Earning an Offensive Security certification is an impressive accomplishment. Recognized by employers and peers alike, the experience and knowledge derived from an OffSec certification is invaluable. Whether it’s to advance your career, freshen up your technical skills, or simply to challenge yourself, an Offensive Security training course is a significant, multi-month commitment.
Only a handful of students in Offensive Security history have ever completed all of our available courses. Considering the wide range of module topics and the high difficulty level that comes with each course, it’s a monumental accomplishment.
Meet Csaba Fitzl, a seasoned penetration tester and graduate of all five Offensive Security courses.
A world traveler by nature, Csaba was born in Hungary and moved to Israel in his early schooling years. When it came time for university, he then returned to Hungary to pursue a master’s degree in “Technical Informatics” (a regionally fancy name for computer engineering). After completing his degree and beginning his technology career, he and his family settled down in a quiet, suburban area of Budapest.
Csaba’s interest in cybersecurity sparked from a simple 2011 conversation with a friend. One of his graduate peers was working some information security jobs and mentioned pursuing the profession of ethical hacking, which piqued his interest. Fast forward a year and a cybersecurity position opened up at Csaba’s company. He immediately applied for the role and was accepted.
With the new role came many exciting opportunities to learn and continue his technical training. Around the same time of starting the new position, and in an effort to continue his technical training, Csaba began pursuing Offensive Security credentials:
“It became clear to me that OffSec trainings and exams were the correct path for my learning. There were also some Hungarian acquaintances of mine who passed OSEE around the same time, and I knew that I couldn’t stop learning…I have done other trainings along the way as well, and there were only a handful of comparable to yours in depth or advancement.”
With a background in network administration and security, the first course Csaba enrolled in was Offensive Security’s Wireless Attacks training (WiFu), a course focusing on the skills needed to audit and secure wireless devices. After completing WiFu and earning his OSWP, he then spent the next several years progressing through other Offensive Security curriculums, adding the OSCP, OSCE, OSEE, and OSWE to his technical accolades.
He completed his last remaining Offensive Security course, AWAE, in June of 2019. For a student who has seen it all, we asked him what advice he would give to other students pursuing Offensive Security credentials:
“Enjoy learning, be curious, and be ready to sacrifice time for it. Try harder of course. I mean you can learn many things along the way, but you will always run into something unknown where you will be on your own, and if you can’t get through that, no one else will give you the answers. Learn methodologies and ways to approach different problems. Persist and don’t give up on your goals. Learn, read books, blogs, practice a lot, develop tools/scripts. Maybe most importantly be ready for a very long, multi year journey. Don’t tempt yourself into achieving everything in a year or two, it’s simply impossible. It’s also extremely important for your family to support you through the journey, as it will be a massive time commitment and the last thing you want is to upset them”
When asked what Offensive Security course posed him the most difficulty, his response was revealing:
“If I look at time dedication, then PWK (OSCP). If I look at the hardest topic, then AWE – by the way to this date that’s my all time favorite training. It was super hard, and my brain melted down after two days (and not just because of the heat in Las Vegas)! Maybe I’m a masochist, but I really enjoyed it.”
As a seasoned penetration tester and accomplished Offensive Security student, he wanted to provide some advice to new students pursuing a similar career path:
“Be sure to set achievable goals, don’t set something too easy or too hard. This area can really suck you in, and you will start doing this outside of work – I see it with myself. Spend lots of time focusing on your children, partner, and hobbies. Don’t burn out. Find a job that will satisfy your InfoSec curiosity during work time so you can adequately focus on other things after work.”
Outside of the infosec world, Csaba is an avid nature enthusiast. In his own words, he loves to “hike, hike, and hike.” Not far from his home in Budapest lies the Alps and the Carpathian mountains, which allow ample opportunity for him to get into nature:
“In recent years I started to do trekking, which is multi-day hiking with a backpack going along a longer trail. For me it’s very relaxing and I love to see the trail I have done, and which I’m going to do. It’s really not about the end goal, but the journey itself. As Bilbo said in the Lord of the Rings: ‘It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don’t keep your feet, there’s no knowing where you might be swept off to.'”
In an age where burnout is a very real threat facing infosec employees, it’s encouraging to see seasoned penetration testers like Csaba pursue their technical passions while also maintaining a health focus on family, friends, and hobbies.
If you’d like to get into contact with Csaba, he can be reached on Twitter at @theevilbit.