How to earn your OSCP certification (2025)
1. Try harder, live harder
Obtaining an OSCP certification is widely considered an excellent first step into the world of cybersecurity. However, you’ll also find plenty of opinions online that strongly criticize the value of certifications in general. These opinions often come from those who argue that there’s no real value in what you’re paying for, and that a self-taught path is just as valid and effective.
Personally, I believe that paying for a certification can be a good strategy if you want to stand out during the initial stages of the interview process. However, it is obviously not the only requirement, and often experience and attitude outweigh a mere “piece of paper”. I also believe that having a well-organized study plan that provides a wide range of useful tools to help you achieve your goal is, at the very least, a valid point of discussion when considering the intrinsic value of one certification over another.
In essence, I’m advocating the position that in 2024, it is certainly true that all the information needed to reach a level of knowledge equivalent to (or even far beyond) what an OSCP certifies is fully accessible online for free. However, I also find the position equally valid that a well-organized and structured study plan, which allows you to accelerate your learning, improve the quality of the information you acquire, and consolidate your knowledge through practice labs, has a subjectively quantifiable value.
The key word here is SUBJECTIVELY; it’s up to you to decide whether what’s offered by a company selling courses and certifications is worth the price or not. For me, it was, because I find it difficult to learn when the information I gather lacks logical coherence, especially if the time I would spend finding and organizing all the information I need exceeds the value of the time itself.
Let me give you a simple example (based on hindsight) from my own experience to clarify this last point:
Let’s start with how the educational material for the certification is structured; broadly speaking, we can divide it into:
- Introduction to the course
- Topic X
- Sub-topic X.Y
- Practice machines for Sub-topic X.Y
- Capstone: mixed practice machines on chapter X
- Sub-topic X.Y
- N “Lab Name” Labs
- N “OSCP” Labs (exam simulation)
When I was working as a developer in a startup, my net monthly salary was about 1900€. An OSCP certification, at the time I bought my voucher, cost 1200€.
I purchased my voucher a few months after leaving my job as a developer, so I was able to dedicate almost all of my time (from the moment I bought the voucher to the day of the exam) to preparing for the certification, which took 3 months. Once I finished the provided learning path, I estimated how much time it would have taken me to acquire the same knowledge without the organized information, and I figured it would have taken almost twice as long. This doesn’t even consider the additional time needed to find practice machines for specific topics.
In my view, the time gap between having ready and organized material versus being self-taught would be even greater if I had studied while still working as a developer.
So, assuming the best-case scenario (which, in my opinion, is still unlikely for me), we’re talking about 6 months versus the actual 3. At this point, the calculation is very simple: if “x” represents my first post-exam salary (assuming the same time gap between “exam and first day of work,” which is just an assumption and unpredictable), I would still have at least a “3x” advantage over the self-taught preparation case.
The only way I wouldn’t recoup the 1200€ spent is if 1200/3x = 1, meaning x = 400€ per month. This scenario is not impossible, but I hope we can agree it’s unlikely.
Additionally, I’d like to add a personal consideration. An analysis like the one we just reviewed, in my opinion, contains an intrinsic error that I often don’t see considered in arguments of this type: the factor of stress and fatigue. Let me give you another slightly silly example.
Let’s imagine a much better (and cooler) version of JonesTheCat who can study self-taught online exactly as if he had ready and organized material provided by others, available for a fee. What does it cost him in terms of fatigue and stress during these 3 months of self-taught study? Does he sleep enough? Can he maintain a healthy physical condition? Does he eat a balanced diet? At the end of the 3 months, does he still have all his hair? Does stress lead him to smoke? Or eat more than usual? Or perhaps become depressed? From my limited experience in this world, I’ve learned that the most important thing is understanding that the level of competition is extremely high. The race doesn’t end with the X certification or even with the Y salary; it’s about the mental and physical well-being you can achieve and maintain, even while doing a tough but rewarding job.
Try harder, live harder.