration testing and the ECPPT for those wanting a deeper dive. INE’s training is praised for being more comprehensive than OSCP's, saving learners time by providing structured guidance, rather than relying on OSCP’s 'Try Harder' philosophy.
🔍 TCM Security: Affordable and Practical Penetration Testing Training
This section highlights TCM Security, known for offering practical and competitively priced courses in cybersecurity. The flagship course, PNTP (Practical Network Penetration Tester), covers similar content to OSCP but is regarded as more accessible and equally valuable in preparing for penetration testing jobs. The speaker emphasizes that learners now have various affordable options, like TCM, to gain essential hacking skills without the high costs associated with OSCP.
🏋️♂️ Zero Point Security: Advanced Red Teaming for Experts
The speaker introduces Zero Point Security, a provider of advanced red teaming courses like 'Red Team Ops 1' and 'Red Team Ops 2'. These courses are designed for experienced professionals who have already completed certifications like OSCP or PNTP. The exams for these courses are extremely challenging, lasting several days and testing advanced skills such as compromising active directory systems. The speaker warns that these courses are not for beginners but are excellent for those looking to specialize in red teaming.
🤷♂️ Should You Pursue Penetration Testing?
The speaker addresses an important question: Should everyone pursue penetration testing? While penetration testing and ethical hacking are high-paying fields, they come with challenges and may not suit everyone. The speaker suggests that those unsure about their career path in cybersecurity should first focus on gaining generalist knowledge in defensive technologies, GRC, and broader cybersecurity skills. Penetration testing can be pursued later once foundational cybersecurity knowledge is acquired. The speaker also offers a video guide for beginners seeking a step-by-step approach to starting a cybersecurity career.
Mindmap
Keywords
💡OSCP
💡TryHackMe
💡Penetration Testing
💡Capture The Flag (CTF)
💡Hack The Box
💡CPTS
💡Red Teaming
💡Privilege Escalation
💡EJPT
💡INE
Highlights
The OSCP is considered the gold standard for ethical hacking certifications but is costly and time-consuming, especially for beginners.
For beginners, the OSCP may not be the best option due to its high price ($1,649 for one attempt and 90 days of lab access) and the likelihood of needing more than one attempt.
TryHackMe is recommended as an affordable and beginner-friendly platform, with a subscription costing around $10 per month and offering a wide range of resources.
One common mistake beginners make is focusing solely on free content and capture-the-flag challenges, neglecting structured training that is crucial for job readiness.
TryHackMe's 'Pre-Security' and 'Introduction to Cyber Security' courses are ideal starting points for complete beginners, providing foundational knowledge in networking, Linux, and security concepts.
The 'Junior Penetration Testing' learning path on TryHackMe is an intermediate-level course designed to introduce offensive security and penetration testing in a structured way.
Hack The Box CPTS is a more advanced certification that is challenging for beginners but is highly respected in the hacking community and can make passing the OSCP easier.
Hack The Box CPTS includes a 10-day exam that is significantly more challenging than the 24-hour OSCP exam, emphasizing hands-on penetration testing skills.
Another highly recommended platform is INE, which offers comprehensive training for different aspects of cybersecurity, including web application penetration testing, mobile phone security, and digital forensics.
The eLearnSecurity eJPT and eCPPT certifications are excellent alternatives to OSCP, with better training materials that are structured to save time.
The speaker criticizes OSCP training, stating that it lacks proper structure and encourages too much reliance on self-research rather than teaching skills effectively.
For red teaming, the Zero Point Security platform offers advanced courses such as Red Team Ops 1 and 2, with extremely challenging exams designed to emulate real hacking scenarios.
The speaker advises against starting with advanced certifications like OSCP or CPTS for those who are unsure if they want to pursue penetration testing as a career.
For those interested in general cybersecurity, the speaker suggests learning defensive technologies, general cybersecurity knowledge, and GRC before diving into penetration testing.
The overall advice is to start with affordable, structured training like TryHackMe, focus on general cybersecurity, and only pursue advanced certifications like OSCP later in one's career.
