8 replies to this topic

[TrueFear]

Hello all,

Just created an account here. I had an account a few years ago before they stopped the registration...probably in 2004 or something like that. At any rate, back then I was all about hacking, and now that I've grown up a little and have had the pleasure of working in the IT industry for a few years, I am more interested in keeping my network secure. I hope to be able to gain some insight and maybe even share some myself.

Ok, so to get started. I am currently in the Army and working as a Network Admin. I have the following certifications.

1) CompTIA A+ IT Tech
2) CompTIA Net+
3) CompTIA Sec+

I also have about 3 DoD certs that are required for my job.

I have completed the coursework for the MCSA and the CCNA but have not taken the exams yet. The reason I'm a little wary of this is because of my end goals. My idea of where I want to be in 5-7 years is in either pentesting, or some sort of ethical hacking. I know they go hand in hand...and that the latter comes before the former. I am currently in classes for the EC Council CEH cert and am curious if this is a good route to take. Even if it is...what comes next? I know what EC Council says comes next...Certified Sec Analyst...then LPT. However, I am interested in knowing what experts in the field have to say on the matter. Any advice, tips, concerns, flames, trolls, and otherwise useful information would be appreciated. Thanks a ton!

[Glyph]

Personally I do NOT recommend the CEH. If you want to go that route look into http://www.offensive-security.com/ for online courses.
You may want to start off with the 'freebie' (http://www.offensive...curity_Training) course, this will give you an indication if you have the gift for that route.
Be Aware, offsec courses are difficult and demanding.
However they are reasonably priced and are much better than the CEH.


My 2 cents.

[TrueFear]

Personally I do NOT recommend the CEH. If you want to go that route look into http://www.offensive-security.com/ for online courses.
You may want to start off with the 'freebie' (http://www.offensive...curity_Training) course, this will give you an indication if you have the gift for that route.
Be Aware, offsec courses are difficult and demanding.
However they are reasonably priced and are much better than the CEH.


My 2 cents.

Roger dodger. The only reason I was opting for that cert is due to the fact that the GI: Bill...(Army) is paying for it so I might as well take it right? Is the CEH soooo bad that it's not even worth having or is the Offsec course just better? Kind of seems odd that the CEH course would be so popular and be completely worthless. Hopefully I can get some more training and continue to research this a little further. I will definitely take a look at the links you gave. Thanks a ton for the info.

[webdevil]

Certs means job and I would say CEH has far more acceptance than the Offsec courses with the HR's.
But since the offsec courses are more hands-on you don't just learn about security but you get to
practice on it.

[TrueFear]

Certs means job and I would say CEH has far more acceptance than the Offsec courses with the HR's.
But since the offsec courses are more hands-on you don't just learn about security but you get to
practice on it.

Thanks for the input. I myself am not well versed on which sec certs are high up on the list, but it does seem like the CEH is at least somewhat respected in the market. I'll probably go ahead and get it since it's free anyway and then we'll go from there.

[Marts McFly]

Yeah CEH doesn't hold much creds as it used to. But if they are paying for you to do it, you may as well. If you want to get serious about a security certification I'd recommend the CISSP. Is more of a management focused view of security but it means you have a holistic view of security and what it entails. It is by no means not technical. The cryptography domain is pretty hardcore if you're not into crypto. But it's really in-depth, and is one of the highest regarded security certs out there at the moment.

Also SANs offers some really good courses which you get certificates for. They are more inline with 'you are certified to hack this type of system'.

[TrueFear]

Yeah CEH doesn't hold much creds as it used to. But if they are paying for you to do it, you may as well. If you want to get serious about a security certification I'd recommend the CISSP. Is more of a management focused view of security but it means you have a holistic view of security and what it entails. It is by no means not technical. The cryptography domain is pretty hardcore if you're not into crypto. But it's really in-depth, and is one of the highest regarded security certs out there at the moment.

Also SANs offers some really good courses which you get certificates for. They are more inline with 'you are certified to hack this type of system'.

Awesome, thanks a lot for the info. I agree that the CISSP is a good cert to get. In the Army it is the cert that they send you to get after you complete the others. I was hoping to get the CEH under my belt before they send me off to one of their CISSP schools. I guess that after those I could probably chill for a while and get more on-the-job training. I know that in the world of security, getting in there where you can get some experience is key. It's hard to find a position without experience and luckily for me, my job requires me to do some hardening, pen-testing(controlled environment), and a lot of the network configurations. I'm hoping that with the certs and the mixture of messing around on my network at home/working on the network at work, I can get enough experience to be proficient.

[TrueFear]

Hey all, just a quick update. I went ahead and took the CEH since it was paid for anyway. I passed, which from what I can tell isn't really saying much. The content is so far out there...I guess I expected more "Ethical Hacking", and a little less "How to Hack 101"....but that's to be expected. In order to stop it, you must know how it's being done.

For anyone who may be thinking about taking it, obviously now that I have seen the lists and know how valuable it is...I would definitely say just try for something else unless you have to have this certification. It is not ranked at the top of the list for security certs and while it is very nice to have under my belt, I feel I would have spent my time better by taking the CISSP. It does feel good to get my first "real" sec cert under my belt though(as I don't consider Sec+ to truly be a sec cert). I am definitely going to pursue the CISSP at this point and then after that, I may go for my LPT cert.

If anyone has more input, advice, or questions regarding the CEH, CISSP, LPT, or any other sec related cert, feel free to comment on here or shoot me a message. Thanks a lot.

[Marts McFly]

Hey mate congrats on pasing the CEH. I found out I passed my CISSP a couple of weeks back so I'm also happy (first security cert as well)

If you are looking for the next step, CISSP is great. But if you want to stay on the 'penetration' testing and defense side of things for the moment, I noticed that the ECSA/LPT looks pretty decent. But when looking through the training material, it did look basic (but more in-deptch than CEH).If you already have your CEH, and are still in the study zone, have a quick look at ECSA, it might be pretty easy for you to get and wouldn't be bad to have either. But you would definately want to aim to get a CISSP at some stage.

Let us know how you get on