In my line of work, I design and develop enterprise products in the information security and risk management domains. These products generally serve blue teams, and I’ve wanted for a while to get the red team perspective.
So last Fall, I put myself through a self-imposed boot camp: earning the OSCP (Offensive Security Certified Professional) certificate. This is a intermediate-level certificate geared towards penetration testers. Before taking the exam, students spend significant self-directed time (30 to 90 days) in a specially constructed lab environment honing their hacking skills. The exam itself is a 24-hour test in which students are dropped into a network and need to gain admin access to as many machines as possible.
Below is a summary of my journey, along with tips for aspiring students.