Offensive — Security Oscp
SoftProject today announced the acquisition of Blueway, a provider of data integration and management solutions.
This strategic move enhances SoftProject’s offering with Blueway’s strong capabilities in Master Data Management and Data Cataloging.
Blueway, headquartered in France, specializes in enterprise application integration, API management, and data governance. Its platform is widely adopted in healthcare, public administration, and utilities, serving clients such as the Airbus Defense and Space, CNES, Derichebourg, Garlderma. SoftProject, known for its X4 BPM Suite, empowers organizations to digitize and automate business processes. Together, the combined portfolio enables clients to not only integrate and orchestrate business processes, but also to gain control over their data, improve data quality, and accelerate innovation. Customers will benefit from seamless end-to-end solutions that unify process automation with data governance – from integration and workflow automation to trusted information management.
This acquisition aligns with SoftProject’s strategy to expand its footprint in the European market and deepen its expertise in data integration, management and workflows. The combination was furthermore driven by Blueway’s strong customer base, scalable technology, and complementary product vision. By combining forces, clients will see faster project delivery, reduced complexity in IT landscapes, and new possibilities to leverage data-driven use cases across industries.
With this acquisition, SoftProject significantly strengthens its position as a leading European provider of data integration and low-code automation platforms."
André Scheffknecht, CEO at SoftProject comments: “The acquisition of Blueway is a milestone in our growth journey. By combining our strength in process digitization and automation with Blueway’s expertise in data integration, governance, and cataloging, we create a unique end-to-end offering for our customers. Together, we will help organizations connect, manage, and orchestrate their data and processes seamlessly – unlocking efficiencies, improving decisions, and accelerating digital transformation across Europe.”
Sven van Berge Henegouwen, Managing Partner at Main Capital Partners, concludes: “With this acquisition, SoftProject significantly strengthens its position as a leading European provider of data integration and low-code automation platforms. The strategic fit with Blueway enhances capabilities in data governance, API management, and cross-industry interoperability, accelerating growth in the French market and beyond. Together, the companies are uniquely positioned to support clients with scalable, data-centric solutions that drive digital transformation across sectors. We are excited to support this important step in SoftProject’s journey toward building a pan-European leader leader in digital transformation.”
SoftProject GmbH, headquartered in Ettlingen, Germany, is a provider of Business Process Management (BPM) software. Since its founding in 2000, SoftProject has enabled organizations to digitally transform and automate their business processes using its low-code platform X4 BPMS – model-driven, without programming, and supported by more than 200 standardized connectors. As a trusted partner to over 300 companies across industries – including insurance, manufacturing, and energy – SoftProject delivers flexible automation solutions on-premise, in the cloud, or in hybrid environments. Following its acquisition by Main Capital Partners in July 2024, SoftProject continues its growth story: with more than 150 employees and offices in Germany, Spain, and Switzerland, the company strengthens its position as a mid-market software provider in Europe.
Blueway, headquartered in Lyon, France, is a provider of data integration and management solutions. Since its foundation in 2003, Blueway has supported organizations in connecting applications, managing APIs, and governing their data with its Phoenix platform. Core capabilities include Master Data Management (MDM), Data Catalog, and process digitization, enabling enterprises to improve data quality, ensure compliance, and accelerate digital transformation.Blueway serves more than 200 organizations across France and French-speaking regions, including clients in healthcare, public administration, utilities, and large enterprises. With its strong presence in the French public sector, Blueway has become a trusted partner for mission-critical integration and data governance projects.
Nothing contained in this Press Release is intended to project, predict, guarantee, or forecast the future performance of any investment. This Press Release is for information purposes only and is not investment advice or an offer to buy or sell any securities or to invest in any funds or other investment vehicles managed by Main Capital Partners or any other person.
Nevertheless, the "Try Harder" culture has its dark side. The certification has been criticized for promoting toxic resilience—encouraging students to spin their wheels for days on a single problem rather than seeking help. In professional settings, asking for help is a strength; in the OSCP lab, it is a violation of the honor system. Additionally, the financial cost (approximately $1,600 for 90 days of lab access) creates a socioeconomic barrier, limiting diversity in the offensive security field. The Offensive Security Certified Professional is more than a line on a resume; it is a proving ground. While no certification is perfect, and the OSCP must continue to evolve to cover cloud and API security, its core value proposition remains unassailable. It proves that the holder can do the job.
