Suggestions regarding the Offsec career
I have a question for people who have completed PEN-200 / OSCP or PEN-300.
I will soon be graduating and recently spent most of my time preparing for M.Tech entrance exams. During that process I mainly built theoretical CS knowledge — networking, operating systems, databases, data structures, etc. But I did not spend much time building practical offensive security skills.
Now I am trying to understand how realistic it is to prepare for OSCP during M.Tech alongside coursework, CGPA pressure, placements, projects, etc.
I wanted to ask:
How long did it take you to prepare seriously for PEN-200 / OSCP or PEN-300?
Roughly how many hours per day were you spending?
Is it manageable alongside a demanding academic schedule?
How much does institute/college brand value matter in offensive security careers compared to actual skills, certifications, labs, CTFs, research, and real experience?
Can someone from a non-elite institute still reach high-paying/offensively strong roles if they consistently build strong practical skills?
I’m trying to understand whether I should prioritize institute brand heavily or focus more on long-term practical skill building.
Would appreciate honest experiences from people already working in the field.