CISSP, PWK, OSCP, or getting started

Some good FAQs from mailbox


CISSP exam prep? This really depends on how good your grasp on the material in the 7 domains is.

  • If you know the domains but want help studying for the test:
    • Eric Conrad’s 11th Hour Study Guide book
  • If you need to study some of the domains:
    • Shon Harris (dec) or even
    • the ISC^2 material
  • Practice tests and quizzes are very helpful, some in books and check from CCCure


Pen Testing with Kali and OSCP ?

  • The book / lab tutorials really will expose you to everything you need for the practice labs.

  • Self-guided study and practice of that material, and resources for those topics is essential.

  • e.g. for Buffer Overflows and other exploitation I would recommend
    • Hacking: The Art of Exploitation (2nd Ed)
  • Python programming is one of many things you will learn as part of PWK if you don’t know it.

  • There are many writeups and reviews. This is my favourite, including the comments:


I can’t really add anything about OSCP as I haven’t tried for it yet. I may be trying PWK and OSCP again in 2018 depending on where work takes me.

Getting started?

For getting started in infosec there’s a lot of material available. I did a long talk on it a couple times …

Try Leslie’s site for some good insights:

Brian Krebs did a big series of interviews on it that are a great read:

Chris Sanders’ new podcast is actually entirely interviews with infosec folk about their backgrounds and how they got started so you may get alot out of that:

Written on October 26, 2017