EN: Interview — 11 years of OSCP — A personal review
Hardly any other industry is developing as dynamically as IT security. The constant development of technologies not only brings new opportunities, but also new challenges — and requires specialists to always be one step ahead. Cybersecurity certifications such as the OSCP play a central role in this. Pierre Herget, Managing Director of INS Systems GmbH, talks to Paul Werther, CTO of greenhats GmbH, about his personal career in the field of cybersecurity specialist certification.
Pierre: Hey Paul, welcome to our interview 11 years of OSCP! Let’s jump straight in. First of all — for anyone who has never heard the term OSCP before: What’s behind it?
Paul: Hey Pierre — So the Offensive Security Certified Professional, or OSCP for short, is one of the best-known pentesting certifications around. It requires complete, practical hacking skills — not a multiple-choice test, but a real attack simulation in a fictitious company’s infrastructure. It really doesn’t get any more practical than this.
Pierre: I see — how exactly does such an exam work and why do many people talk about two days of constant stress?
Paul: The exam is roughly divided into 24 hours of hacking and then 24 hours of documentation. During the first part, you are largely isolated, constantly monitored via a webcam and screen sharing and have to rely completely on your own skills. In the end, the only thing that counts is whether you manage to achieve the objectives in the tasks set and document all the steps correctly, comprehensibly and exactly as prescribed — points are not published, but at the end it is simply a case of pass or fail.
Pierre: Okay, that’s amazing — you took your OSCP back in 2013 and have therefore held a lifelong certification for over a decade. At the same time, you have also passed several significantly higher OffSec certifications. Nevertheless, you have now deliberately opted for the new OSCP+, even though it is the same certificate that you passed eleven years ago, but which expires after a certain period of time. Why don’t you start by telling us how your journey with OffSec originally began and what particularly fascinated you back then?
Paul: Yes, my enthusiasm for security and hacking goes back to my youth. Back then, it was much more difficult to gain in-depth knowledge. There were hardly any high-quality, purpose-built infrastructures or playgrounds like there are today (e.g. TryHackMe or Hack The Box), and YouTube videos or e-books were often rather patchy. As a result, you had to make a lot of things up yourself, which took time and patience. When I was able to afford the OSCP, I bought it straight away. The idea of learning directly from the makers of BackTrack (now Kali Linux) was simply irresistible. And so I signed up to Offsec in 2013 and passed my first certification in the field — the OSCP — in the same year. Offsec itself was not only the creator of one of the most well-known hacker operating systems in the world, but even then it was the world’s leading provider of training in this area.
Personal background & motivation
Pierre: You’ve been with Offsec for 11 years and now have several certifications under your belt. What motivates you to keep taking new exams and developing yourself further?
Paul: The subject area is incredibly diverse. You can quickly get lost in one specialization — which I wanted to avoid. The various exams at OffSec help me to cover a broad spectrum and thus become really fit in many areas instead of just being an absolute crack in one specialty. I’m also driven by exploring new topics.
Pierre: You mentioned the “Try Harder” mantra several times before the interview. What significance does this have in your professional and personal environment?
Paul: For me, “Try Harder” means above all: keep at it! Continuous development and not taking any shortcuts. If you want to get really good at pentesting, you have to internalize the mantra and integrate it into your everyday life. It also teaches me to trust myself and master things independently. If I fail, it’s often because I’m still missing the basics — that doesn’t mean I can never do it. This mindset has taken me a long way professionally and made me the pentester I am today.
Changes at OffSec & social impact
Pierre: OffSec has evolved over the years. What do you see as the most important changes, both at company and course/exam level?
Paul: Firstly, OffSec has improved the quality of the teaching material. It has always been on top, but you can tell that they are living their own “Try Harder” mantra and constantly improving it. The whole company seems more professional today; at the same time, contact with the students has become more accessible. In 2013, it was all still quite distant, you had to browse forums and find out for yourself when you were ready for the exam, for example. The courses are now much more structured, which is particularly beneficial for IT professionals who want to get into the hacking scene.
Pierre: How do you perceive the social impact of OffSec, especially with regard to the “Try Harder” mantra and the demanding certifications?
Paul: Certifications such as the OSCP are highly valued — both in the industry and in individual teams. Passing alone creates an incredibly positive feeling; you are proud to have achieved something so challenging. Even failing can help you move forward because you learn a lot and are better prepared for the next attempt.
Pierre: The proctored exams are a big topic at OffSec. To what extent do you see this as a step towards more professionalism and seriousness?
Paul: The video and screen monitoring makes the certificate even more credible. Fraud is made much more difficult, which increases the value of the certification. In our company, we even use such certificates as a recruitment criterion. Of course, there are still loopholes, but OffSec is making an important contribution to protecting the integrity of its certificates and thus making the entire industry a great deal more professional.
The new OSCP+ exam
Pierre: Let’s move on to the new OSCP+. What was your first impression of it compared to your old OSCP exam from 2013?
