Was the CEH worth it? (To All CEH Holders)

Hey Guys/Gals,

I've joined the forums about a month ago, and I am starting to jump into the Security side of IT and am looking for some advice. After reading some great posts from the techexams forum members, I buckled down and got my Sec+ and now I'm deciding on the next plan of action. My first initial path was to get my Sec+, then MCSA:Sec, then CCNA, then CCNA Sec, then CEH. After a bit of research, I realized MSCA:Sec is no longer being offered and many users in the CCNA side say don't get it unless you need it or want to specialize it. So I am thinking of just skipping those and going for C|EH.

After spending a bit more time on C|EH section, I'm realized my members were complaining about the annual price of keeping the cerificate and are celebrating their savings buy having a CEH certification burning party. However, other members said that having CEH on their resume boosted there desirability and got interviews much easier.

I'm currently seeking a job but at the same time trying to learn as much as I can about Security and am going for higher up certs. I applied to a few jobs around Chicago, and haven't had the initial response that I was hoping for so I am thinking of getting another cert. (I know it's only been two weeks, but if feels like forever).

Sec+ was great because it gave me knowledge of the "basics of knowledge". I started C|EH prep and I'm already learning about ARP Poison MITM attacks, Wireshark overview, and more hands experience with the "basics of tools". But my question to CEH members and cert holders is should I invest my time in getting the CEH and spend $550 + annual fees, or should I learn the material and look into another certificate that is more reputable with HR and worth the money in the long run?

At the moment, my goal is to get into the pen testing type of career, but at the moment I would be happy with a Junior level position in networking or security to get my feet wet. I have had 3 years of Mobile Security Consulting, so I am hoping that can be counted as experience for the CEH.

Find more posts tagged with

Comments

emerald_octane

I like it and will continue to hold it. I think the most important aspect of becoming a CEH was going through the official iClass materials (which are great CBT). The cert just solidified what I already knew and learned. It's definitely, without a doubt, my most controversial cert. I can sit there and wax poetic about this "Certified Information Systems Security Professional" thing and how it takes 5 years and $$$$ dollars to obtain and maintain, but the average layperson's interest is piqued when they find out i'm a "certified ethical hacker". Eventually the "ethical" portion is dropped and suddenly i'm being introduced to family and friends as a "certified hacker". In the age of mainstream hollywood shows such as "Scorpion" and the new "Blackhat" movie, credit card breaches and icloud "hacks", it's a great conversation starter.

On the whole however, CISSP + GIAC certs reign supreme with HR and security departments, from what I can tell.

lsud00d

I'm not the target audience since I don't have a C|EH, however I did study for it (read a book) and in the end realized it's a slightly more difficult Security+ and not worth the exorbitant fees from a lackluster corporation. The only value I see in it is if you are going for a job with DoD directives and this qualifies for something that S+ doesn't or if it's specifically mentioned in a job requirement.

If you're going for a pen testing spot, they will know the C|EH is a joke. OSCP is more inline with that field.

In the meantime, CCNA/CCNA:S-level knowledge of networking will be extremely helpful for both offensive (red team) and defensive (blue team) security. I would suggest you put your nose in those books/videos and start playing around with Wireshark and Kali linux.

JDMurray

Any certification is worth getting if it gets you interviews for the jobs you want or allows you to keep the job(s) that you have. I teach a CEH class using the official material, so having and keeping the CEH cert is vital for me. The CEH material is good to know even if you don't get the cert.

fuz1on

Thanks for the great info! I'm currently transitioning to a security specialization and have the CASP (just passed Sec+ and Cloud+) already scheduled in less than 2 weeks. I also plan on CISSP but not until summer (trying to get more experience) so I was really pondering whether CEH was worth it but everyone I ask (or have read about) always seems to truly appreciate the training and certification *edit* or they're indifferent.

