Was the CEH worth it? (To All CEH Holders)
Hey Guys/Gals,
I've joined the forums about a month ago, and I am starting to jump into the Security side of IT and am looking for some advice. After reading some great posts from the techexams forum members, I buckled down and got my Sec+ and now I'm deciding on the next plan of action. My first initial path was to get my Sec+, then MCSA:Sec, then CCNA, then CCNA Sec, then CEH. After a bit of research, I realized MSCA:Sec is no longer being offered and many users in the CCNA side say don't get it unless you need it or want to specialize it. So I am thinking of just skipping those and going for C|EH.
After spending a bit more time on C|EH section, I'm realized my members were complaining about the annual price of keeping the cerificate and are celebrating their savings buy having a CEH certification burning party. However, other members said that having CEH on their resume boosted there desirability and got interviews much easier.
I'm currently seeking a job but at the same time trying to learn as much as I can about Security and am going for higher up certs. I applied to a few jobs around Chicago, and haven't had the initial response that I was hoping for so I am thinking of getting another cert. (I know it's only been two weeks, but if feels like forever).
Sec+ was great because it gave me knowledge of the "basics of knowledge". I started C|EH prep and I'm already learning about ARP Poison MITM attacks, Wireshark overview, and more hands experience with the "basics of tools". But my question to CEH members and cert holders is should I invest my time in getting the CEH and spend $550 + annual fees, or should I learn the material and look into another certificate that is more reputable with HR and worth the money in the long run?
At the moment, my goal is to get into the pen testing type of career, but at the moment I would be happy with a Junior level position in networking or security to get my feet wet. I have had 3 years of Mobile Security Consulting, so I am hoping that can be counted as experience for the CEH.
I've joined the forums about a month ago, and I am starting to jump into the Security side of IT and am looking for some advice. After reading some great posts from the techexams forum members, I buckled down and got my Sec+ and now I'm deciding on the next plan of action. My first initial path was to get my Sec+, then MCSA:Sec, then CCNA, then CCNA Sec, then CEH. After a bit of research, I realized MSCA:Sec is no longer being offered and many users in the CCNA side say don't get it unless you need it or want to specialize it. So I am thinking of just skipping those and going for C|EH.
After spending a bit more time on C|EH section, I'm realized my members were complaining about the annual price of keeping the cerificate and are celebrating their savings buy having a CEH certification burning party. However, other members said that having CEH on their resume boosted there desirability and got interviews much easier.
I'm currently seeking a job but at the same time trying to learn as much as I can about Security and am going for higher up certs. I applied to a few jobs around Chicago, and haven't had the initial response that I was hoping for so I am thinking of getting another cert. (I know it's only been two weeks, but if feels like forever).
Sec+ was great because it gave me knowledge of the "basics of knowledge". I started C|EH prep and I'm already learning about ARP Poison MITM attacks, Wireshark overview, and more hands experience with the "basics of tools". But my question to CEH members and cert holders is should I invest my time in getting the CEH and spend $550 + annual fees, or should I learn the material and look into another certificate that is more reputable with HR and worth the money in the long run?
At the moment, my goal is to get into the pen testing type of career, but at the moment I would be happy with a Junior level position in networking or security to get my feet wet. I have had 3 years of Mobile Security Consulting, so I am hoping that can be counted as experience for the CEH.
Comments
On the whole however, CISSP + GIAC certs reign supreme with HR and security departments, from what I can tell.
If you're going for a pen testing spot, they will know the C|EH is a joke. OSCP is more inline with that field.
In the meantime, CCNA/CCNA:S-level knowledge of networking will be extremely helpful for both offensive (red team) and defensive (blue team) security. I would suggest you put your nose in those books/videos and start playing around with Wireshark and Kali linux.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I decided against pursuing the CEH due to the cost and I feel like the education I have been doing from self-study/training classes on Udemy (Cyber Security & Privacy Foundation, Igneus Technologies, IT Security Academy, Infinite Skills) and eLearnSecurity are more than enough with my previous experience in my younger days (via IRC - EFnet/Undernet - mid 90s).
Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
The only real failure in life is not to be true to the best one knows. - Buddha
If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
1) Content - Why try to cover so many tools? They end up discussing the most popular ones and then just mentioning a zillion others. I kind of see it like a cheap buffet: a ton of food but none of it is great. This is not necessarily a bad approach, as it creates awareness of the tools. This ties up with my second issue:
2) I question the cost. Someone here said that this cert should be called Hacking+ and I completely agree with that. To me the $600 fee (if self study) is preposterous. I can think of better ways to use $600 towards furthering my professional skills. For example, eCPPT comes to mind, but it's not as widely recognized by the HR drones as the CEH.
I can only recommend this test if a)you need to check a box such as DOD 8570 or b)someone else is paying for it.
Speaking about the Chicago market, are you specifically looking for a security position?
Thanks for the info everyone.
@cyberguypr
-I see what you are saying and I agree with it. My primary job that I am seeking and applying to are Security related positions but I have been applying to a wide variety of jobs outside of security as well such as network engineer/support analyst/firewall engineer, etc... I am looking to start anywhere that can build my skills and give me experience.
Many of these jobs require some type of specialty in a subject such as Juniper/Cisco/Java so I'm falling out of the criteria during the first round of potential candidates. The farthest I've gotten was for a Security Analyst position and got to the over the phone skills interview but I didn't get to the in person interview. Much of the questions were based on Incident Response Team type events it was by far the best fitting job duties that Sec+ did a great job to prepare me for but I had no experience in QRadar which was one of the requirements.
@Colemic
-Thanks, at the moment I'm looking for high ROI. As far as learning the material, I believe I can learn it within a month of time going over CEH videos and grab a book or two and go through it. I believe the knowledge is great, so I'll rethink getting the cert and go elsewhere.
@JDMurray
-I agree, any cert will make you more desirable, however I'm looking into a cert that can help me in the long run with duties that I will be playing in a job. I will probably look over CEH more extensively down my career path since it is good to have.
@Isud00d
-Thanks for the great response, I believe the CCNA is my next cert that I'll be going for. As far as knowledge goes, I believe this will be the best one to get certified in as many jobs that I looked at require CCNA or CCNP. Should I go for CCNA and wait 3 years to get the CCNA sec+ as a renewal or should I get both back to back?
@emerald_octane
-Wow I def agree with you. Being able to say you are a certified (ethical) hacker is a great ice breaker in any circumstance. Now that people are becoming more aware of the dangers, they want to learn more about it. It's crazy how the news, and media are all directing their attention to cyber warfare in the last year or so. Sony get threatened by North Korea, Chase has a breached and over half (I believe) of the clients have their P.I. get leaked leading to the loss of confidentiality, Target announces CC's have been compromised and give a year subscription to theft protection, and it goes on.. threats are no longer weapons of mass destruction, but a team of hackers who are capable of infiltrating sensitive data...