Transcripts
so you're looking to do some ethical
hacking training and you consider doing
the OSP because it's the gold standard
for ethical hacking jobs or perhaps
you're trying to land your first cyber
security job but you don't necessarily
want to be a full-time penetration
tester instead you just want to feel
more confident in your ability to apply
for cyber security jobs and do well in
interviews therefore you looked into
doing some ethical hacking
certifications and you came across
something like C or or OSP we'll talk
about C later in this video but for
those of you who don't know OSP is
considered the gold standed for hacking
certifications because the exam is fully
Hands-On and practical therefore passing
the OSP exam proves that you have the
minimum level of practical knowledge
required to do the job nearly every
full-time penetration testing role is
asking for the OSP but the question is
if you're a beginner should you do the
OSP or should you do something more
beginner friendly like C will spoiler
alert but the answer to both is no
that's because the ocp has so many
problems with the biggest one being the
price as of the time of recording this
video it costs about
$1,649 us for one exam attempt and 90
days access to their lab but the real
problem is most people especially
beginners end up needing a lot more than
90 days to just finish the training and
do the labs not only that but most
people usually need more than one exam
attempt therefore it ends up costing you
thousands of dollars and hours upon
hours of frustration and some people
even lose their confidence as they study
for the ocp which is not what you want
if you're embarking on a journey to land
your first cyber security job now the C
is even worse it's a multiple choice
exam that doesn't give you any practical
skills that you can Showcase in the
interview and therefore it will not give
you the confidence to answer anything in
the interview so what should you do well
what if I told you that things have
changed there are newer and far better
options out there that are suitable for
someone who's starting from zero and
wants to gain Hands-On practical ethical
hacking knowledge that are not only
cheaper than the ocp but the quality of
the training is a lot higher you'll gain
the confidence to do well in the
interview and truly Excel on the job I'm
going to take you through five training
courses and certifications that are not
only cheaper and better than the OSP but
doing them will make passing the OSP a
lot easier starting with the first and
possibly the most underrated one in the
list which is number one try hack me if
you've been watching my videos for a
while you know I love try hackme they
are one of my absolute favorite
platforms to learn because of two
reasons first they are extremely
beginner friendly they have courses that
will give you the background necessary
for someone someone who's never done any
technical work before but second and
more importantly is they are extremely
affordable they have a ton of free stuff
and their subscription cost something
like $10 per month and on top of that
they have a generous discount for
students which is absolutely crazy but
the biggest mistake that I see beginners
make with tryck me is that they go and
only do the free stuff that try hack me
offer and they spend so much time on
these challenges and capture the flags
now listen of been in this industry for
a very long time and I've helped
hundreds of individuals just like you
learn their first cyber security job by
following advice that I post on my
videos in fact I post success stories
every week from individuals from all
around the world who manag to land a
cyber security job following my advice
so trust me when I tell you this doing
capture the flags and free courses alone
is not enough to L you a cyber security
job for the most cases you need to focus
on proper training and certification
programs with try hackme the real value
is in the courses that I'm about to show
you if you're brand new and you've never
done any technical work before then you
need to start with two courses that they
have which are the pre-security this
will give you an introduction to the
world of offensive security it will go
over the basics of networking of Windows
of Linux which is a necessary background
for someone who wants to learn
penetration testing the next course that
you need to do if you start starting
from zero is called introduction to
cyber security this will give you more
knowledge in the world of cyber security
and penetration testing it will go over
web application security operating
system security and network security it
will even introduce you to digital
forensics and security operations whilst
these are not exclusive to penetration
testing however this knowledge is
important for anyone who's embarking on
a journey to learn cyber security and
ethical hacking but the real value is in
their harder and more challenging
training certification programs so the
first penetration testing course from
trackme is the junior penetration
testing learning path the difficulty for
this course is rated intermediate so it
is more challenging than the
pre-security and the introduction to
cyber security this one will introduce
you to the world of offensive security
and penetration testing and on section
three it will take you through web
application penetration testing which is
a really important topic for ethical
hacking
and then section four goes over bird
Suite with Section Five focusing on
network security section six goes
through vulnerability research and
section seven goes over Metasploit and
ending with Section 8 which is a
slightly more advanced topic that is
privilege escalation offensive security
learning path yes this will have room
