Offsec Academy - 13 Weeks Of Intense Pwk Training

Offensive Security Academy: 13 Weeks of Intense PWK Training

By Jim O’Gorman

So here we are, roughly six months into a historic pandemic and everything that comes with it. While we continue to make faltering steps to return to normal, and desperately try to remember what normal even was, the world continues to spin, business still needs to be conducted, and students still need to be trained. Necessity is the mother of invention, and with our inability to travel and deliver live training we wanted to offer something that was at least as strong as, if not better than, what we do in the live class.

Now that the first run of OffSec Academy is complete, we thought it would be nice to take a step back, go over some lessons learned, and discuss where we are going next.

OffSec Academy: The Desire

We had some live training that was supposed to start up shortly after quarantine started, and we had a pretty short clock to put together a solution. The easy thing to do would have been to try to reproduce the week of live training, delivered via video conference. Students would have understood, and it’s what was expected given the situation.

The problem was, we were not excited about doing that at all. We love doing live training, we love building relationships with the students, we love watching that moment of realization where a student recognizes a level of empowerment they never thought possible. That’s not really going to happen in a video conference. Additionally, the majority of our live classes are hands-on work. While the students work on the exercises, we go around, look over their shoulder, and give them help when they need it. That one-on-one time, while short, is a critical component of student growth. How do you do that via video conference?

At the same time, after so many years of teaching live courses, there are parts of the live experience that have always been frustrating but were unavoidable due to the logistical challenges of a live class. When taking PWK online, you have so much more time to spend on challenging material. There is no one telling you, “Only 20 more minutes, then we have to move on.” The online course has much more capacity for depth due to time availability, and that’s super valuable.

Our desire with Academy was to take the best of live training and smash it together with the best of the online course. Could we build a solution with no compromises? Could we create the best delivery method for PWK? That was our goal with OffSec Academy – not just something to get by, but rather a long-term, high-value option that continues to be viable even after the world returns to normal.

OffSec Academy: The Concept

At the highest level, if we isolate the most important parts of the live course, it comes down to interaction. When we teach in a live class, we can watch the students, read their faces, see when things are clicking and when they are not, know when to elaborate more and when to move on, and rephrase explanations when the initial one did not work. In exercises, we can watch the students and see when they are getting frustrated, when we need to step in and help. (Believe it or not, we find more often than not that students don’t ask questions when they should.) Most importantly, when helping a student, we can walk the line of providing the student only as much help as they need for them to find the solution themselves.

The biggest sin we can commit as instructors is to take the moment of success away from a student by giving them the answer.

From the online course, we really wanted to lean heavily into the quality videos, PDF, and lab. The depth of coverage in that holy trinity of PWK can’t be beat. Taking the time to learn and understand what’s contained in the PDF and videos and putting that to work in the lab is the most important aspect of preparing for the OSCP certification.

How did we put this together? Based on our metrics, there are a few factors that make up the profile of a successful student. OffSec Academy is intended to help guide students to fall into this profile by default.

The core factors we use push the students into this profile are time in the labs, encouraging them to complete as many lab systems as possible. In general, we find a direct correlation between the number of systems that students complete in the PWK lab and the likelihood of passing the OSCP exam on the first attempt. Therefore, the best way to prepare for the OSCP exam is to take full advantage of the PWK labs, tackling as many machines as possible.

Additionally, this typically comes from spending 90 days or more in the PWK labs. It’s often overlooked, but we have to remember the PWK labs are tightly coupled with the courseware. The lab targets are there specifically because they will help students practice the concepts and pass the exam. If they’re not working through those lab targets, they are missing a core part of the course.

OSCP Pass Rate vs PWK Lab Machines Worked

With a 90-day structure, we have 13 weeks for study. We broke up those 13 weeks to cover the entirety of the courseware, with a CTF thrown in toward the end to allow for some practice hacking under stress, measuring skill level, and determining where students need to focus their practice before the exam.

We are able to deliver this with weekly group meetings covering the most critical aspects of the courseware, one-to-one meetings with students to cover items they wanted specific assistance on, and a private, ongoing, real-time chat between the instructor team and the students.

All in all, this ended up providing more hours of interaction than the live class. At the same time, instead of a single week (as with the live training), students have 13 weeks to dive deep into the content and come up with complicated questions for us. All the while, the labs are there to focus on and work to clear targets.

OffSec Academy: The Execution

So how did it go?

Amazingly well for a first run. We had a great group of students who were a pleasure to work with and really put in a ton of effort. It was great building a personal connection with them over the 13 weeks, and we really got an individualized sense for what they needed, how to deliver on it, and how to get them where they needed to be.

Was it all perfect? No, of course not. There are some changes that we saw pretty quickly we needed to make. The week-by-week meetings were super useful, but it was a marathon. Introducing skip weeks to allow students to catch up was done to keep the pace reasonable. There were some minor logistical items we changed up as we went to optimize interaction.

Having taught I don’t know how many live clases, I have to say I am very pleased with this outcome. When a live class ends, you have a sense you are leaving behind friends. That was the same sense we had on the last scheduled call, which I took as a good thing. To offset this, we set up a special OffSec Academy Alumni chat that we can use to stay in touch long-term.

OffSec Academy: The Future

So, what’s next for OffSec Academy? Grow, expand, and do more!

We don’t know when the world will open back up and it will be safe to travel again. But even when that happens, OffSec Academy will stay around. It has proven to be a strong and unique way to work through PWK. We look forward to future classes and future students!

Want to take PWK in our Academy setting? Head to the Academy page to learn more and fill in the form if you’re an individual student, or contact our training consultants to arrange training for a group.


Jim O’Gorman is Chief Content and Strategy Officer and a member of the leadership team at Offensive Security. He began his tech career as a network administrator with a particular talent for network intrusion simulation, digital investigations, and malware analysis. Jim started teaching for OffSec in 2009 as an instructor for the Penetration Testing with Kali (PWK) course — a role he still enjoys. He went on to co-author Metasploit: The Penetration Tester’s Guide and Kali Linux: Revealed, and has developed and curated a number of OffSec courses. As the Chief Content and Strategy officer, he currently oversees the open source Kali Linux development project and participates with OffSec’s Penetration Testing Team.