Who I am
My name is BK. I am a web application and external network penetration tester looking to grow in my career and within the public facing cybersecurity space.
To do that I am leveraging this site to post my goals, reviews, pitfalls, and updates on my learning journey. I am a big proponent of being a lifelong student, especially in the cybersecurity space.
I will be balancing the huge prices of training and certifications as well as time commitment the best I can, using this blog to help keep me accountable in my journey.
Why OSCP?
The OSCP certification is my main target as a penetration tester. There will be others before and others after, but this is what I am shooting for in the meantime. This cert specifically because of its industry recognition and its hands-on exam that shows that I can do more than guess A,B,C, or D correctly (no hate on multiple choice exams, they have their place too).
My Current Roadmap –
My current roadmap is set to run about 2 years (when I can hopefully get a rotating to access enterprise content through Offensive Security). This is subject to, and will absolutely change during this time as I will learn what works and what doesn’t.
This roadmap has an expected OSCP exam time of 15 months, I put it here because I am unsure of when I’ll get access to the training material and it may need to be pushed back if I am covering costs myself. After that there is room for a potential OSEP (wishful thinking, I know) and more personal career based moves.
Again, I am writing this as a way to keep myself organized and disciplined in my endeavors.
I don’t have security+ or THM on here because I already have the sec+ certification and have paid my dues in THM.
Year 1: Building Range and Depth
| Month | Focus | Certifications | Labs |
|---|---|---|---|
| 1 | Planning & Setup | — | HTB Starting Point |
| 2 | Cloud Fundamentals | AWS Cloud Practitioner | AWS labs |
| 3 | Azure Fundamentals | AZ-900 | Azure sandbox |
| 4 | Active Directory & Enumeration | — | HTB Easy Boxes, Proving Grounds |
| 5 | CRTP Prep | CRTP | Pentester Academy labs |
| 6 | CRTP Exam | CRTP | BloodHound, PowerView |
| 7 | eJPT v2 Prep | eJPT v2 | HTB Medium Difficulty |
| 8 | eJPT v2 Exam | eJPT v2 | HTB Web Challenges |
| 9 | PNPT Prep | PNPT | TCM labs |
| 10 | PNPT Exam | PNPT | External/Internal labs |
| 11 | OSCP Prep Begins | — | PWK lab setup |
| 12 | OSCP Lab Work | — | PWK labs |
Year 2: OSCP Grind & Career Building
| Month | Focus | Certifications | Labs |
|---|---|---|---|
| 13 | OSCP Lab Work | — | PWK labs, HTB Hard Boxes |
| 14 | OSCP Lab Work | — | PWK labs, custom setups |
| 15 | OSCP Exam Attempt | OSCP | PWK exam |
| 16 | Recovery & Reflection | — | HTB, Proving Grounds |
| 17 | Advanced Web & AD | — | HTB Hard Boxes, AD labs |
| 18 | Red Team Foundations | — | C2 frameworks, evasion labs |
| 19 | OSEP Prep | OSEP (maybe?) | OffSec labs, HTB Insane Boxes |
| 20 | OSEP Exam Attempt | OSEP | Custom attack chains |
| 21 | Cloud Security | AWS Security Specialty (optional) | AWS labs |
| 22-24 | Future Planning | — | — |
Contact
Please feel free to leave a comment under this post (moderated) or go to the contact page to let me know your thoughts, if you have any tips, or pitfalls you may have found when pursuing certifications or in the industry in general!