14 replies to this topic

[r3v0lt]

I was all set to take the CEH course work, until talking with a buddy of mine. He told me not to bother that "Most companys will laugh at you" if you list the CEH as a ligitimate certification. After looking into course work, it looked rather basic. I know how to use nmap been using it for years, netcat, security linux distro's, and the basics of "hacking", so i decided at that point not to take it. Yet i still wonder if its a credible certification in relivence to the infosec job market. Can anyone clear this up a bit for me?

[Glyph]

This is simply one of the great things about the IT Industry.
You can do your own research and make up your mind from your research findings.
CEH is a Curriculum developed by the 'EC Council'. Their home page can be found at hxxp://www.eccouncil.org/members.htm
Take careful note of the fact that they have very distinguished members of their 'Honorary Council'.
Then investigate the 'Corporate Officers'.
Notice little things like the absence of bio's/pics of same.
Do some research on the domain info.
Query (nslookup) for where it's hosted.

Remember: Sic Caveat Emptor

[gapingvoid]

I would say that it depends on who you're trying to impress. I don't think it is worth very much if you already have the skills. I might have a look instead at the following:

Systems Security Certified Practitioner (SSCP) from ISC2: hxxps://www.isc2.org/cgi-bin/content.cgi?category=98

CISA or CISM from ISACA: hxxp://www.isaca.org

One of the SANS GIAC certs; overview at hxxp://www.giac.org/overview/

Each of these will lead you down slightly different paths for development and opportunities. All are well respected and will get a real look at your resume. The SSCP is perhaps the less known of these. ISC2's premier cert is the CISSP, but you need to have more years of verifiable professional experience to win it. The SSCP cert covers much of the same material and doesn't require as much actual work experience.

There are a variety of training resources for all of these, including books, online training and classrooms.

Best of luck.

[webdevil]

I have the CEH certification myself, but I dont know its worth to be frank. I am still studying and havent tried for a job.

I strongly agree with gapingvoid, You would be better off taking a CISSP or a CISA although they are quite different from CEH (I have my CISSP - Associate of ISC2 in May, since I dont have the 6 years of experience required). What I have understood from the Security Community here in India, CISSP is THE certificate to get!

[jg60533]

The CEH might get you a foot in the door for an interview if your looking for something in InfoSEC. It all depends on the company and the people doing the hiring, you never know what might catch their eye. I've seen many a job listing on the internet referencing the CEH cert with job titles like:

Senior Cyber Analyst
IT Auditor
Vulnerability Assessment Analyst
IT Security Analyst
Security Architect
Security Penetration Consultant
Security Consultant etc....

So I would say to go for it. I don't think having it will hurt, I think the possibility of it getting you an interview alone is worth the time/money spent to get it.

*as a note: I don't have my CEH and have not tried to get a job on that basis so the real value ? I don't know?

-J

[sonea]

CISSP is good for it security

[nrk77]

Its been almost 5months i have been working in Security field
and what i feel is being a CEH is nothing but a cliche nowdays
which has ultimately caused the downfall of the certificate itself.
CEH certification is very basic not so challeging and very easy to get.
Certification's to considering with respect to career growth are GIAC's ,
CISSP,SSCP,CISA/CISM as suggested above.
I don't know how beneficial CPT/LPT(specialised certification) are??

[packet]

I just got my CEH as I'm also supposed to start teaching the CEH class. I did think the cert exam was a bit too easy but I also thought there was a lot of good information in it as well. Possibly for someone who has been working in this field for a while it may just seem too easy as there are lots of basics covered.

Are there any other better certs for penetration testing specifically? The EC-Council did just come out with their more advanced "Certified Penetration Tester" but I haven't read through it yet. SANS has their auditor certs but Auditor != penetration tester. CISSP/SSCP/CISA/CISM are all too general and mostly off topic for penetration testing. So AFAIK this would be the best place to start, then you could go on to the more challenging CPT.

--P>G>>

[evilsonique]

Good time. If any one know where i can take courses to prepare for CEH? Or maybe test quizes?

[cptmike]

I believe the best place to get the certification materials and course (online and DVD) is from quickcert.

I have the CISSP and other certs like ITIL, blah blah..

