Home Articles Projects About
OSCP+ Certification OSCP Certification
Oliver Jones

My Journey to OSCP: From Chef to Cybersecurity Professional in 7 Months

📅 Published: August 6, 2025 👤 Author: Oliver Jones

Before It Began - whoami

When I started my journey, I had been working in a restaurant for over 3 years. I moved to Oslo to pursue a culinary career, starting off as a dishwasher at Sumo Restaurant in Solli Plass. My goal was to climb the ladder, and I saw this as an opportunity to get my foot in the door. Working in the back-kitchen meant many late nights, finishing my shifts between 1:00-4:00 AM over the summer.

I knew I wanted to become a chef, and after some months I was given an opportunity to do so. Working hard to learn as much as I could about all aspects of the kitchen, I quickly leveled up and reached the same competency as my peers. When I became a chef, I didn't settle, I was always eager to learn everything I could get my hands on. In the beginning, it seemed like I was doing extra work beyond my responsibilities, but I knew I had to prove I was ready for advancement.

Hot food for catering Hot food for catering Sushi for catering Sushi for catering Oliver in the kitchen Me in the kitchen

Waiting for another opportunity, I was eventually promoted to Sous Chef at Sumo Restaurant Bjorvika. My Head Chef understood my ambition and was kind enough to teach me as much as possible. When she left to pursue another opportunity, I was promoted to Head Chef! I spent approximately 2 years in this role. There were many responsibilities as a head chef, but my favorite was filming content with influencers and the marketing team for social media.

Teaching Kathrine Sorland Teaching Kathrine Sorland how to make sushi Teaching marketing team Teaching the marketing team how to make sushi

Month 1

I had been planning on studying, so I saved up enough money to support myself for 1 year. I quit my job, with my last day in early January 2025. My only prior cybersecurity experience was completing the Offensive Pentesting learning path on TryHackMe and competing in the Equinor EPT CTF, where my team won one of the challenges (Cyber Shooting Range).

CTF Leaderboard Points from challenges CTF Leaderboard My team in top spots 1-5 for the cyber shooting range challenge Stage photo Me on the far right of the stage

I met someone in cybersecurity who suggested I aim for the OSCP certification to land a job in the field. So I began studying. Since I didn't have much experience, the TryHackMe learning path taught me all the fundamentals and guided me through the process.

Month 1 Summary

Month 2

I needed more advanced content to solidify my learning and wanted to complete boxes independently without relying on writeups. After research, I decided to complete TCM Academy's Practical Ethical Hacking, Linux Privilege Escalation for Beginners, and Windows Privilege Escalation for Beginners courses before signing up for OffSec's PEN-200.

These courses were invaluable for building my notes and understanding hacker methodology. At $20/month, they're essential before moving to more expensive courses.

Month 2 Summary

Month 3

After completing the TCM courses in Month 2, I spent Month 3 doing boxes daily from TJ Null's HTB list ($25/month) and OffSec's free Proving Grounds Play. I constantly referenced, added to, and improved my notes. Doing boxes using your own notes is crucial for identifying knowledge gaps.

Looking at writeups is acceptable during this stage, but never without first referencing your notes, double-checking your work, and trying all known methods.

Month 3 Summary

Month 4

After gaining confidence and solving about 50% of machines independently, I signed up for the PEN-200 course + exam bundle ($1749 at the time). I prioritized completing the PEN-200 course this month. Having taken TCM Academy courses, I skimmed familiar sections to save time.

I wasn't completing boxes daily but focused on the course, which includes lab questions with VMs to apply concepts. I still completed 2-4 easier boxes weekly from TJNull's PG Practice list to maintain methodology. PG Practice boxes are crucial as they're similar to OSCP exam machines in format and difficulty.

Month 4 Summary

Month 5

In the first two weeks, I finished the PEN-200 course while continuing 2-4 boxes weekly. After completing the course, I started doing 2-3 boxes daily and refining my Active Directory methodology and notes. By month's end, I completed all TJNull's PG Practice boxes (Linux and Windows).

Avoid writeups at all costs, even if you need to pause a machine and continue later. Good notes make it easy to resume. Knowing when to move on is crucial for the OSCP exam. Don't spend more than 3 hours fully compromising a single machine.

Develop personal checklists for compromising machines to identify missed attack vectors.

Month 5 Summary

Month 6

By now, I was completing 2-3 boxes daily and scheduled my exam for mid-June. In the two weeks before the exam, I focused on Active Directory using PEN-200 notes and Challenge Labs to solidify AD exploitation methodology. The final week, I prepared an exam report template and practiced with Challenge Labs.

Bonus resource for AD exploitation: AD Exploitation Mindmap

I took the exam and failed. My mistakes: not completing all PEN-200 Challenge Labs, having methodology gaps, and chasing rabbit holes instead of moving on. I was close to passing and confident I'd succeed next time. I booked my next attempt exactly one month later.

Month 6 Summary

Month 7

I patched methodology gaps by completing all Challenge Labs and continued daily machines on HTB and Proving Grounds, writing practice reports for each. I treated every environment as an OSCP exam attempt, completing at least 3 standalone machines plus 2-3 AD sets daily. Creating custom AD configurations provides additional challenges.

This month focused on handling edge cases. Completing numerous machines helps identify these vectors, document them in your notes. You should be comfortable compromising machines and taking comprehensive notes/screenshots in under 2 hours.

I retook the OSCP exam and passed!

Month 7 Summary

TL;DR

If you work hard, identify weak points, complete 100+ vulnerable machines independently, and practice 3-5 AD sets, you'll pass. Simulating exam conditions familiarizes you with the real test, providing a significant advantage.