OSCP prep — how realistic is the 90-day timeline for someone with 2 years SOC experience?
I'm planning to start the OSCP PWK course and I'm trying to figure out whether 90-day lab access is enough or if I should go straight to 180. I've got about 2 years of experience in a SOC analyst role, I'm comfortable with Linux, can write basic Python and Bash, and I've done about 40 TryHackMe rooms and 15 HackTheBox machines, mostly easy to medium. I passed the eJPT last year which I know is nowhere near OSCP-level.
My concern is that even people with solid pentesting backgrounds report spending 60-70 days just getting through the course material before they feel ready for the labs. If that's true for experienced people, I'm worried 90 days won't leave enough time to actually practice on the lab machines — which from everything I've read is where the real exam preparation happens.
I've been doing prep work for the past 6 weeks: TJNull's HTB list specifically, buffer overflow practice, and reading through the older PWK PDF. I'm averaging about 2-3 hours a day on weeknights and 6-8 hours on weekends. For someone with my background studying to become an offensive security certified professional, does 90 days sound reasonable or is 180 the safer call?
I don't want to pay the extra $200 for 180 days if I don't need it, but I also really don't want to rush the exam and burn my first attempt on a timing issue.
With your background and the prep you've already done, 90 days is realistic but tight. The people who blow through 90 days too fast are usually the ones who treat the course material as the main event — it's not. Skim the material for stuff you already know and get into the labs as fast as possible. That's where you actually build exam skills.
One thing nobody mentions: the Active Directory set in the exam is now worth a significant chunk of points and it wasn't heavily emphasized in the original PWK material. Make sure you're doing AD-focused practice — the PG AD labs or Vulnlab if you can access them. That gap caught a lot of people who passed the older format.
I went with 90 days on my first attempt with roughly your background and passed on the first try with about 80 points. The buffer overflow section in the labs is faster than people say if you've already practiced it, which frees up more time for the harder machines. 90 days is the right call if you're serious about your daily hours.
TJNull's list on HTB and PG is exactly the right prep. If you've genuinely done 15 HTB machines on your own without walkthroughs you're ahead of most people starting OSCP. The exam is hard but it's a different kind of hard than HTB — more methodical, less CTF-style, which is actually a good thing for people with real work experience.