Cybersecurity Certifications

How long does it take to study for OSCP?

ByDecipherU EditorialApril 2026

Direct answer · last verified 2026-04

OSCP preparation typically requires 3 to 6 months of dedicated study for candidates with existing penetration testing experience, or 6 to 12 months for those building offensive security skills from a general cybersecurity background. The exam is a 23-hour, 45-minute hands-on practical test. Most successful candidates report 200 to 400 hours of lab practice. The PEN-200 course from OffSec costs $1,749 (90-day lab access) to $2,499 (365-day lab access).

Cited primary sources

BLS, CompTIA, ISC2, NIST, CyberSeek inline. No paraphrased blog posts.

Updated quarterly

Every answer carries a last-verified date. Cron flags stale answers automatically.

Career-relevant

Each answer routes to the matching career guide, certification page, and assessment.

OSCP study time has a real distribution, and where you fall depends entirely on what you bring to the starting line. The Offensive Security Certified Professional exam from OffSec is widely treated as the most demanding entry-level penetration testing certification because it is a 23-hour, 45-minute hands-on practical test followed by a 24-hour report-writing window. There is no multiple-choice component. You either compromise the target network and document it professionally, or you fail. According to OffSec (2024) the exam covers Linux and Windows privilege escalation, web application attacks, Active Directory exploitation, and lateral movement.

Timeline by starting profile. Candidates with one to two years of cybersecurity experience plus comfort with Linux, networking, and scripting typically need three to six months at 15 to 20 hours per week. Candidates moving from general cybersecurity into offensive work need six to nine months. Complete career changers with no security background need 9 to 18 months and should not start OSCP preparation directly. Most successful candidates report 200 to 400 cumulative hours of lab practice on top of PEN-200 course material review.

What the preparation actually requires. Complete the PEN-200 course material end-to-end and every numbered exercise. Compromise all PEN-200 lab machines. Supplement with Hack The Box using TJ Null's publicly maintained OSCP-like machine list as a study guide. Run through TryHackMe's offensive security and Red Team paths. Practice Active Directory exploitation through machines like Forest, Sauna, Active, and the Hack The Box Pro Labs (Dante, Offshore) for sustained multi-host engagements. Build a personal methodology document that you refine through every machine.

The report-writing component catches most candidates off guard. The exam requires a professional penetration test report submitted within 24 hours of the practical session ending. Practice writing reports throughout your lab work. Use the OffSec report template. Document each compromised machine with reproducible steps, evidence screenshots, and clear scope adherence. A technically successful candidate can still fail OSCP by submitting a poor report.

Cost breakdown. PEN-200 with 90-day lab access: $1,749 (OffSec, April 2026 pricing). PEN-200 with 365-day lab access: $2,499. Subscription option (Learn One): $2,599 per year including PEN-200 and other OffSec course access. Exam retake fee: $249. Optional Hack The Box VIP subscription: roughly $14 to $20 per month. Total realistic investment runs $2,000 to $3,500 for first attempt depending on lab access duration chosen.

Decision logic on when to start. Start OSCP preparation if you can pass the OffSec PEN-200 entry assessment, you have completed at least 30 Hack The Box machines independently, you have stable Linux command-line fluency, and you have basic Python scripting skills. Delay OSCP if you are still working through CompTIA Security+ or PenTest+, if you have not yet built a functional home lab, or if you have less than six months of cybersecurity operational time. The credential is achievable for many people but not for everyone at the same time.

OffSec does not publish first-attempt pass rates. Community estimates put the rate at roughly 40% to 60% for well-prepared candidates per recurring Reddit r/oscp threads and writeups. The retake mechanism allows two additional attempts within twelve months of the original purchase, which makes OSCP forgiving of one failure even if it is hard on the wallet. OSCP itself does not expire once earned, making it a one-time investment in credentialing.

Tradeoffs to acknowledge. OSCP is hard. It rewards persistence more than intelligence. The lab time required is genuinely 200 to 400 hours, not a marketing number. Candidates with families or full-time jobs need to plan study cycles that respect the time commitment. The credential's hiring weight justifies the investment for dedicated offensive security careers, but it does not justify the investment for SOC analysts, GRC analysts, or security engineers who do not need offensive credibility.

For related context, see the related career entries for penetration-tester and security-engineer, the certification entries for oscp, comptia-pentest-plus, and gpen, and the glossary entry for penetration-testing.

Related Cybersecurity Career Guides

Penetration Tester→Security Engineer→

Related Cybersecurity Certifications

OSCP CompTIA PenTest+

Related Cybersecurity Terms

penetration testing vulnerability

Salary data is compiled from public sources including the Bureau of Labor Statistics and industry surveys. Actual compensation varies by location, experience, company, and negotiation. This information is for educational purposes only and does not constitute financial advice.

Sources

Bureau of Labor Statistics, Occupational Employment and Wage Statistics, May 2024 · Salary and employment data for cybersecurity occupations.
O*NET OnLine, version 28.0 · Cybersecurity work-role tasks, knowledge, and skills.
DecipherU Methodology · How DecipherU compiles cybersecurity career insights.

Last verified: 2026-04?Report an inaccuracy

This role lives inside a packaged path

Want the curriculum, comp delta, and recommended courses for this role?

DecipherU bundles cybersecurity roles into a small set of packaged paths. Each path has the curriculum sequence, the compensation delta it unlocks, and the recommended courses, all pre-set. Two ways in:

Take the 2-min Risk Score →Open the cybersecurity path hub →

Explore Related Cybersecurity Resources

Career GuidePenetration Tester cybersecurity career guideRead the full career guide for Penetration Tester roles Career GuideSecurity Engineer cybersecurity career guideRead the full career guide for Security Engineer roles CertificationOscp cybersecurity certification guideCost, exam format, and career impact details GlossaryWhat is Penetration Testing in cybersecurity?Plain-language definition and career relevance

Where to go next

Three next steps depending on where you are. The first two are free.

Free · 2 minutes

Start with the AI Risk Score

Two minutes. Tells you how exposed your current role is to AI automation and which defensive moves carry the best return.

Start the AI Risk Score →

Paid program · $147-$597

Aligned course: Career Transition

Capstone reviewed by the founder, published rubric, Ed25519-signed verifiable credential on completion.

View the course →

Free account

Save your results and track progress

A free account stores your assessments, recommendations, and an exportable copy of your Career DNA. No card needed.

Create your account →

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.