and exploitations and Capture the Flag
style but it's structured in a way to
teach you a subject so they have an
advanced exploitation section with so
many challeng Alles that will build out
your skills in a stepbystep manner but
then we have section three which is
dedicated to an advanced topic we call
Buffer overflow exploitation and then on
section four it goes over active
directory which is absolutely crucial
for penetration testing and in section
five it goes over more challenges now
this learning path is a fairly Advanced
learning path it is not easy and in
terms of difficulty it's rated as
intermediate but the next one is a
really challenging one this one is
called the red teaming learning path red
teaming is a more advanced form of
penetration testing where you emulate a
real group of hackers so you need to
know a lot about reconnaissance and
gaining access without any assistance
but you also need to be really well
versed in active directory exploits
amongst other Advanced Techniques as
well as you can see the course consists
of six sections starting with the
fundamentals of red teaming and ending
with a fairly Advanced topic which is
compromising active directory this is
the bread and butter of red teams now
this course is rated hard which means
it's meant to be Advanced and
challenging now for those who don't want
to be ethical hackers perhaps you want
to work in a security Operation Center
or you want to work in GRC then you
don't need to do all of these courses
the junior penetration testing course is
enough for your purposes but if you want
to challenge yourself more and do the
ocp then the next course that I'm about
to recommend will will not only make
passing the OSP a lot easier but in fact
the training course itself is so much
better than the OSP and it's cheaper
which is the second CA on the list
number two hack the box cpts now I have
recommended hack the Box before in my
videos but I also noticed that beginners
tend to make the same mistake with hack
the box that they do with try hack me
they only focus on the free stuff and
the challenges and the capture the flags
whilst they neglect the one thing that
will actually get them hired which is
the important training and certification
programs this is where the real value is
at now the cpts is like every other
course that I've ever recommended in my
life it's practical and handson now the
course itself includes all the knowledge
that you need to learn and pass the exam
however I did find that the course can
be challenging for absolute beginners
especially if you're someone who don't
have a lot of technical knowledge I
recommend you start with try hack me
first it will make your life a lot
easier than if you started right away
with hack the box and just like try hack
me hack the Box have a generous discount
for students I'll leave a link to the
course in the description box under the
video and trust me when I tell you this
the cpts exam is a lot harder than the
OSP the cpts exam is 10 days long what's
the OSP is 24 hours but not only that
the nature of the exam itself and the
way it's structure make makes it a lot
more challenging than the ocp therefore
if you pass the cpts then you definitely
know your way around penetration testing
and you'll be able to demonstrate that
in an interview setting and on the job
not only that but passing the OSP so
much easier in fact just doing the cpts
alone might land you a penetration
testing job because hack the box cpts is
really well respected in the hacking
Community now the next training that I'm
about to to recommend for you is one
that I don't see so many people talk
about online which is really
disappointing because they remain one of
my absolute favorite training providers
but before we get to that a word from
our sponsor not pass business not pass
business is an intuitive password
manager ideal for businesses and
individuals because it's proven to
improve productivity not only that but
not pass ensures the highest privacy and
security standards for customers through
end toin encryption and zero knowledge
architecture in fact a great use for
northp business is using it to adhere to
cyber security compliance standards
because North pass serves as a secure
access solution that can help your
organization meet security standards
such as ISO 2701 sock 2 and even heppa
now did you know that it help this
Staffing alone can cost around $1
million per year for some large
organizations and guess what consumes a
lot of their resources it's resting
passwords but not pass is proven to
improve efficiency in that regard now
another big problem that organization
struggle with is convenient especially
when you have a large number of
passwords to manage but with not pass
business you cannot only have your
passwords managed but you can also use
the auto login feature to make login
seamless and convenient nor pass
business can also create strong
passwords by default with easy to
configure password policy now resarch
shown that on average it takes an
organization 121 days to find out that
they have a data breach which is
absolutely crazy but with not pass data
breach notification option you can
change any compromised password before
any damage is done but best of all you
can try n pass for 3 months for free and
they've given us an exclusive deal over
a 20% discount check it out at NP
pass.com Unix guy and use the activation
code Unix guy it's a limited time offer
so please check it out and back to the
video the next training provider which
is number three
in formerly known as e-n Security in my
experience all the courses are topnotch
if you just want an introduction to
penetration testing then I highly
recommend the beginner training course
which is ejpt it will give you the
Hands-On knowledge that you need to be a