For the aspiring penetration tester, the OSCP is the crucible that burns away theoretical arrogance and forges practical discipline. It does not guarantee that you are a hacker, but it guarantees that you have learned how to learn. In a digital landscape defined by constant change, that meta-skill—the "Try Harder" spirit—is the only permanent currency. As long as computers have vulnerabilities, the world will need people willing to smash their heads against a keyboard until the system breaks. That is the ethos of the OSCP.
In an industry saturated with multiple-choice exams and theoretical "paper tigers," the Offensive Security Certified Professional (OSCP) stands as a monolith of practical rigor. For over a decade, the OSCP has been the most respected—and feared—entry-level penetration testing certification. Unlike its competitors, which often validate the ability to memorize compliance standards, the OSCP validates a singular, brutal truth: Can you actually hack a machine? This essay explores the philosophy, structure, and impact of the OSCP, arguing that its "Try Harder" ethos makes it not just a certification, but a transformative rite of passage into the world of offensive security. The Philosophy of "Try Harder" The foundation of the OSCP is the "Try Harder" mentality. Created by Offensive Security (now part of SANS Institute), the course rejects the spoon-feeding common in IT education. Traditional certifications provide detailed study guides and predictable lab environments. OffSec provides a PDF, a series of instructional videos, and then drops the student into an isolated, hostile network with approximately 70 vulnerable machines. offensive security oscp
The OSCP is a foundation , not a specialization. A candidate who understands manual SQL injection will learn NoSQL injection in a day. A candidate who mastered manual stack-based buffer overflows understands memory corruption fundamentally, allowing them to pivot to heap spraying or use-after-free vulnerabilities quickly. Furthermore, the inclusion of Active Directory attacks in recent updates (e.g., the "OSCP+" AD set) has modernized the exam to reflect the reality that 90% of enterprise networks still rely on Microsoft AD.
The philosophy dictates that failure is a learning tool. When a student cannot escalate privileges on a specific Linux kernel, there is no immediate hint button. Instead, the student must scour forums, read exploitation whitepapers, and brute-force their own methodology. This process mimics real-world penetration testing, where clients do not provide walkthroughs for their proprietary applications. Consequently, passing the OSCP is not merely a measure of knowledge retention; it is a measure of resilience, Google-fu, and methodological discipline. The OSCP exam is notorious not for technical complexity alone, but for its endurance and holistic nature. The current iteration of the exam (introduced with the "OSCP+" evolution) typically lasts 24 hours, followed by a 24-hour reporting window. Nevertheless, the "Try Harder" culture has its dark side
The exam is a hybrid of Active Directory (AD) exploitation and standalone target compromise. Candidates are placed into a VPN-connected lab environment containing three machines in an AD chain and three independent standalone hosts. To pass, a candidate must obtain a specific number of points (usually 70 out of 100), which requires fully compromising the AD set (40 points) and at least two standalone hosts (20 points each).
However, those who pass emerge with a hardened mindset. They understand that hacking is not about fancy tools or zero-days, but about enumeration, patience, and persistence. This transformation is why the OSCP commands an average salary premium in the industry. It filters for individuals who do not panic when a reverse shell fails or a kernel exploit crashes the system. It proves that the holder can do the job
Compared to certifications like the CEH (Certified Ethical Hacker), which is often derided as a vocabulary test, the OSCP holds immediate weight with hiring managers. In the industry, a candidate with an OSCP is assumed to have spent hundreds of hours in a terminal; a candidate with a CEH is assumed to have read a book. The high barrier to entry of the OSCP creates a unique psychological profile among its holders. The average student spends 200–400 hours in the lab environment, often sacrificing weekends and sleep. The "imposter syndrome" is rampant; many students fail their first exam attempt (pass rates are often estimated between 15% and 30% per attempt).
The challenge is multifaceted. First, the clock is relentless; exhaustion sets in by hour 18. Second, the environment is unpredictable; a buffer overflow that worked in the labs may fail due to memory protections on the exam. Third, the reporting phase is mandatory. If a candidate compromises all six machines but fails to submit a professional report detailing screenshots, exploit code, and remediation steps, they fail the exam. This emphasizes that an offensive security engineer's job is not just breaking systems, but communicating risk effectively. Critics often argue that the OSCP is outdated, pointing to the fact that its curriculum historically focused heavily on public exploits and manual buffer overflows, while modern penetration testing often involves cloud misconfigurations, API hacking, and AI threat modeling. While this critique holds some weight, it misses the point of the certification.