Paul: After more than ten years, a lot has changed! The content has been modernized, for example Active Directory topics or a breached account scenario in which you receive valid access data for the fictitious company network in advance — similar to what is already done in many pentest scenarios. At the same time, other classic things such as the buffer overflow part have been removed from the exam. That was also one of the reasons why I wanted to take the exam again — to reinforce current content and to see how OffSec has adapted the format to modern times. I also work as an internal instructor and wanted to see for myself what the process is like nowadays in order to be able to help junior pentesters in the best possible way.
Pierre: And how would you rate the level of difficulty from a personal perspective? After all, you are now at a completely different level professionally.
Paul: As a senior pentester, you might expect to pass the exam without any problems. But OffSec likes to surprise you! I only took a few days to go through the new material and practise in the challenge labs. The exam itself took me around 18 hours, partly because I’m very meticulous with my documentation. Of course it was solvable for me, but some of the tasks were really nerve-wracking. Nevertheless, the learning effect was great. I recommend anyone who has already collected dust on their OSCP certificate on the wall to take a look at the new OSCP+.
Pierre: What aspects of the new format surprised you in a particularly positive way?
Paul: The AD environment was really cool. It was a bit smaller than I had initially expected, but the new breached account scenario — i.e. starting the race with an existing user/pass — has a nice twist. It saves you the often very frustrating start when you have to start completely without a clue. This allows beginners in particular to concentrate on the actual topic. For me, it was also a welcome opportunity to test new tools in the exam — these are my personal challenges that I create for myself. For example, I tried out “ligolo-ng” (https://github.com/nicocha30/ligolo-ng) for tunneling and found it extremely useful.
Pierre: In the new OSCP+, but also before that, there is a clear requirement not to use AI tools such as ChatGPT. How do you assess this ban, especially in light of the fact that such technologies are used in practice?
Paul: I see that as quite controversial and a very exciting question. On the one hand, of course, you want to reflect real-life scenarios and allow modern technologies, because AI can actually help in many areas. On the other hand, however, the test should reflect personal performance, not that of a language model. I understand that OffSec wants to play it safe here, so that “the AI” doesn’t just spit out a solution. Nevertheless, a the trade-off between using and banning would perhaps make sense — for example, limited use of AI for research purposes, but no automated actions, or perhaps a time limit. There are already special regulations for special software in the exam anyway. Offsec also has its own AI learning assistant, which is of course not permitted in the exam. It is possible that this is a tool that could be adapted accordingly in order to allow it for the exam and thus make the research more efficient. After all, AI-based solutions have long been part of everyday life in many companies today — including here at greenhats, of course — and I think it would make more sense to train people to use them responsibly rather than banning them outright. But this is an extremely complex topic that cannot be solved so easily — so please take the statements as loosely unstructured thoughts for now.
Personal experience & further development
Pierre: During the preparations for the interview, you liked to draw parallels with martial arts. How would you describe the similarities?
Paul: In martial arts, a black belt is often just the beginning of a much longer journey. You may be a “master”, but the development never stops. I feel the same way about the OSCP: once you’ve passed the exam, you can be proud — but that’s when it really starts. Your self-confidence grows and at the same time you learn to constantly challenge yourself. For me, an exam is always an ideal environment to apply new knowledge and develop myself further.
Pierre: What does “not resting on one’s laurels” actually mean in your more than ten-year career as a pentester?
Paul: The field is developing rapidly! New vulnerabilities, leaks, tools and tactics emerge every day. It’s impossible to pick up on everything immediately, but it’s important to keep updated with latest tools. OffSec courses offer a solid basis that is up-to-date and relevant to practice. I think certifications are a good incentive to get to grips with a topic in depth. But regardless of this, you should approach new tools with curiosity and not rely on what you have already learned.
Pierre: Although you already have six certificates, including OSCE3, you decided to take the OSCP again. What was the main reason?
Paul: I now have the OSCP+ — seven certificates, if you’ve been counting ;) — Joking aside. Of course, I can prove with the certificate that I’m also constantly training and have current topics on my radar. In fact, my most important reason was my role as an instructor. I want to give my junior pentesters an impression of the current examination process that is as close to reality as possible. This is only possible if I know myself how things currently work at OffSec. Of course, there is also a certain amount of personal motivation: I like exams because I learn best in such stressful situations.
Pierre: Okay, that’s a whole new perspective. How did you prepare yourself mentally and physically for the test, which lasted several days?
Paul: I would say I’m pretty used to the stress of exams. Nevertheless, you can still feel the strain after many hours of concentrated work. The most important thing for me is sleep! A short power nap can work wonders if you’re stuck in one place. And of course a solid meal is part of it. My wife always cooks a big pot of goulash in advance, which I spread out over the exam days — tradition is a must!
Tips & Tricks
Pierre: Do you have any general strategies or approaches for future candidates to prepare themselves optimally?
