OSCP Certification Overview

The Offensive Security Certified Professional (OSCP) is a hands-on penetration testing certification issued by Offensive Security (OffSec) and widely recognized as a performance-based credential within the offensive security sector. Unlike multiple-choice examinations, the OSCP requires candidates to compromise a set of target machines within a controlled environment under timed conditions, producing documented proof of exploitation. The certification anchors a practitioner's standing in roles spanning penetration testing careers, compliance-driven engagements, and contract security assessments across the United States.

Definition and scope

The OSCP is administered by Offensive Security, the organization responsible for developing Kali Linux and the Penetration Testing with Kali Linux (PWK) course that serves as the official preparatory curriculum. The credential sits within the offensive security certification landscape as a practitioner-tier qualification — positioned above entry-level theoretical certifications and below advanced specializations such as the Offensive Security Experienced Penetration Tester (OSEP) or Offensive Security Web Expert (OSWE).

The OSCP's defining characteristic is its 24-hour practical examination. Candidates must achieve a minimum passing score of 70 points out of 100 by successfully compromising machines in an isolated exam network, then submit a professional penetration test report within an additional 24 hours. This documentation requirement reflects real-world penetration testing reporting standards and distinguishes OSCP from purely technical exercises.

The credential is broadly cited in federal and private-sector hiring contexts. The U.S. Department of Defense Directive 8570/8140, which governs cybersecurity workforce requirements for personnel with elevated system access, lists OSCP as an approved credential under the Compute Environment/Operating System (CE/OS) category at the advanced level, per DoD 8140 Cyberspace Workforce Management policy. This inclusion makes OSCP relevant to penetration testing for government agencies and contractors operating under federal compliance requirements.

How it works

The OSCP certification process follows a structured sequence:

1. Course enrollment — Candidates enroll in the PWK (PEN-200) course through Offensive Security, which provides lab access alongside the course materials. Lab subscriptions are sold in 30-, 60-, and 90-day increments.
2. Lab practice — The PWK lab environment contains a live network of machines with varying operating systems and vulnerability profiles. Candidates practice enumeration, exploitation, and privilege escalation techniques in a legal, sandboxed setting.
3. Exam registration — After sufficient lab preparation, candidates schedule a 24-hour exam window through the Offensive Security candidate portal.
4. Exam execution — The exam network consists of standalone machines worth defined point values. At least one machine requires a buffer overflow exploit. Candidates must reach 70 points to pass; partial credit is awarded for low-privilege shells on higher-value targets.
5. Report submission — Within 24 hours of exam conclusion, candidates submit a professional-format penetration test report documenting each compromised machine, the exploitation path, proof screenshots, and remediation recommendations.
6. Grading and certification — Offensive Security staff review the report. Candidates who meet the technical and documentation thresholds receive the OSCP certificate. Failed candidates may retake the exam after a waiting period, with additional exam attempts available for purchase.

The examination's emphasis on exploitation techniques and post-exploitation methodology — including lateral movement within networked environments — maps directly to the phases outlined in penetration testing methodology frameworks used in professional engagements.

Common scenarios

Pre-employment qualification — A substantial portion of penetration testing job postings in the United States list OSCP as a preferred or required qualification. Security firms and managed security service providers (MSSPs) frequently use OSCP as a baseline filter when evaluating candidates for junior and mid-level testing roles.

Federal contractor compliance — Organizations operating under DoD contracts and subject to CMMC (Cybersecurity Maturity Model Certification) workforce requirements may cite OSCP-certified staff when demonstrating technical competency. OSCP's inclusion under DoD 8140 supports this application.

Credential differentiation in competitive bids — When hiring a penetration testing firm, procurement officers in regulated industries — including financial services and healthcare — sometimes use OSCP certification as a proxy for demonstrated technical capability, particularly when evaluating firms without an established engagement history.

Career advancement from adjacent roles — Network engineers, system administrators, and security operations center analysts use the PWK/OSCP pathway to formalize offensive security competency. The hands-on lab structure provides repeatable practice that maps to real-world network penetration testing and web application penetration testing scenarios.

Decision boundaries

OSCP vs. CEH vs. GPEN — The Certified Ethical Hacker (CEH), issued by EC-Council, and the GIAC Penetration Tester (GPEN), issued by GIAC/SANS, represent the primary credential alternatives at the practitioner level. CEH is a knowledge-based examination with no mandatory exploitation component; it is accepted under DoD 8140 at the intermediate level. GPEN includes a proctored examination with practical elements but does not require the same 24-hour autonomous exploitation session. A detailed side-by-side of these credentials appears in CEH vs. OSCP vs. GPEN. For roles explicitly requiring demonstrated exploitation skill — rather than compliance-oriented knowledge verification — OSCP is the de facto industry standard in the U.S. market.

OSCP vs. bug bounty participation — Bug bounty programs, discussed in bug bounty programs vs. penetration testing, provide a separate validation pathway through real-world vulnerability discovery. OSCP certifies methodology and structured assessment capability; bug bounty reputation signals opportunistic discovery. Employers in formal compliance contexts typically weight OSCP more heavily when structured engagement reporting is required.

Scope of recognition — OSCP does not carry a recertification requirement through a formal continuing education model; once earned, it does not expire. However, Offensive Security updates the PWK course content periodically to reflect current attack techniques, meaning candidates who earned the credential under earlier course versions (pre-2020 PEN-200 revision) may be evaluated against updated technical expectations by sophisticated hiring teams. Practitioners should verify the course version associated with a listed certification when assessing candidate qualifications.

Applicability to compliance-mandated testing — While OSCP demonstrates practitioner competency, the credential itself does not fulfill penetration testing mandates under frameworks such as PCI DSS or HIPAA. Those frameworks specify testing scope, frequency, and methodology requirements — not specific certifications. OSCP-certified staff performing such engagements contribute to but do not independently satisfy those regulatory obligations.

References

• Offensive Security – OSCP Certification and PEN-200 Course
• NIST SP 800-115, Technical Guide to Information Security Testing and Assessment
• DoD 8140 Cyberspace Workforce Management – Approved Baseline Certifications
• PCI DSS v4.0, Requirement 11.4 – PCI Security Standards Council
• Computer Fraud and Abuse Act, 18 U.S.C. § 1030 – Cornell Legal Information Institute
• GIAC Penetration Tester (GPEN) – GIAC Certifications
• EC-Council Certified Ethical Hacker (CEH)