Certified Ethical Hacker Self Study Options to Sit For Exam (No Experience)

Hello,

I had read somewhere on this forum about self study options for the CEH exam. I'm not at all qualified to sit the exam from experience and I can't (and won't) pay 3 grand for a class. that being said I know there are self study options (A thread I can't find anymore made mention of $600 or so for training) Does anyone have any idea of on-line self paced training that is accepted (and at least somewhat affordable) to meet the requirements to take the exam?

*Adding an additional question*

So, if in fact I have no other choice but to take the 'official' training because I don't have the 2 years of experience instead of doing the on-line Ilearn stuff (that costs 1900 and is self paced) I could use the remainder of my GI Bill (only have two months left) to cover the 3 grand for the class & test. I would have studied Security+ for 4 weeks and will sit for the exam on 2/24 (in 3 weeks). The certified ethical hacker class starts 3/30 and runs 5 days. My question is, do you think its feasible (and is it a common occurrence) for people to go straight from Security+ to CEH? If i decide to do this i'll more thank likely go the SSCP and CISSP route via self studying after CEH.

Thanks!

-Travis

Find more posts tagged with

Comments

cyberguypr

You may be confused. I think the $600 you mention are the $500 for the exam plus the $100 application fee. This is what those who don't want to pay for the training go with. In your case, since you don't have the experience you only option is paying for training.

What I have to ask is, what is your goal by taking this test? I can't fathom paying for this exam or course unless you have a very specific need like 8570 compliance or job requirement.

See this thread: http://www.techexams.net/forums/ec-council-ceh-chfi/101726-ceh-experience-requirement.html

orlandofl

I think you're absolutely right...I was thinking there was a $600.00 course..but it may have been the exam and fee for those that are already qualified doing a self study.

My overall goal is to be as 8570 compliant as I can be. I want to either work for or contract with the feds here in central FL and/or possibly the DC area if the move becomes a reality in the coming years. I was going to use the remainder of my GI bill to pay for the CISSP test (they will reimburse me) when I get around to study and taking it. I'll have my undergrad degree completed within the year and want to be able to check as many DOD boxes as possible.

I understand it's expensive and read the reviews stating the exam isn't the most technical and the high cost of keeping it up, but what can you do? Gotta play the game right? by April I hope to have Net+, Security+ and CEH (if i got that route)..then work on the SSCP with the CISSP being my ultimate goal <I hope to be ready to sit for CISSP around the same my degree is completed>

I just wanted to make sure that it's a realistic idea to come from Security+, self study for a month (Walker's book, CBT nuggets), then take the official 5 day class and be prepared to sit for CEH exam. (While the GI bill will cover this..My Uncle-Sam trust fund...will be completely dry..sort of a last hurrah... any exam retakes would be coming out of my pocket)

-Travis

H3||scr3am

http://www.techexams.net/forums/ec-council-ceh-chfi/107614-udemy-ceh-training-series-15-a.html

I made a thread about some self directed lectures on sale for $15 (not sure if they still are), but yes you can certainly selfstudy for the CEH, there are books, and videos, and courses, etc. that you can take to prepare yourself for the exam.

orlandofl

Thank you H3||scr3am !

*Update* The LEARN15 promo code still works...at least for now...regular price $99....just paid $15

H3||scr3am

No problem, let me know how the course is

I picked it up too, but haven't gotten to it yet, it's a bit far back in the Queue at this point

Linux+ next (Last CompTIA cert for a few years

CASP someday perhaps), then CCENT/CCNA/CCNA:S then my Bs. IT-Sec, then maybe if I finish that midway through a semester I'll jump into the Masters in Information Security Assurance and take the CEH/CHFI... but until then I have other focuses

orlandofl

cyberguypr

What I have to ask is, what is your goal by taking this test? I can't fathom paying for this exam or course unless you have a very specific need like 8570 compliance or job requirement.

So I have to ask...if not CEH in your opinion...OSCP perhaps? Do think a novice could complete the Kali Linux pen testing course and pass the exam...within a month? <or is this just a really terrible idea?

