OSCP
Offensive Security Certified Professional. A 24-hour practical exam that remains the industry's most respected entry-to-mid penetration testing credential.
OSCP is respected, but practical lab experience and persistence matter significantly. Many testers earn PNPT, CPTS or build a HTB Academy portfolio first, the cert validates skill, it doesn't replace it.
In context
This cert in isolation tells you very little. Here is where it actually sits. The pathways that use it, and the roles it realistically supports.
- Junior Penetration Tester
- Red Team Operator
- Application Security Engineer
- Offensive Security Consultant
OSCP is still the cert that opens doors at consultancies, and it's the only popular offensive cert where the exam genuinely punishes shortcut-takers. The catch nobody admits: the exam isn't the hard part. The six to nine months of HTB and PG lab boxes that precede it are. People who try to brute-force OSCP in eight weeks of paid lab time mostly fail, then quietly don't tell anyone. If you've got six months of consistent lab evidence already, it's worth every penny. If you don't, start with eJPT or PNPT and earn the right to attempt this one.
Recommended prior knowledge
- Solid Linux command line
- Networking + TCP/IP fundamentals
- Comfort with Python or Bash scripting
- Exposure to Active Directory
Common misconceptions
- OSCP makes you a senior pentester, it's a competent-junior benchmark.
- Try Harder solves everything, methodology and notes matter more.
What this cert does NOT guarantee
- Six-figure salary day one
- Red team operator roles
- Bug bounty income
Practical skills that matter
- Enumeration
- Privilege escalation (Win/Linux)
- Active Directory attacks
- Web app exploitation
- Buffer overflows (legacy)
- Report writing