The Offensive Security Certified Professional Plus, or OSCP+, is the newest addition to the cadre of certifications offered by Offensive Security (OffSec), the shadowy overlords of hardcore cybersecurity training. If you’re familiar with the regular OSCP and its hallowed “Try Harder” mantra, the OSCP+ is, essentially, the OSCP with a shiny new sticker and an expiration date slapped on it. Yep, the lifetime bragging rights of your original OSCP have now evolved into a three-year cycle of proving you still remember how to pivot, escalate, and pop shells like it’s 2015.
The OSCP+ aims to separate the wheat from the chaff among OSCP holders who may have gotten cozy since their certification days. It offers a more “up-to-date” badge that confirms that you can not only exploit vulnerabilities to hack into machines but also that you have sweated your way through an up-to-date exam as of November 2024.
Why Did OffSec Create OSCP+?
OffSec claims the OSCP+ is all about maintaining relevancy in a field that shifts faster than a cat meme’s half-life. The official line is simple: the industry evolves, and so must certifications. Thus, they’ve made sure the OSCP+ will expire every three years unless you prove your mettle again by passing a recertification exam, snagging another OffSec badge, or participating in their soon-to-be-detailed Continuing Professional Education (CPE) program.
On top of that, OSCP+ likely nudges OffSec closer to getting approved for the Department of Defense (DoD) Directive 8140, which is the cybersecurity workforce framework that essentially dictates which certifications Uncle Sam will respect. Certifications like CompTIA PenTest+ (a decent effort but often treated as a junior pen tester’s learner’s permit) and CEH (Certified Ethical Hacker—a name that makes real hackers roll their eyes so hard they can see their own brain) are already on the list. Adding the OSCP+ could give OffSec’s flagship credential a better shot at being officially sanctioned by the U.S. military’s policy wonks. And considering how many government contracts hinge on having DoD-approved staff, this isn’t just a minor credentialing facelift—it’s a savvy business maneuver.
What’s the Difference Between OSCP and OSCP+?
In broad strokes, the OSCP is the no-expiration, hang-it-on-the-wall cert that says, “I passed a grueling 24-hour exam, and I’m still alive.” The OSCP+, meanwhile, is like that same cert, but it comes with a clock ticking away in the corner, reminding you to refresh your skills or risk losing that fancy plus sign. The main distinction lies in the timeline and the recertification requirement. OSCP holders can rest on their laurels indefinitely; OSCP+ holders need to renew every three years or stay active with other OffSec certifications or a recertification exam.
Detailed Breakdown of OSCP vs OSCP+
| Aspect | OSCP | OSCP+ |
|---|---|---|
| Validity Period | Lifetime | 3 years |
| Recertification Required | No | Yes, within 3 years |
| Additional Learning Path | Optional | Encouraged (via CPEs or other OffSec certs) |
| Recognition | Established, widely respected | Newer, building recognition |
| Content | PEN-200 course, last major update in 2023 | Same PEN-200 content, no significant updates yet |
| Active Directory Focus | Present but not mandatory | Included, potentially more emphasized |
Should OSCP Holders Try for OSCP+?
Short answer: Probably not. Although OffSec will allow current OSCP holders to take the new exam for OSCP+ for $199 instead of the usual $799 from now until March 31, 2025, OSCP+ is likely too niche to justify the exam fee, even with the discount.
Longer answer: No, unless you have very specific needs that align with what the OSCP+ offers. The OSCP+ might look appealing if you’re aiming for a government job or anticipate DoD 8140 changes that would necessitate the OSCP+. But for most OSCP holders, the cost and effort of retaking an essentially unchanged exam is not justified. The PEN-200 course hasn’t seen significant content updates since 2023, so retaking the OSCP+ is essentially a déjà vu experience.
A more productive path would be to move forward with the OSEP (Offensive Security Experienced Penetration Tester), which builds on PEN-200 and provides valuable skills that go beyond simply refreshing your OSCP knowledge. While the PEN-300 course hasn’t been overhauled in a while either, it offers more depth and actual progression. Alternatively, if your wallet can take the hit, the GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) remains a top-tier choice for showcasing advanced pen testing chops.
An OSCP Veteran’s Take on OffSec and the OSCP+
OffSec used to be the punk rock band of the cybersecurity world: raw, authentic, and unconcerned with mainstream acceptance. But lately, they’re inching toward that dreaded EC-Council territory, where squeezing dollars out of the brand seems to trump adding value. Certifications like OSDA (Offensive Security Defensive Analyst), OSIR (Incident Responder), and OSTH (Threat Hunter)—none of which are truly “offensive”—signal a shift that’s hard to ignore. If OffSec’s new offerings feel like a cash grab, that’s because they might be.
However, let’s give credit where it’s due: OffSec hasn’t watered down the OSCP, OSWE (Web Expert), or OSCE³ (Certified Expert III). These certs remain brutally difficult, earning them continued reverence from CISOs and hiring managers who know their stuff. So, while I’d bet a month’s worth of Starbucks that the OSIR, OSDA, and OSTH won’t ever grace the list of “must-have” credentials, the gold standard trio (OSCP, OSWE, OSCE³) should stay valuable so long as OffSec doesn’t ease up on their rigor.
As for OSCP+? Don’t expect a hiring manager worth his salt to be dazzled by the extra punctuation at the end of your cert. If you earned your OSCP before the 2023 PEN-200 update and the job you’re eyeing involves a fair amount of Active Directory penetration testing, then, maybe—just maybe—the OSCP+ might make you look a tiny bit shinier. But for everyone else, the traditional OSCP already proves that you have the mental stamina to endure sleepless nights, a near-masochistic learning curve, and the fortitude to compromise multiple machines in a single 24-hour window. That’s the kind of grit that counts!
2 responses
I am considering getting the Pen-200 Learnone bundle during the black Friday sale. so if I pass the exam now, i can only get OSCP+??
No, you will get both OSCP and OSCP+.