Wanna get EC-Council CEH? Think again.
Comments
-
Trashman Member Posts: 140Read the books first and then I attended a $2400 official boot camp late last year in a foreign country and I passed the exam on the last day of the training.
The CEH exam is indeed pricey, no doubt and one should not brag about this cert (fancy name though!), but I had a good experience studying for this cert, meeting new tech people in a different country and the instructors were knowledgeable.
Learned a lot and had great fun.
No complaints really.
Don't know if EC-Council has changed things over time, but this is for sure a harder exam than Sec+.Bachelor of Science in Information Systems
2015 COLOR=#008000]X[/COLOR | 2016 COLOR=#ff8c00]In progress[/COLOR | 2017 | 2018 -
renacido Member Posts: 387 ■■■■□□□□□□My two cents...
I have 15 years infosec experience but was always in the net-defense, incident response, auditor, security manager, security engineer/architect, SOC lead roles. Always on defense. C|EH gave me a solid look into the attacker's mindset and a better understanding of their tactics. Good ROI for network defenders, infosec managers, etc. But not a one-and-done cert for full-time pentesters. But for pentesters C|EH has a place in the development track. One I would suggest for pentesters is:
Net+, CCNA, MSITP, Linux+ (or 1 year IT experience)
Sec+/GSEC (or 2+ years doing security full-time)
C|EH/GPEN
Training (cert or not) in programming/scripting languages (javascript, C, Java)
O'Reilly Python cert
OSCP
OSCE
For infosec, the track my analysts are on is:
- Pre-reqs for new hires:
Net+, CCNA, MSITP, Sec+, GSEC, or CS/IT degree
2+ years full-time IT experience
**Experience and behavioral interview trumps all the above.**
- Vendor-specific security certs for tools we use
- C|EH or GPEN
- E|CSA or GCIH/GCIA
- Forensics cert if desired
- Advanced pentesting certs if desired
- CISSP
Understand that C|EH is for learning the essential tools, tactics, and procedures for running a pentest as a member of a Red Team / Tiger Team. Will it make you a master security researcher who can find zero-days in enterprise technologies? Of course not. When I read comments that C|EH "makes someone a script kiddie, not a hacker" I disagree. It makes them a beginner ethical hacker. Script kiddies just throw jello at the wall and see what sticks. Ethical hacking is more than being able to write your own shell code. It is assessing threats, vulnerabilities, recommending ways to harden the network to prevent exploitation. I don't care how many capture the flag contests you win, I don't care if you can nuke my datacenter by whistling into a telephone, if you can't explain how you penetrated a network and recommend remediations, you are worthless to me. Just my perspective.