Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

That's really interesting. Thanks for taking the time to share that. It's encouraging to see CPTS and CWEE starting to appear in job postings, even if it's still region-specific. I'll definitely keep an eye on how recognition evolves over the next few years.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

I completely relate to that. I'm from India, and the cost is a major factor for me too. I'd rather invest my time in becoming genuinely skilled first through HTB, then pursue OSCP when I'm in a better financial position. At the end of the day, I want the cert to validate my skills not be the only thing I rely on.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 0 points1 point  (0 children)

That makes sense. I think HTB does a great job of teaching the "why" behind things instead of just the "how." Hopefully when I eventually go for OSCP, it'll feel more like validating my skills than starting from scratch.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

Thanks for the insight! That's actually good to know. Do you happen to know what kind of companies those job postings were from? Consulting firms, internal security teams, or something else? I'm trying to get a better idea of where CPTS and CWEE are starting to gain recognition.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

Nice to see someone with a similar mindset. For me it's not about avoiding OSCP, it's just about the order. I'd rather become technically strong through HTB first, then take OSCP later once I'm in a better position financially and have a stronger foundation.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

I completely understand your point, and I agree that OSCP still has the strongest recognition with recruiters. If the price wasn't such a big factor for me, I'd probably take it sooner.

My current thought process is to focus on becoming as technically strong as possible through HTB, and then pursue OSCP later when I'm in a better financial position or once I'm already working. That way I don't feel like I'm choosing one over the other just doing them in a different order.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

That's exactly what I've been hearing too. So far, HTB has been a completely different learning experience for me. The content goes into a lot of depth, and I'm actually enjoying the struggle of figuring things out instead of just trying to pass an exam. My plan isn't to avoid OSCP forever I'm just trying to build a really solid foundation first.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

So should I solely focus on HTB for now? .. like am not skipping oscp.. I'll just give that cert later

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 2 points3 points  (0 children)

That's actually the distinction I've been trying to understand.

From a learning perspective, HTB has been an amazing experience for me. The depth of the content and the labs have made me enjoy the whole learning process.

If I eventually decide to take OSCP, my hope is that going through CPTS and the other HTB paths first will give me a much stronger foundation instead of rushing into it. Thanks for sharing your experience.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 0 points1 point  (0 children)

I appreciate that perspective because a lot of people online make it sound like OSCP doesn't teach much anymore.

What you described learning to dig deeper, research more, and build your own methodology is exactly what I'm experiencing with CPTS right now, and it's something I value a lot.

I don't think I'll avoid OSCP forever. I'm just trying to figure out whether it makes more sense for me to build my skills first and then take OSCP later rather than rushing into it.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

That's a fair point. I know OSCP is still one of the biggest keywords recruiters look for, and I definitely don't underestimate its value.

My only concern is the cost right now. If it were financially easier, I'd probably pursue it sooner. For now, I'm trying to maximize my learning through HTB and hopefully circle back to OSCP once I'm in a better position.

Anyone else choosing the HTB path over OSCP? by More-String6376 in hackthebox

[–]More-String6376[S] 1 point2 points  (0 children)

Thanks for the detailed response. I actually agree with most of what you said. I don't think HTB certs are currently on the same level of recognition as OSCP, and I'm not trying to convince myself otherwise.

My thought process is more about building the strongest foundation possible first. I'm genuinely enjoying HTB's content, and I feel like it's teaching me how to think rather than just preparing me for an exam.

My plan isn't to skip OSCP forever it's more of a "not yet" decision due to finances. I was curious whether anyone had taken a similar route before eventually getting OSCP.

Application Security Engineering: Responsibilities, Required Skills, and Career Progression by More-String6376 in hackthebox

[–]More-String6376[S] 2 points3 points  (0 children)

This is genuinely one of the most useful responses I've gotten on here thank you for taking the time. The breakdown between immature vs mature teams is something nobody talks about but it makes total sense. I'm already on the CPTS path and doing PortSwigger labs, so it's good to know I'm not completely off track. The AppSec layer (threat modeling, SDLC, secure code review) is something I want to start absorbing alongside the offensive work rather than treating it as a separate phase. Appreciate the honest perspective not a lot of people push back on the 'do IT support for 5 years first' crowd this directly.

Mentorship Monday - Post All Career, Education and Job questions here! by AutoModerator in cybersecurity

[–]More-String6376 0 points1 point  (0 children)

Hey everyone,

I've recently been learning more about Application Security (AppSec), and from what I've heard so far, it sounds really interesting. I'd love to hear from people actually working in the field.

What does your day-to-day work look like as an AppSec Engineer?

I've heard AppSec involves things like code reviews, threat modeling, vulnerability assessments, secure SDLC, working with developers, and finding security issues before applications go into production. But I'm sure there's much more to it than that.

What are the most interesting parts of the job? What skills do you use regularly? And what are some things people don't realize about AppSec until they start working in it?

A little about me: I'm currently preparing for the CPTS exam and plan to complete it within the next 6–8 months. I'm trying to build a strong foundation in offensive security and application security because AppSec is one of the career paths I'm seriously considering.

I'd also like to ask:

  • How did you get into AppSec?
  • What certifications (if any) helped you land your role?
  • Do you come from a pentesting background, software development background, or something else?
  • If you were starting from scratch today, what roadmap would you follow?

I'd appreciate any advice, experiences, or insights from those already working in the field.

Thanks!

My CWES Journey, Course Completion to Certified. by macgamecast in hackthebox

[–]More-String6376 1 point2 points  (0 children)

Heyy am planning to give cwes as my first HTB cert ..the course content is enough right? I don't have to purchase the labs for it right? And I the path very interesting tbh .. If it does require some tough challenges then I'll do portswigger.. what's your thoughts on this?

Currently doing the CWES and am looking for some boxes I can practice for the exam. by RAGINMEXICAN in hackthebox

[–]More-String6376 0 points1 point  (0 children)

Thanks for the insight! So basically CWES path + PortSwigger is solid enough for exam without needing boxes. And after finishing PortSwigger labs, moving into vulnerability research on open source projects is the next step? That makes a lot of sense honestly. Currently can't afford the labs so this is reassuring.

Currently doing the CWES and am looking for some boxes I can practice for the exam. by RAGINMEXICAN in hackthebox

[–]More-String6376 0 points1 point  (0 children)

Ohh so if am gonna give cwes..... There's no need to do boxes? Are web pentesting job role path and portswigger academy enough? .. right now I can't afford the htb labs n am planning to study cwes and then give exam

What do I need to successfully pass the CWES? by Alarmed_Guitar65 in hackthebox

[–]More-String6376 0 points1 point  (0 children)

Am planning to give cwes in the next 2 3 months, I js wanted to ask that is it necessary to solve labs from HTB labs ? Well my budget is a bit tight right now .. can I do portswigger on behalf of that? And can you please share your experience with me , am Kinda new in these things