The SecOps Group

I am glad to share that I have obtained three new certifications from The SecOps Group✨ CAPEN, CNSP & CBP 🎓 The CAPEN exam was really fun and 4 hours for the exam is just about right. Definitely a recommendation to go forward and take it. The SecOps Group certification team was also responsive during the exam and helped me with the issues faced accessing the exam/lab environment ^_^ Passing the CAPEN exam with MERIT was definitely a bit of a challenge. Loved the XSS challenges (That's where I lost most of my time haha 😅) Over-all, it was a good experience 🙌🏻 #certification #linkedin #cybersecurity #webapplications #appsec

Being in cybersecurity for so long, I keep an eye on the certification scene (I recently wrote a newsletter on them). Some of the current problems that I see: 🎓 Certification and training are linked to the same vendor, i.e. conflict of interest/marking your own homework. This is where I really admire what CREST has done. 🕐 A 24-hour window to finish a exam is too intense living in the era where we promote work-life balance and mental well-being. 🧐 Old school report creation/submission/review (if anyone ever manually reviews one) has its own challenges and in turn creates an authenticity issue (reports being recreated by peers). ⚒️ Not letting candidates run a tools of their choice (e.g. Burp Suite or Metasploit) further takes away the “real world aspect” of the exam. 💰 The affordability of some of these certs is also questionable. 📈 Lastly but more importantly, frequently updating the content is a HUGE challenge. Lately I've been exploring my friend Sumit Siddharth 's new org, The The SecOps Group They focus on pentesting exams but, notably, do not offer training. Instead, they provide a comprehensive exam syllabus, links to useful resources (both free and paid), and even a free mock exam for prep. They have tiered exams for different skill levels, which match the common roles available in the industry today. I'll be posting more about them in the coming months!

After passing the OSCP exam, a company (The SecOps Group) reached out asking me to try out some of their certifications 📜 - Certified AppSec Practitioner (CAP) ✅ - Certified Network Pentester (CNPen) ✅ - Certified AppSec Pentester (CAPen) ✅ Overall: I really enjoyed the exams. They were a fun evening activity. Had a great time pwning some machines and learned a couple of new tricks. ❓ Could these exams replace OSCP, or other similar certifications? I don't think so. I think that's down to the biggest difference between these exams and OSCP: There's no training offered by the SecOps group for these exams. They just offer an exam and a certification, whereas with OSCP you get labs, videos, and articles to study from (This can also be felt in the price of course; The CNPen and CAPen exams are much cheaper) I think that's important because many people don't get certifications just for the certificate, but more for the training included. If you're a company and you pay for your pentesters to get a certificate, preferably they learn something new and you're not just paying for nothing. On the other hand, as an individual: You want to get a certificate to prove your skills, but most of the time, also get those skills. The learning process is important here. ❓ Can there be a benefit to not providing a set learning path? YES! I really dislike the idea that every pentesters know the exact same stuff, has learned everything from the exact same course, and follows the same guided "learning path". Creativity is a pentester's biggest assets, and you don't teach creativity by giving them a set path to follow. Beginning hackers should carve their own learning journey. If something peaks their interest, they should dig deeper into it, but courses don't really allow for that, because there's always that next vulnerability to learn about. ❗ These exams were better than most other exams I really liked the exams, and think other certificates can learn something from them. Starting with the exam length. Both exams take 4 hours. OSCP takes 24 hours, CPTS even takes 10 days. As a pentration tester, you're not pentesting 24 hours in a row. Give people some time to live as well! All tools are allowed. This is my biggest pet peeve with OSCP. If you build a good exam, then tools like SQLMap or Metasploit aren't needed to solve it, or need to have such an advanced configuration that if you can get them to work, it's a challenge in itself. I think that's something the CNPen and CAPen exams do very well! 🏁 To conclude: ✅ I really liked these exams ✅ If you have the time and money, give them a go ✅ The cloud part of the exams was a lot of fun, and rather new to me. Thanks for challenging me!