-Travis

H3||scr3am

OSCP in a month with no prior experience, I'd say not a chance.

colemic

I think it's great you have an overall goal, but you need to be a little more specific - in which specific field do you want to work? For example, CNDSP positions are pretty much covered by CEH (and the one that isn't, with no specific industry experience, you aren't qualified for (but that's ok!)

Keep in mind though that CNSP stands for Computer Network Defense Service Provider - jobs in this category are not nearly as plentiful (or even available) as those in the IAT and IAM categories, especially for those who are thin on InfoSec experience.

Your best bet going forward is Security+, then work towards CISSP. Earning that gives you 5 years to obtain the required experience, but DoD only looks at test results - a pass is a pass, so if you pass the exam, you are technically qualified for a position that requires a full CISSP (not associate).

After that, I would look at CEH, if it is still the arena you want to get into. (Disclaimer: I hate EC-Council, but currently hold two certs.) Personal feelings aside, I really feel there are more effective certification routes for you, than focusing on the CEH first.

Just my .04 (.02 adjusted for inflation)

orlandofl wrote: »

I think you're absolutely right...I was thinking there was a $600.00 course..but it may have been the exam and fee for those that are already qualified doing a self study.

My overall goal is to be as 8570 compliant as I can be. I want to either work for or contract with the feds here in central FL and/or possibly the DC area if the move becomes a reality in the coming years. I was going to use the remainder of my GI bill to pay for the CISSP test (they will reimburse me) when I get around to study and taking it. I'll have my undergrad degree completed within the year and want to be able to check as many DOD boxes as possible.

I understand it's expensive and read the reviews stating the exam isn't the most technical and the high cost of keeping it up, but what can you do? Gotta play the game right? by April I hope to have Net+, Security+ and CEH (if i got that route)..then work on the SSCP with the CISSP being my ultimate goal <I hope to be ready to sit for CISSP around the same my degree is completed>

I just wanted to make sure that it's a realistic idea to come from Security+, self study for a month (Walker's book, CBT nuggets), then take the official 5 day class and be prepared to sit for CEH exam. (While the GI bill will cover this..My Uncle-Sam trust fund...will be completely dry..sort of a last hurrah... any exam retakes would be coming out of my pocket)

-Travis

orlandofl

OSCP in a month with no prior experience, I'd say not a chance.

that's sort of what I figured...thank you for the clarification..

-Travis

orlandofl

I think it's great you have an overall goal, but you need to be a little more specific - in which specific field do you want to work? For example, CNDSP positions are pretty much covered by CEH (and the one that isn't, with no specific industry experience, you aren't qualified for (but that's ok!)

Keep in mind though that CNSP stands for Computer Network Defense Service Provider - jobs in this category are not nearly as plentiful (or even available) as those in the IAT and IAM categories, especially for those who are thin on InfoSec experience.

Your best bet going forward is Security+, then work towards CISSP. Earning that gives you 5 years to obtain the required experience, but DoD only looks at test results - a pass is a pass, so if you pass the exam, you are technically qualified for a position that requires a full CISSP (not associate).

After that, I would look at CEH, if it is still the arena you want to get into. (Disclaimer: I hate EC-Council, but currently hold two certs.) Personal feelings aside, I really feel there are more effective certification routes for you, than focusing on the CEH first.

Just my .04 (.02 adjusted for inflation)

I appreciate your reply. What I really want to do is in the IAT arena ( and eventually IAM)...but I also have a personal interest in network exploitation and would like to do one of 'hacking' certs (wouldn't hurt to be able to check the CNSP box either) Really I just wanted CEH to be an additional skill set, i'm not entirely sure I'd like to pen test for a living, just wanted to learn and validate the skills.

I sit for Security+ exam on the 24th of this month, I knew that was sort of the defacto entry level cert for security and wanted to get it done. I have the month of March to study and sit for one additional exam (fresh off Security+), then it's back to reality (work).

