Rising to the surface in a sea of cybersecurity hiring candidates demands more than mere skill. Employers demand stronger assurances, and the best guarantees of employee talent come in the form of certifications.
Choosing between obtaining Certified Ethical Hacker and Offensive Security Certified Professional credentials may seem difficult to the uninitiated. Here's some vital clarification on which certs will help you outswim your professional peers.
What Is CEH?
Certified Ethical Hacker certifications are designed for those who want to demonstrate their proficiency at identifying weaknesses and vulnerabilities in networks and systems. These vendor-neutral certifications cover a number of topics relevant to penetration testing.
You can take the CEH exam after you attend official training and demonstrate your experience in at least three of the five Certified Chief Information Security Officer, or CCISO, eligibility criteria. For most people, this amounts to having no less than two years’ worth of job experience. Alternatively, you can prove that you possess five years of information security experience in all five of the CCISO domains. In both cases, applying to obtain such proof from the EC-Council may take as long as six weeks.
If you completed your coursework online, you’ll need to provide your completion certificates to the EC-Council. Your CEH exam cost includes the cost of your training, which may vary, but the application is usually a nonrefundable $100.
After your application gets approved, you’ll have three months to purchase a test voucher. The CEH exam cost for the test itself is around $500.
Your exam will consist of a four-hour, multiple-choice test with 125 questions. To pass, you must earn a score of at least 70 percent.
What Is OSCP?
This ethical hacking certification focuses on common penetration-testing methodologies. It’s infamous for its rigorous, 24-hour exam.
This certification complements a mandatory training course called Penetration Testing with Kali Linux. You should be able to write scripts and tools for penetration testing, bypass firewalls with tunneling techniques, identify and exploit web application vulnerabilities like XSS and SQL injection, and conduct attacks from the client side and remotely. Many of these topics will be covered in the class, but most people agree that going in with solid experience in Linux and TCP/IP is a must.
This certification is hands on. In other words, you can’t obtain it without passing an intense practical challenge.
For the exam, you’ll be granted access to an unfamiliar network and given 24 hours to prove that you’ve completed a given set of penetration tests, successfully penetrated systems and correctly documented your progress. Most students find out how they performed within three days of completing the test.
How Do the Certifications Differ?
Offensive Security Certified Professional holders don’t need recertification, but those who complete Certified Ethical Hacker Training and testing must recertify every three years. While this might seem like an inconvenience, the fact that you have to keep your knowledge current may ultimately make you appear more hirable. It’s also important to note that Certified Ethical Hacker training and credentialing are generally more affordable.
Certified Ethical Hacker accreditation is accepted by the U.S. government, and some Department of Defense jobs actually require it as per DoD 8750 Baseline Certifications. Even though Offensive Security Certified Professional is a rigorous certification, having it may not help you land a government job.
Salaries and Job Markets
Both of these certifications can help you become a penetration tester, security engineer, information security analyst or security consultant. Salaries for these jobs ranged widely.
Is one certification going to earn you more during your professional lifetime? According to PayScale, in late 2016, Certified Ethical Hackers earned average salaries of around $76,855, and many enjoyed hefty bonuses, profit sharing options and upward mobility. OSCP holders earned slightly more on average, but their salaries also varied more widely along with their job titles.
Choosing Your Certification
Both of these certifications are highly valued by modern employers. Many professionals even hold both certifications or combine them with other credentials, like CISSP and Comptia's Security+.
Of course, there's no substitute for having a packed resume and actual job experience. Still, completing your Certified Ethical Hacker training can definitely help you keep your head above water at interviews, especially if you’re new to penetration testing.