My opinion is that if it helps you discover things you know and dont know then its worth taking the course and tests.

In our day the more certs you have the better. Many expect us to know everything which is the reason (I believe) the CISSP is so valuable because its multiple areas within security that are important to know and work with.

The CEH is more specific for knowing how to hack, and to protect against it (or at least try to make it more difficult and time consuming for the person trying to break in).

If someone wants in to your system, they will get in eventually. The CEH is helpful if you are using your logging systems and firewalls, etc for forensics.

The materials for the new course are really good and if you are really interested let me know because I got a great price for my pack.

Mike Golf

[phreak0ut]

This is a very hot topic on almost all security forums. I might take up the CEH course soon. Yes, getting a CISSP is a great thing, but if you can't set your foot into the security in some way, then how are you going to pursue a high-level certification? Like jg60533 mentioned, the CEH can get you started, but you have to work your way up and get the top-level certifications.

Recently, I got to view the SANS GSEC study material. I found it quite good and it covers a lot of ground. I feel that even the CEH teaches almost the same things, except for the UNIX part(yes, this is quite crucial, but it's missing in CEH). If the GSEC is giving you more weightage to your resume, you can go for it. Personally, I don't feel CEH is so bad, IMHO.

[Ex0n]

CEH is credible more in the sense of vulnerability testing and network auditing /pen testing etc. CISSP and its bretheren league, are a little more in depth as far as actual design, managment, and upholding of a network, ( Or consider CEH and CPT exams for a proffesional hacker / or pen tester, whatever you prefer, and the CISSP more for someone suiting the field of daily protection of a network, implementations and design structures, more like i guess, a security department manager, rather than a quick hire from a firm etc. ) Best way i can put it anywho...

[Spookie]

The C|EH Cert is pretty much like any other cert it's a fancy piece of paper you hang on the "I Love Me" wall. However what makes the CEH Cert interesting to quite a few employers is the fact that you have an "ENTRY" level cert in the realm of Ethical Hacking! I've seen some CEH classes taught where the primary emphasis was on school work and "theory".

Those individuals I would show the door, Useless in my opinion. The ECC classes hold alittle more weight as the day is mostly book, and hands on in the afternoon/evening till 10-11 PM. You go through buffer underruns/overflows, session hijacking, CPU cycle overloads etc, find hidden networks, and plain ole have fun with your peers.

I would recommend if you take the CEH class you understand the legal aspects of what your being taught, then check out FoundStone and pursue some training their. Setup your own lab, and learn and learn and just when you think you got it you' should realize you know nothing and your quest for information will take you to the four corners of cyberland. Check out the wonders of the bandwidth era, learn, learn and then learn somemore. Pursue other CERTS but you have to decide a path you want to take. InfoSec or NetSec. CyberSecurity is a multi-disciplinary realm but idealy it boils down to those 2 elements.

Just remember in the end a CERT is just a piece of paper. Its the person who holds that paper that helps Management decide wether they are worthy of the big bucks or not.

Some areas for you to look into if your interested is the CWSP, Foundstone Hacking, CISA, CCNA, CCNP, CCIE, Risk Assesment's, interpersonal communication, learning public speaking, NSA IAM/IEM are a few. Best of luck to you in your pursuit.

[jason]

It depends entirely on the job that you're applying for. If the job req requires a CEH and you don't have the right letters on your resume, you might not even make it past the HR resume filter. Same goes for any cert.

[No Dice]

My cheesy Certs to date:

EC-Council Certified Ethical Hacker (CEH)
   EC-Council Certified Security Analyst / Licensed Penetration Tester (ECSA/LPT)
   Offensive-Security Certified Penetration Tester (OSCP)
   Offensive-Security Wireless Penetration Tester (WiFu)
   CompTIA Security+
   CompTIA Linux+
   Managing and Maintaining a Windows Server 2003 Environment (MCP)
   Installing, Configuring, and Administering Windows XP Professional (MCP)
   Implementing and Administering Security in a Windows Server 2003 Network  (MCP)
   T-Berd and Anritsu Site Master Certified (Tessco)
   Information Warfare And Web Security (MCI) System Administrator Security (MCI)

The CISSP is next and I've failed once as it is but the CEH will or may get you an interview. Really depends on how you sell yourself.