Deciding between Offensive Security Certified Professional (OSCP) and Certified Ethical Hacker (CEH) cybersecurity skills certifications can be “make or break” for staff, according to tech training specialist CBT Nuggets.
Graeme Messina, writing for CBT Nuggets, said that these two certifications are two of the most popular for people seeking to take on information security roles.
However, while the former is “quite rigorous” in testing hands-on offensive skills and techniques, the CEH is more broadly focused.
“Choosing the right certification can make or break your career, especially in cybersecurity,” Messina pointed out in the blog post.
“The CEH focuses on the broader context of ethical hacking and the methodologies used for this kind of testing. You’ll learn about many common ethical hacking topics, such as footprinting, system hacking, enumeration, scanning, and common social engineering tactics.”
The OSCP qualification also examines penetration testing and developing exploits in detail. It teaches identification vulnerabilities, find or create exploits for them, and document them in a professional way, he wrote.
“The OSCP simulates real-world environments to recreate on-the-job conditions and encourages you to think like an attacker looking to infiltrate a target network,” Messina said.
CEH certification revolved around theoretical knowledge and foundational skills, so can be a better choice for workers who need to learn all about cybersecurity from the start.
Rather than learning detailed techniques for compromising specific systems, learners would study the frameworks for ethical hacking and the overall process for different scenarios.
“The CEH focuses on a more holistic ethical hacking framework that teaches methodologies,” Messina added.
“While it may sound like they cover the same topic, there are some fundamental differences in how they test your skills and knowledge – and how you should prepare for them.”
For Messina, the OSCP is an excellent choice for candidates with a background in IT already, including exposure to networking, sysadmin work, or basic programming. OSCP holders usually find roles as pen testers, security consultants, and red team, he said.
He wrote that the CEH is suitable for beginners and experienced professionals who need to demonstrate their understanding of ethical hacking, including network security, web application security, and cryptography.
The CEH-qualified often take jobs in security analysis, incident response, and compliance, Messina said.
“Earning your CEH gives you a well-rounded understanding of how the different parts of ethical hacking apply to an organisation’s business needs and when to apply specific methods,” he said.
“The good news is the salaries for the roles that you can expect to fill with both certs are pretty close.”
According to CBT Nuggets, OSCP holders earn an estimated average annual salary of around $100,000, CEH professionals around $95,000, based on PayScale figures, with experience and location typically varying the offers.
CBT Nuggets offers a foundational intermediate course for prospective CEH candidates as well as training in the OSCP pathway. Read more here.
Click here to read the full CEH vs OSCP comparison by CBT Nuggets.
Trends in application security, updated for 2024 by CBT Nuggets, include ensuring critical services can be kept running online, with more attention paid to principles of authentication, encryption, confidentiality and integrity.
“The Open Web Application Security Project (OWASP) says most security breaches come from exploiting mistakes in implementation. The trick is to use proven encryption tools,” the training vendor said on its website in February.
“The National Science Foundation suggests three new methods of encryption: deceptive honey encryption, function encryption with restricted secret keys, and futuristic quantum key encryption.”
Software is increasingly released to the cloud through virtual devices and microservices, but the links to these applications are now less of a concern than the application traffic through them, it said.
“Traffic that may be hijacked, blocked, or otherwise interrupted can now be easily rerouted or reallocated to other network resources, but tampering with the application itself in the processing of data is where danger lies,” it said.
Connectivity issues of concern for web applications are more about application layer links than Layer 2 and Layer 3, with the move toward widely distributed computing also playing a role, according to CBT Nuggets.
“Many applications are out there in the public space. And those that are not may reside on servers whose ports are opened to allow users to access internal functions.”
( Photo by Tran Mau Tri Tam ✪ on Unsplash )
