My Journey into Cyber Security: eJPT to eCPPT to OSCP (Part II)

Adam Goss
9 min readAug 1, 2022

In the first part of this blog article, I delved into the beginnings of my journey in cyber security. This began with starting a Master’s degree and progressed to getting my eCPPTv2 penetration testing certification. Following this, I decided to tackle the well-renowned OSCP which, despite its prevalence in the industry, has certainly divided opinions.

Now you may be wondering why I would go for the OSCP after getting what many people deem to be an equivalent entry-level penetration testing certification in the eCPPTv2, and that is a good question. At the time, and probably still, the OSCP was the defacto penetration testing certification to get if you wanted to break into the industry. It proved you had the technical skills required, you could perform under pressure (24-hour exam), and you could write a report to document your findings. All the great influences in the offensive cyber security space had the certification (Dave Kennedy, John Hammond, Neil Bridges, etc.) and it was seen as a requirement by many HR people. My ultimate goal was to get this certification so that I could get a junior penetration tester role and, with that in mind, I brought 30 days of lab access (back when that was still a thing) and began my quest for the fabled OSCP. This was around the end of August after I had submitted my eCPPTv2 report for marking and with my Master’s course officially finishing in October.

The OSCP course material is delivered in a mammoth 750-page PDF document with accompanying videos in case you get bored of reading. None of the material was revolutionary compared to what I had learned for the eCPPT. However, I was introduced to new attack paths and privilege escalation strategies that were not covered in the eCPPT. The material in this course was less focused on the technical details of hacking and, instead, looked to cover a wide array of techniques in a to-the-point fashion. This style of teaching was not particularly a bad thing but did assume more fundamental knowledge than the eCPPT. This required you to do more external research outside of the course material if you wanted to fully understand the topic the material was covering.

Once I had completed the course material I could begin practicing what I had learned in the lab environment. This lab environment…

Adam Goss

Cyber Security Professional | Red Teamer | Adversary Emulator | Malware Analysis | Threat Hunter | Threat Intelligence