(need to learn to finish my sentence)

I decided against pursuing the CEH due to the cost and I feel like the education I have been doing from self-study/training classes on Udemy (Cyber Security & Privacy Foundation, Igneus Technologies, IT Security Academy, Infinite Skills) and eLearnSecurity are more than enough with my previous experience in my younger days (via IRC - EFnet/Undernet - mid 90s).

colemic

For the CEH, it really does seem to be hit or miss. Some people seem to really value it, and JDMurray is a good example of that, while others feel that it just doesn't deliver the value that it should, especially for the cost. Like JDMurray said, it does provide some technical knowledge that is useful in real life; it's up to you to decide if you think it will open doors for you/give you an edge in competing for a position. In my personal experience, it has not provided a ROI equivalent to the cost of the cert, so I will probably not be renewing it.

cyberguypr

I'm on the same wagon as Colemic. I've seen people very pleased with what they got out of the cert. Others, not so much. I have two main issues with this test:

1) Content - Why try to cover so many tools? They end up discussing the most popular ones and then just mentioning a zillion others. I kind of see it like a cheap buffet: a ton of food but none of it is great. This is not necessarily a bad approach, as it creates awareness of the tools. This ties up with my second issue:

2) I question the cost. Someone here said that this cert should be called Hacking+ and I completely agree with that. To me the $600 fee (if self study) is preposterous. I can think of better ways to use $600 towards furthering my professional skills. For example, eCPPT comes to mind, but it's not as widely recognized by the HR drones as the CEH.

I can only recommend this test if a)you need to check a box such as DOD 8570 or b)someone else is paying for it.

Speaking about the Chicago market, are you specifically looking for a security position?

DeZi xP

cyberguypr wrote: »

I'm on the same wagon as Colemic. I've seen people very pleased with what they got out of the cert. Others, not so much. I have two main issues with this test:

1) Content - Why try to cover so many tools? They end up discussing the most popular ones and then just mentioning a zillion others. I kind of see it like a cheap buffet: a ton of food but none of it is great. This is not necessarily a bad approach, as it creates awareness of the tools. This ties up with my second issue:

2) I question the cost. Someone here said that this cert should be called Hacking+ and I completely agree with that. To me the $600 fee (if self study) is preposterous. I can think of better ways to use $600 towards furthering my professional skills. For example, eCPPT comes to mind, but it's not as widely recognized by the HR drones as the CEH.

I can only recommend this test if a)you need to check a box such as DOD 8570 or b)someone else is paying for it.

Speaking about the Chicago market, are you specifically looking for a security position?

Thanks for the info everyone.

@cyberguypr
-I see what you are saying and I agree with it. My primary job that I am seeking and applying to are Security related positions but I have been applying to a wide variety of jobs outside of security as well such as network engineer/support analyst/firewall engineer, etc... I am looking to start anywhere that can build my skills and give me experience.

Many of these jobs require some type of specialty in a subject such as Juniper/Cisco/Java so I'm falling out of the criteria during the first round of potential candidates. The farthest I've gotten was for a Security Analyst position and got to the over the phone skills interview but I didn't get to the in person interview. Much of the questions were based on Incident Response Team type events it was by far the best fitting job duties that Sec+ did a great job to prepare me for but I had no experience in QRadar which was one of the requirements.

@Colemic
-Thanks, at the moment I'm looking for high ROI. As far as learning the material, I believe I can learn it within a month of time going over CEH videos and grab a book or two and go through it. I believe the knowledge is great, so I'll rethink getting the cert and go elsewhere.

@JDMurray
-I agree, any cert will make you more desirable, however I'm looking into a cert that can help me in the long run with duties that I will be playing in a job. I will probably look over CEH more extensively down my career path since it is good to have.

@Isud00d
-Thanks for the great response, I believe the CCNA is my next cert that I'll be going for. As far as knowledge goes, I believe this will be the best one to get certified in as many jobs that I looked at require CCNA or CCNP. Should I go for CCNA and wait 3 years to get the CCNA sec+ as a renewal or should I get both back to back?

@emerald_octane
-Wow I def agree with you. Being able to say you are a certified (ethical) hacker is a great ice breaker in any circumstance. Now that people are becoming more aware of the dangers, they want to learn more about it. It's crazy how the news, and media are all directing their attention to cyber warfare in the last year or so. Sony get threatened by North Korea, Chase has a breached and over half (I believe) of the clients have their P.I. get leaked leading to the loss of confidentiality, Target announces CC's have been compromised and give a year subscription to theft protection, and it goes on.. threats are no longer weapons of mass destruction, but a team of hackers who are capable of infiltrating sensitive data...