well-rounded cyber security professional
this is ideal for those who don't want
to be penetration testers but they still
want to gain that knowledge I remember
doing this course when it was first
introduced years ago and it was
absolutely fantastic whereas if you want
to do a deep dive into penetration
testing then ecpp is the course that
you're looking for it's an absolutely
brilliant training and it covers similar
topics to OSP except the training itself
in my opinion is so much better than OSP
I leave a link to both these courses in
the description box under the video now
between you and me I think the OSP exam
is really good because it can prove that
you have the practical skills that we
need in penetration testing jobs but
what I really don't like is the ocp
training that's provided by offensive
security I think it can definitely be
improved and I don't necessarily agree
with their Mantra of trada the training
itself in my opinion is a little bit
lacking and saying things like trada is
just not good enough in my opinion I
think that training itself can
definitely improve whereas in training
courses like ecpp or hack the box or any
of the other courses that I mentioned
the training itself is fairly
comprehensive and it will give you
everything that you need to pass the
exam the whole point of a training
course is that it give you a structure
and it saves you time the point of a
training course is not to spend all your
time spinning your wheels and going to
Google every single thing I'm curious to
see what everyone thinks about that now
INE as a platform they have cyber
security training courses that cover
literally every aspect of cyber security
they have web app penetration testing
courses mobile phone penetration testing
courses even digital forensics and
threat hunting they literally cover
everything in cyber security so if you
want to be an expert in your field then
you have no excuse you can simply go
through the training course and gain the
practical skills that you need for the
job now the next training provider have
a very similar approach to in they have
practical courses that cover a wide
range of cyber security topics but their
prices are extremely competitive which
is number four on the list tcmc I'm a
big fan of their Flagship course pntp I
think it's a phenomenal penetration
testing course it covers topics similar
to ecpp and ocp it gives you practical
knowledge and it gives you the skills
that we need on the job so now you have
so many options to learn the important
topics and to gain the skills of a
hacker you honestly can't go wrong with
any of the courses that are recommended
so far you've got options this is a good
thing and trust me I only wish I had
access to these courses that you have
when I first started my career we
literally had nothing now for those
freaks out there who want to take things
a step further and you still want to
challenge yourself even more then the
next step for you will be red teaming
skills which as we touched on brief when
we talked about try hackme red teaming
is essentially emulating what real
hackers do so usually you're expected to
have a lot more skills and it's a lot
more advanced than your regular
penetration test so if this is what
you're after then the next training
provider is one that most of you haven't
even heard of in fact I've personally
discovered them recently which is number
five on the list Zero Point Security
they have two fantastic red teaming
courses but they are absolutely not for
the faint of heart these are fairly
Advanced courses you so you need to come
prepared this is something that you do
after passing your ocp or after you do
your pntp or ecpt or hack the Box this
is not something that you start with the
courses are red team Ops one and Red
Team Ops 2 the exam for red team Ops one
is 4 days long and the exam for red team
Ops 2 is 8 days long as I said those are
extremely challenging courses but the
quality is absolutely topnotch I'll
leave a link to both these courses in
the description box under the video now
the important question that you need to
ask yourself is what if I don't want to
be a penetration tester should I still
do some of these Advanced courses like
pntp or cpts or ecppt what if I'm not
sure that I want to be a penetration
tester at all well that's an excellent
question and it's something that you
need a lot of clarity on because I'll be
honest with you here whilst penetration
testing and ethical hacking jobs they
pay a lot of money but they also have
their own set of challenges they are
definitely not for everyone so should
you still do penetration testing
training the honest answer is yes but
they shouldn't be what you start your
Learning Journey with instead I will aim
to take more of a generalist approach to
cyber security so I would aim to learn
first something like defensive
Technologies generalist cyber security
knowledge and even GRC penetration
testing is something that I would
personally do later once you learn that
first cyber security job then you can
spend the rest of your life doing
penetration testing training if so you
desire now if you want a stepbystep
guide on how to start your journey of
becoming a generalist cyber security
professional starting from zero then I
created this video with detailed
instructions on exactly how to do it in
the fastest and cheapest way possible so
check it out and I'll see you there
関連動画をさらに表示
Cybersecurity Certificate Tier List (2024)
Cyber Security Certificate Tier List – UPDATED (2023)
How to Get into CyberSecurity | Step by Step Roadmap (2024)
Kickstart Your Cybersecurity Career: Top 5 Certifications for Newbies
Underrated Cyber Security Certs that WILL get you HIRED
Learn Cyber Security for FREE! Best Hacking Resources
5.0 / 5 (0 votes)