Paul: As I said: eat, drink and, above all, sleep enough! I’ve seen for myself that after a long period of frustration and a short break, you can suddenly crack a task in 20 minutes that you previously failed at for six hours. Mental freshness is therefore essential. I also recommend getting to know different tools instead of just relying on the ones mentioned in the course. A newer tool is often more efficient or provides better error messages. For example, I currently use “legba” (https://github.com/evilsocket/legba) instead of “hydra” for brute force attacks on network protocols, simply because it is much more intuitive to use.
Pierre: On the subject of perseverance and “try harder”: do you have any mental tricks to cope with the rollercoaster ride in the exam?
Paul: Rituals help. Whether it’s the same meal, a sports session or a certain drink — that’s how you stabilize yourself a bit and create consistency in the highs and lows. As far as the content is concerned, the official material covers all the essentials, but OffSec places great emphasis on your own thinking. You have to think outside the box and not expect every attack technique to work one-to-one like in the textbook.
Pierre: Are there any specific platforms or books that you recommend to complement the OffSec materials?
Paul: I always find it useful to look at newer tools, because the OffSec materials naturally can’t always be completely up to date. Examples: “netexec” is a good successor to crackmapexec, ‘legba’ for Bruteforce or even ‘ligolo-ng’ for tunneling. It simply makes sense not to have just one tool for one task, especially if an attack attempt does not work as planned. It’s often the most trivial things that get in the way, such as a tool that is not up to date or is too new, so that new unexpected errors occur that are not yet sufficiently documented.
Conclusion & outlook
Pierre: Despite all your certificates, you still want to learn new things. What fascinates you most about it?
Paul: I see it as a never-ending journey. Every exam gives me the opportunity to discover something new or to see things differently. The IT security world is so dynamic that there is always something that makes me curious.
Pierre: Where do you see the greatest added value in the fact that the OSCP certification (now OSCP+) is constantly being further developed?
Paul: On the one hand, it allows you to keep pace with modern systems, tools and tactics. On the other hand, the candidates become aware that there is no “forever valid” solution. Finally, an expiring certificate has more value to government agencies and large enterprises. Customers appreciate it when certificates are not valid for life because it underlines the topicality of the knowledge.
Pierre: What final statement would you like to pass on to the community and future candidates?
Paul: Much of what we use in cyber security today is based on the dedication and work of individuals or small teams that drive open source projects forward. I think it’s important to give something back — be it through your own tools, features, documentation or simply constructive bug reports. Every contribution counts. And with this in mind: Try harder! Never stop developing yourselves.
Personal Insides
Pierre: Okay, we could actually stop there — but let’s go into a few more points. Was there a moment during your learning phases or exams that had a particular impact on you?
Paul: Definitely. The feeling when you finally break through after hours of failure and find a solution is unique. In the same way, failing can be completely frustrating. The important thing is not to be discouraged by it, but to learn from it and try again.
Pierre: And how important is the exchange with the community or other OffSec students for you?
Paul: For me personally, it has never played a major role. I usually do my own thing. But I see in forums and on Discord how much support people give each other. That’s great and can definitely help.
Pierre: Do you have any highlights or anecdotes from your experiences at Offsec?
Paul: I had a ticket open with OffSec a few months before the official launch of the OSCP+, asking about the possibility of redoing the OSCP — but there was no option at the time, even after weeks of discussion. Then, at some point, the news came that OffSec was actually customizing the flagship product. Certainly a coincidence, but nevertheless funny that it then became OSCP+ of all things, with which they make exactly that possible. Respect to OffSec for daring to do something so big — tweaking the OSCP is really brave!
Pierre: What is your final personal opinion on the OSCP+?
Paul: OffSec has proven itself once again with the OSCP+: They are moving with the times, integrating new technologies into their course material, and placing even more emphasis on professionalism. For longtime pentesters, it’s worth taking on such a demanding challenge again-if only to stay on the ball and keep growing. Those who take on the challenge should internalize the “Try Harder” mantra: Perseverance, creativity, structured work and, last but not least, a good dose of tenacity are required. Of course, the OSCP is a certificate for life and no matter when you pass it, it is an incredible achievement. But … after all, it’s "Try Harder," not "Tried Harder." — so keep up!
Pierre: Thank you very much for the exciting insight! Finally: What’s next for you personally? Have you already set your sights on new goals or certifications?
Paul: Definitely. My next big project is the OSEE, which is considered by OffSec to be one of the toughest certifications of all. This course is about kernel exploit development at a level that goes much deeper into the operating system level than is normally required in the day-to-day work of a pentester. That’s what I find so fascinating and daunting at the same time: you get to know the computer from the inside out, so to speak, but I rarely use this hardcore knowledge in my day-to-day pentesting job. Nevertheless, I don’t want to miss out on this opportunity and want to prepare for it soon.
Pierre: That sounds like a good resolution for 2025. In any case, I wish you every success and thank you for your personal insight into the world of pentest certifications.
