Certification Review and Summary

So far, I’ve embarked on a journey of upskilling myself with four certifications, paving my way to feel more confident and industry-ready. My ultimate dream? To step into the world of pentesting—because, let’s be honest, being a hacker is undeniably cool, right? 😎 But pentesting is a vast realm, filled with specializations like network pentesting, web app pentesting, mobile app pentesting, cloud pentesting, IoT pentesting, wireless pentesting, and the list goes on. For now, I’m focused on mastering network pentesting (both internal and external), cloud pentesting (API security, container security, CI/CD), and web application pentesting (various vulnerabilities and endpoints). Let me walk you through my certification journey and what I gained from each one.

1. CCNA: The Networking Bedrock 🛠️

My first certification was CCNA, which cost me around RM500 thanks to a generous student voucher discount (shout-out to the free voucher from the NetAcad module!). This was my launchpad into networking fundamentals. The CCNA course is a beast—covering everything from routing and switching basics to more complex topics. It took me a solid three months to wrap my head around it all. The exam, booked through Pearson VUE, combines MCQs and lab-based questions, so getting hands-on with Cisco commands is a must. My go-to resources? Jeremy’s IT Lab on YouTube and the official exam cert guide. My advice: practice labs like your life depends on it. It’s not just about memorizing terminology; it’s about knowing how to navigate and troubleshoot in real scenarios. 🖥️

2. CompTIA Security+: The Big Picture Lens 🔍

Next up was CompTIA Security+, which, fair warning, cost a hefty RM1600 back when I took it (no vouchers this time 😅). If you’re eyeing this one, I recommend completing the Google Cybersecurity Certificate first for a nice 30% discount. This cert was an eye-opener, giving me a bird’s-eye view of cybersecurity. It doesn’t just scratch the surface—it dives into physical security, cloud security, potential threats, and mitigation strategies. To prep, I relied on Professor Messer’s YouTube videos and the official cert guide. Just a heads up: there’s a ton of terminology to digest, so flashcards were my lifesaver. 💡 While it’s great for foundational knowledge, don’t expect hardcore technical skills from this cert—it’s more of a stepping stone.

3. HCIP Routing & Switching: The Deep Dive 🌊

Thanks to representing Malaysia in Huawei’s competition, I got to take the HCIP Routing & Switching certification for free (thanks, Huawei Academy!). Think of it as CCNP’s cousin but with fewer vendor-specific nuances. This one went deep—like, really deep. Passing meant I needed to know the tiniest details about topics like MPLS VPN, Advanced IGP and EGP, multicast, MSTP, VRRP, and even the basics of SRv6 (which I pursued further on my own). Even though it’s just an MCQ-based exam, don’t be fooled. Memorizing questions won’t cut it—you’ve got to understand the nitty-gritty of protocols and configurations. Lab practice is your best friend here; it’s where theory turns into real understanding. 🔧

4. OSCP: The Hacker’s Playground 🕹️

Last but definitely not least, the crown jewel of my journey so far: the Offensive Security Certified Professional (OSCP). This one cost me a cool RM8000—yeah, it’s pricey, but worth every cent. OSCP is where I truly learned to think like a hacker. Unlike other certs, it felt like playing a high-stakes game of Capture The Flag (CTF). The goal? Compromise machines by collecting flags (both local.txt for initial access and proof.txt for privileged access). You have 24 hours to hack into various machines and submit a detailed report—no pressure! 😅

The course didn’t go super deep into any one topic but covered a wide range of concepts, giving me a taste of how real attackers operate. While it’s known as the “golden standard” for HR screening (I love that phrase, stole it straight from the internet), it’s not the most technically intense course out there. If you’re after hardcore training, platforms like Hack The Box Academy offer more depth. But OSCP gave me the push to recap all my prior knowledge and apply it in ways I hadn’t before. Some chapters had those jaw-dropping moments where a vulnerability could be exploited in ways that totally shifted my perspective. 💥

To pass OSCP, practice is key. I can’t stress enough how helpful Proving Grounds and other machine labs are. And for tackling Active Directory, following Lainkusanagi and TJnull’s lists were game-changers, covering essentials not fully explored in the official materials and sharpening my skills for internal environments.

And that’s my certification journey so far! Each one has been a building block, bringing me closer to my pentesting career goals. If you’re thinking of upskilling or are just starting out, I hope my experience gives you a bit of direction. Onward and upward! 🚀

This post will never end. Next target > Certified Kubernetes Administrator, AWS solution architect professional.

Above blog is generated with the help of GPT XD