2025-01-03 09:46:00
In May 2017 I got to quote that great line from Dredd:
"She's a pass."
After months of hard work I completed my OSCP certification exam.
Since then a lot has happened!
I've done projects for governments, banks and the military covering a lot of infosec fields. These days I'm mostly on DevSecOps. In the seven years since then I've done pentesting "on the side" with each of my customers, but I've never been a pentester. It's never been my primary role description.
Imposter syndrome is no stranger to me, so I've often felt a bit out of place claiming "I understand and can do pentesting", while not exercising that particular field regularly. It irks me; I want to do something about it.
Per November 1st 2024 Offensive Security introduced the new OSCP+, a CE-version (Continuing Education) of the OSCP certification. Unlike the original which was good for life, OSCP+ needs to be renewed every three years.
For current holders of OSCP, OffSec offer a discounted exam attempt ($199 instead of $799), enabling anyone certified to upgrade relatively cheaply towards the CE-version of OSCP.
Now there's a great chance to beat that Imposter-monster. :D
I've bought my exam voucher. Now I have exactly 120 days to prepare for and pass the exam!
kilala.nl tags: studies,
View or add comments (curr. 0)
2025-01-02 13:02:00
Yes, it's official now: I am also LFCS certified. Not because I need it for my resumé, but because I want to be certified for every class/course I teach.
Yesterday I mentioned I took the LFCS exam. I'd been wanting to do it for a while now, out of professional interest, but I kept putting it off. Spurred on by December's success with LPIC-1, I decided to take the plunge.
It was fun. I truly enjoyed the LFCS exam and preparation.
As I mentioned in yesterday's review of the big four Linux sysadmin exams, the LFCS fee includes two exam takes, but also two practice exams! That's some great value!
Like with my CKA Kubernetes exam, the practice exams are arranged via Killer.sh. They offer excellent exam simulations, which work exactly like the real exams! I mean: the user interface and the process are the same. Of course the assignments are not. ;)
As many have said: the Killer.sh practice exams are actually harder than the real LFCS exam. On my first practice round I needed 90 minutes for 17 assignments. When I did the real exam, I only needed 60 mins for 17 tasks.
The exam environment is solid, the interface is good, the assignments/tasks are clear. I absolutely love that every task has its own VM/container! With RedHat's exams you get one system for all your tasks and if you break that system you outright fail the whole exam. That's not a risk you run with Linux Foundation! Great stuff.
I can heartily recommend this exam; it's my favourite of the four!
kilala.nl tags: studies, work,
View or add comments (curr. 0)
2025-01-02 05:06:00
On the tail end of 2024 I have finally achieved my goal of holding all four entry-level Linux system administration certifications. I set this goal so I can test-run all four exams for my students, to see which one's "the best".
Spoiler alert: there is no singular "the best".
I will be taking a look at the four big brand names: CompTIA, Linux Professional Institute, Linux Foundation and RedHat.
Exam type:
Exam format:
Exam time:
Exam costs (no training, only examination):
Current version:
Certification vendors are expected to provide continuous improvements to their exams. CompTIA is on a solid three year renewal cycle, where their Linux+ exam and objectives are completely refreshed. LPI on the other hand is really dragging things along, with an exam that's now over six years old.
Linux Foundation and RedHat frequently update their exams and their objectives, but don't offer much clarity about the content changes.
Exam objectives documentation:
CompTIA and LPI reign supreme when it comes down to publishing their exam objectives. They provide very clear documents, detailing exactly which topics, concepts, commands, etc will be covered in their exams.
LF and RH on the other hand offer short bullet point lists of one-sentence task descriptions which provide no guidance whatsoever as to what a student would need to learn or practice. With them, you will need to rely upon a training or book to give you guidance.
My opinion on the curriculum and exam contents:
I have compared the exam objectives for all four exams. You can read the full details in this blog post.
For Linux+ I did a beta-test of the upcoming version 6 and I'm not as happy about those objectives, compared to version 5. Here's my review.
Study materials:
All four vendors offer exams in test centers. The amount of available testing centers differs per region. I haven't done exams in test centers for years now, I always test remotely, so I'll only compare on that basis.
Remote testing software:
Remote testing ease-of-use and user-friendliness:
You will find so many people on Reddit and Discord who complain about, or fear, the OnVue remote testing for CompTIA exams. Horror stories about mean proctors, or bad software abound. I have now taken over twenty remote exams via OnVue and I have had four situations in which I could not start or finish the exam, three of which were my own fault. 1:20 failed because of the proctoring solution, 19:20 went fine.
The RedHat Kiosk solution is something I hate because the process of setting it up is abysmal. You have to make a bootable USB with their custom Kiosk OS which is known to have hardware compatibility issues, plus you have to have two webcams. Here's my experience from 2023.
The exam itself:
As far as I am aware, the Red Hat hands-on exam will give you two virtual machines and you do most of your work on one of them. The risk in this is huge: if you manage to break that one single machine, you will fail the exam outright!
I like Linux Foundation's approach a lot better: (almost) every assignment runs in its own virtual machine or container. If you break one assignment, all others will still be scored!
I disliked the LPIC exams, their questions were boring and dry. As usual I like how CompTIA write their multiple choice questions, but their PBQs generally range from "meh" to "awful".
This is a tough nut to crack, as return on investment will differ greatly per region/country. For example, CompTIA is a big brand name in the US but in EUW it may garner a "comp-who-now?".
Brand name recognition, by checking LinkedIn jobs that ask for this cert (in the Netherlands, as per today):
Oddly, some positions on LinkedIn ask for "LPIC2, RHCE or Linux+", suggesting they feel Linux+ is equivalent to higher level certs. Which it isn't.
Four job postings ask for "a Linux certification such as ...". I have not included those in the totals shown about, but you could consider that a +4 on each.
It's odd, but LFCE from Linux Foundation seems to be more well-known than LFCS, with 3 vs 1 job listings asking for it.
I can't tell you which Linux certification you should pick, most importantly because of that last paragraph: return on investment is heavily regional. You must always check your local job boards! See which certifications are, or are not, in demand in your area.
My personal view points?
It's clear that RedHat's certifications offer very big resumé value, as they are world-renowned. Everybody knows and respects them. The big downside is their price point, although they compensate this by offering one free retake since 2023. Before that, their proposition was awful, with every retake also costing €500.
I'm a fan of Linux Foundation and the work they do. Their exams are also excellent and I love their at-home testing solution; it just works.
LPI? I don't like. They feel stuffy and outdated. Done.
I like CompTIA's exams well enough, their curriculum is great, their price point is the best. It's unfortunate that Linux+ doesn't get the recognition it deserves. Because of that, I wrote in 2023: "CompTIA Linux+ is not worthless, it's just worth less".
It's ironic that the two exams/vendors I like best, are also the least well-known.
I feel CompTIA offers a better theoretical exam than LPI and I feel Linux Foundation's hands-on exam is much better than Redhat's. But the resumé value of both throws a spanner in the works. :(
Well-known author and fellow-trainer Sander van Vugt and I spoke on LinkedIn about this article. To quote him:
"...I do agree to your conclusions. RHCSA has a huge market value, LFCS is more interesting and more about Linux. Linux+ is important for NA customers, and LPIC-1, well, I dropped that about a decade ago. Their way of testing doesn't make sense to me."
kilala.nl tags: work, studies, mentor,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.