The one thing that changed my life was when I read about interest vs commitment. Too often I hear people wish that things were different, or they want things they will never have or accomplish because they don’t know what it means to be committed to something, so they wander through life like a leaf on a stream never knowing they are holding themselves back and maybe they blame others or circumstance.
This is my reply to someone who asked on Reddit if they should just give up on the OSCP certification.
I’ve been trying to pass the OSCP off and on for the last 9 months. I’ve failed it 3 times, most recently failing last week after going back to the labs and successfully rooting the “hard” boxes. I keep getting closer and closer but can’t root the last box in time.
Since I started the course, I’ve learned more than I ever imagined I would, even going beyond to learn extra things, but it just doesn’t seem like enough. (Before I started I only had about 3 years real experience in IT, but no degree or anything.) I keep getting close but just can’t get over this hump. I’m juggling the challenge with a lot of personal difficulties, and it’s taken a toll on me. I don’t know if I can keep it up. There’s no question that hacking is my passion. It’s what I think about day and night. I even have dreams about coding and things. It brings me joy like nothing else. I don’t know if I can be truly satisfied in life working in any other field. I’ve wanted to be a pen tester since I was a teenager, even started working in IT with that specific goal in mind. “Giving up” isn’t in my nature, but the more I try and fail the more I question if I will have to confront that I’m not fit for this as a profession.
What should I do? I could really use some no-bullshit advice from people already working in the field.
That tells me that you shouldn’t give up and you should keep trying.
Let me tell you about the revelation that changed my life and led to getting OSCP. Ask yourself if you’re interested or committed. If you’re interested, you’ll make excuses and give up or only do what you said you were going to do when it’s easy or convenient. When you’re committed, you don’t make nor accept any excuses. You’ll find a way to get it done and nothing can stand in your way. It’s a mindset. A few years ago when I was trying to change my life I read about “interested vs committed” and applied it to my life. I stopped sleeping in late and skipping my morning workout. I lost 35 pounds and felt great. I got the CCNA certification that I had been working on for years but never finishing because every time I got close, overtime work would get in the way of studying and I’d put it off.
I got to a point in my career when I realized that all I wanted to do was hack stuff and be a pentester after years of dabbling in it during my IT career. I enrolled in PWK. It was an emotional roller coaster. There were numerous times that I thought that maybe I just wasn’t cut out for being a pentester and I doubted myself. But each time I’d get a good nights sleep and hit it hard the next day and eventually have a breakthrough and root a box in the lab. I was working overtime. I needed some sleep and give my mind a break after an exhausting day at work but I also needed more time for the labs. What did I do? I was committed so I started waking up at 4:30 every weekday morning to work on the PWK lab before work. It didn’t take me 3 tries to pass the OSCP exam, but I did get three lab extensions before I took the test. After each lab time was up I’d take a break for a few weeks to clear my head and focus on learning things that I perceived to be weaknesses then I’d hit the PWK lab again and get further than before.
It didn’t end there. I thought it would be easy getting a pentesting job after getting OSCP. It wasn’t. I wasn’t able to relocate and I was told that nobody wants to let a newbie pentester work remote. Remote work was for experienced pentesters. I didn’t give up because I was committed. I took other security jobs that allowed me to do some pentesting and kept gaining experience. I found 3 zero days in web apps while I was working on sharpening my web app pentesting skills because I knew that was a weakness of mine and I knew that’s where the demand was for pentesting. I added those CVE’s to my resume. I continued to wake up at 4:30 every weekday morning to study, lab, and sharpen my skills. I kept interviewing and failing because I didn’t have consulting experience or I had gaps in my knowledge. Each interview allowed me to realize where I was weak. After each interview I would study and lab more and strengthen those weaknesses. Eventually I was hired to be a pentester. Now I never feel like I’m working because I love what I do. I still wake up at 4:30 every weekday to have quiet time for studying and trying new tools, techniques, and exploits in my lab.
I may never be the smartest person or a rockstar hacker, but I’ll never stop working to improve because I love what I do and I’m committed to it. When I think about retirement, I see myself looking out over a lake view at my laptop and hacking stuff, doing bug bounties instead of bingo.
Are you interested or committed to passing OSCP? Keep on trying harder and best of luck!