I'd really like to get a IAT I or II level security-ish role either with DOD or as a contractor..something I can grow with. I intend on giving CISSP a good 6 months of studying before attempting..it's just trying to find this one cert for March that could do the most good on a resume to help get me that first InfoSec position that's killing me.

-Travis

PJ_Sneakers

orlandofl wrote: »

I intend on giving CISSP a good 6 months of studying before attempting..it's just trying to find this one cert for March that could do the most good on a resume to help get me that first InfoSec position that's killing me.

-Travis

Finish your Security+ and reassess at that point. You can't even get the CISSP yet without five years of verifiable work history or a sponsor. You might want to look at the GIAC certifications if you are lacking the work history at this time and really want to continue the security certs.

thehayn1

Travis have you read the actual DoD 8570 guide? In most cases a Sec+ will cover you for DoD 8570 compliance. The only jobs that require higher than Sec+ are IAM level III.

http://iase.disa.mil/iawip/Pages/iabaseline.aspx

DevilDawg

Cybrary - Free Online IT and Cyber Security Training, Forever! has a free CEH course along with many other free courses and soon they have Malware Analysis / Reverse Engineering Training and as I said before all classes are FREE

mjsinhsv

orlandofl wrote: »

Thank you for your reply. I have looked at the DoD 8570 guide. It appears Security+ covers a tech for IAT level II and IAM level I positions. I was trying to cover my bases for the CNDSP and IAT III positions in the event I find an opportunity that works for me. I'm hoping with experience, my bachelors, and IAT level III certs i'll be able to snag a level III job. maybe a couple of years of that and i'll move into management. (at least in a perfect world)

Regards,

-Travis

You may need to get some experience before going after a level III. As a contractor anyway.
You may want to look at civilian jobs. They would give you extra points as a VET if you went that route.

DevilDawg

Are you a Military Veteran ?

beads

orlandofl wrote: »

Thank you for your reply. I have looked at the DoD 8570 guide. It appears Security+ covers a tech for IAT level II and IAM level I positions. I was trying to cover my bases for the CNDSP and IAT III positions in the event I find an opportunity that works for me. I'm hoping with experience, my bachelors, and IAT level III certs i'll be able to snag a level III job. maybe a couple of years of that and i'll move into management. (at least in a perfect world)

Regards,

-Travis

Travis;

Clearly easier to pay for additional training once you have successfully transferred to a civilian contractor or DoD position. Don't worry too much at this point on reaching the senior goal in fell swoop. There are lots of empty suits and paper CISSP's out there not worth the effort they put into cheating the exam and the community as a whole.

Start by finishing the Security+ exam and securing employment first. First hand experience with VA benefits etc is that it always takes longer than anticipated. Get that initial training done first; additional training second; third build some real credibility in the field for your own satisfaction. You may find that keeping up on this industry is much harder than simply getting one or two "little certs". To be truly effective in this industry you really need to "marry" this career field. That means most of your free time will be investigating more interesting security tidbits after work, weekends even standing in check out lines. Its a never done learning kind of field and I have seen many people try to break in only to be sidelined months later as they just don't want to keep the frenetic pace up. The industry changes every hour or less. Check out my twitter feed, lol.

Keep in mind that SANS Institute courses are taught at the college senior and mostly at the Graduate level. OK a bit easier than many of my undergrad courses but I've seen alot of easing of academics as of late. Where's the hard courses, anyway? Too much of this stuff is WAY to easy to be considered college graduate level any more.

Final thought. Check out getting a four year degree in anything but security. Really about the last major I ever want to see. Reason is that its already out of date well before you graduate and chances are it will sound archaic in a decade (*suckers*). But, the four year will teach you high to read, write, speak and interact with people in hopefully a business professional way.

Don't limit your GI Bill to just certs and training.

- b/eads

orlandofl

Are you a Military Veteran ?

Yes, I am. It would appear you are as well given your screen name. Always good to meet fellow vets.

-Travis