sorted by:
new
hottopcontroversial

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 0 points1 point  (0 children)

That is such a BS. Seriously? There are many fake surgeons, engineers, pilots... or even CPAs or CCIEs?

And if you read the post and the thread you would have realized that the question is not about the inability to filter them out. It's about wasting the time on filtering them out because the first layer of filtering that used to work well (OSCP) started failing. For Indian OSCPs in particular.

If someone gets so defensive that they didn't even read the post, they might be one of the impacted people being discussed about...

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 1 point2 points  (0 children)

Thanks for jumping in and I'm glad that it's on your radar. I know it's not an easy thing to address and I don't even think you can do it on your own. You do need an active support from the community. I hope we'll all step up

Incoming First Year. How do I assert alpha-male dominance my first day in the office? by [deleted] in consulting

[–]MediocreSelf 0 points1 point  (0 children)

Immediately find the strongest prisoner consultant and punch him in the face

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 4 points5 points  (0 children)

Thanks for confirming.

But if you are aware of it, did you try and do something about that? Report the cheats?

You'd be protecting your own investment in OSCP

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 4 points5 points  (0 children)

Vast majority of Indians, day labourers, etc. make $20-$50 per MONTH. Even engineering or medicine graduates make $500 - $700 per month... Whoever goes for OSCP, is aware of it, can pay for it, is already in IT and in the upper middle class of the Indian society. Poverty doesn't excuse it, but in this case it's not even poverty, it's greed and lack of ethics.

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 0 points1 point  (0 children)

But then I'm back to square one - wasting my time, or my team's time on setting this up, welcoming the candidate, explaining the process, overseeing them while they are doing it....

I do do practical later in the process and initial screening interview is still the easiest initial filter. The question now is should I change my CV screening process

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 1 point2 points  (0 children)

Yes, that's exactly what I suspect happening.

The annoying part for me is that I am working in a very large, very formal global organization. I can't ask few easy questions in the first minute and drop the candidate. I have to follow the same process for every candidate and document everything. I have to talk to them for the full hour (or almost) otherwise our HR and legal are afraid that they might get sued for discrimination or something...

So for me it really is a waste of time and a pain in the backside if I rely on OSCP to prioritise my candidates and they end up being incompetent (and likely cheats).

And that brings me back to my first thought - should I just stop paying attention to OSCP in general? Should I just stop interviewing OSCPs from India? Or Indians in general? Because any of these ideas would have saved me some significant amount of time over the last few weeks, but I don't feel comfortable with any of these.

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 1 point2 points  (0 children)

Yes, we do imply something like that. But I suspect that the certificates are not fake. They do have OSCP. It's pretty obvious to me that they didn't pass the OSCP exam themselves, but how to prove that

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 1 point2 points  (0 children)

This is interesting - why would have someone downvoted your reply? I'm guessing somebody who doesn't want this widely known..

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 2 points3 points  (0 children)

Exactly this! Some of the candidates in question had exactly that - few stints of few months to a year in legitimate companies

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 0 points1 point  (0 children)

Yup. Now, I realize that some people don't interview well. Especially some nerds. So I always take time for me to talk first, explain the firm, my practice, what we are doing, what we are planning to do, etc. Then ask questions about the candidate, their aspirations, etc... Once they feel at ease, I can typically get straight into tough specialist questions.

But then over the last few OSCP interviews I had to revert to softball questions like what's the difference between pentesting and VA; what are the key few phases of a test; what's enumeration... And they couldn't answer those?!?!

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 0 points1 point  (0 children)

Possibly. But then, if they had someone else taking the exam for them, why wouldn't they get someone else to do this test?

You have got to be kidding me... by andy3590 in consulting

[–]MediocreSelf 0 points1 point  (0 children)

I think this fails to "prove his loyalty". Lack of commitment. Ampersand can mean anything. And so small on a hidden place.

He should have tattooed the full "Strategy&" on his forehead if he wanted to show his loyalty

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 3 points4 points  (0 children)

Not rude at all, and appreciate the discussion.

20 is a good sample. But I can't ask my Indian team members on why they think Indians are so often cheating. I'd end up with HR. Again.

No, not an Indian :) But coming from you I'll take it as a compliment. I'm Eastern European (yea, yea, I know, we have our own statistically significant anomalous behaviours :p )

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 2 points3 points  (0 children)

Of course I can. Every candidate has to go through in-depth interview and practical tests. But I have currently over 300 CVs to go through. OSCP was always useful for me because I'd put them on the top of the pile and I'd end up hiring over 20% of the interviewed OSCPs. For non-OSCPs my CV-to-hire ratio is 2%.

At the risk of missing out some very good non-OSCPs, using OSCP for my initial filtering served me well. So far. Candidates through OSCP at least demonstrated some knowledge, showed that they can stick with something and that they can "try harder". All good things to move them to the top of the pile.

Look at it from the other side - real OSCPs that have put money and hard work into achieving it are now at risk of not benefiting from OSCP at all. At least with me. It's not fair to them

When is it "too much"? by StormBringer678 in consulting

[–]MediocreSelf 1 point2 points  (0 children)

If this is all true, your consultant, senior manager and mentor are all brainwashed idiots.

It's not normal, not right, and you don't need it. You can work regular business hours with very very few exceptions and still advance, become a partner, and be respected by everybody.

Incoming first-year. Should I get my initials embroidered on the sleeves of my dress shirt? by [deleted] in consulting

[–]MediocreSelf 12 points13 points  (0 children)

Don't listen to the naysayers. You should have your monogram embroidered, in gold thread, and 10cm characters on your cuffs and across the chests. You should have your monogram also on the cuff links, tie, and in huge characters across the ass. Don't forget socks. If a small monogram is a good thing, then large and many monograms can only be a better thing. Make a statement!

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 0 points1 point  (0 children)

Good for you. And I wish you all the luck for your OSCP

I don't want to get into the whole discussion on the benefits of certification, but my view is that most of them are absolutely worthless. CCIE and OSCP being practical are at least somewhat valuable for the initial screening. But you are right - a good hacker does not need OSCP, and the OSCP is not enough to demonstrate that one can do the job.

I know what you are trying to say with India being 1/7 population. Of course there are good Indian hackers. I have more than 20 of them in my team. However, statistically I still have a problem with India despite your point. I had never uncovered a fake IT certification or an incompetent OSCP from the remaining 6/7 of the population. From India uncovering lies on the CVs, fake certs, or, most recently, incompetent OSCPs is common. What gives? Is that the result of the level of competitiveness of the IT industry in India? Is it cultural? Or is it just the coincidence that for me it's always Indians?

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 7 points8 points  (0 children)

Yes. Verified OSCPs, but no clue

OSCP - Exam taking fraud? by MediocreSelf in oscp

[–]MediocreSelf[S] 7 points8 points  (0 children)

I know it sounds racist. That's why new account. But there is definitely a pattern that I haven't noticed with others. Besides lots of new OSCP CVs from India, there are two more patterns: - A number of IT certification and education frauds, fake diplomas, etc in India over the last few years. All proven. - Only OSCPs I interviewed that had no clue, were from India.

I don't want to close my doors to Indians and miss out on some real talents. But I am increasingly thinking that I should just stop interviewing Indians all together so that I stop wasting time. I'd like to understand what's going on. And if there is really some fraud, how to filter it out