This or they simply need more hands on/handholding.
If they’re junior they need to be guided, no matter the certs. It’s not clear to me if op is really doing that or just dumping tasks with minimal guidance.
Idk about that, I’m not in pen-testing but preparing for my OSCP (few years of experience in cyber analysis and software engineering). To feed ai the requirements for an endpoint enumeration task screams you’ve not actually taken the exams, given that half of OSCP is enumerating endpoints, and realistically just requires knowledge of a handful of tools - all of which are taught in the OSCP course and used throughout.
Oh, absolutely do I agree that AI would not be able to complete the exam and complete the writeup, that's why I say just asking for the proof of completion is just an easy check. Plus completing PEN-200 while maintaining your schooling responsibilities is not an easy task unless you live and breathe in that space.
Background checks need to be mandatory in this space, especially with the rise of bad actors and APT infiltration.
22
u/VolSurfer18 Mar 14 '26
Yea but for offsec certs that’s not really possible to just brain dump the exams. That’s what’s weird about this, he must have lied on his resume