Passed My CEH Resit. Some Thoughts On The Cert And EC-Council.

Mike7 wrote: »

So if the CBK is unchanged, what has changed from CEHv8 to CEHv9?

I don't remember. That's the version system for the courseware. You'd have to look at v8 course books/outlines and compare to v9 course books/outlines. I believe they dropped 2 modules and added 1 or something like that.

BillV_ wrote: »

This is what I'm referencing. It has not changed.

https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf

You are not answering the question. What has changed from CEHv8 to CEHv9?

They explain the changes here:
CEH: Certified Ethical Hacking course from EC-Council

Mike7 wrote: »

You are not answering the question. What has changed from CEHv8 to CEHv9?

Again. Nothing. The exam has the same blueprint.

BillV_ wrote: »

They explain the changes here:
CEH: Certified Ethical Hacking course from EC-Council

As per your link under section ("What's New"), there are changes from CEHv8 to CEHv9.
Is this not considered a content (aka CBK) change?

Mike7 wrote: »

Is this not considered a content (aka CBK) change?

Correct.

BillV_ wrote: »

Correct.

I see. So CEHv9 has new content from CEHv8.
This is not considered CBK change. As such

BillV_ wrote: »

They haven't changed the "CBK" for the exam so there has been no need for an announcement.

CompTIA handles it differently.

Mike7 wrote: »

Similarly, when CompTIA announced new CASP version (CAS-002), exam takers can choose to take either version before CAS-001 was retired in June 2015.

So there is the "EC Council way".
Thanks for the clarification.

Sure. You're welcome to spin it any way you want. The facts will remain unchanged but I'll make one last attempt to spell it out for you.

1) CEHv9 has new content from CEHv8 - yes, the courseware (separate from the exam) has been updated. This is not considered a change to the blueprint (or "cbk") for the exam because, again, it's a courseware change and not an exam change.

2) I wasn't aware that CompTIA sent out emails each time they added/removed a test question, or decided to move a beta question into the production version of the exam. Please provide some sort of link or evidence of this as I'm curious to see it. The changes you previously provided show changes in percentages of domains on the exam. This is a CBK/Blueprint change (and, appropriately, they made an announcement for it).

I guess the confusion comes about from yours and my definition of CBK.
For example, ISC2 defines CBK as follows

The (ISC)² CBK is a taxonomy - a collection of topics relevant to information security professionals around the world. The (ISC)² CBK establishes a common framework of information security terms and principles which allows information security professionals worldwide to discuss, debate, and resolve matters pertaining to the profession with a common understanding

Based on your EC Council definition, CBK is exam blueprint. CBK is not content or courseware.

BillV_ wrote: »

1) CEHv9 has new content from CEHv8 - yes, the courseware (separate from the exam) has been updated. This is not considered a change to the blueprint (or "cbk") for the exam because, again, it's a courseware change and not an exam change.
.

BillV_ wrote: »

I wasn't aware that CompTIA sent out emails each time they added/removed a test question, or decided to move a beta question into the production version of the exam. Please provide some sort of link or evidence of this as I'm curious to see it.

Neither do I.

Are you referring to brain **** subscription? I was told such services informs subscribers whenever new questions are available. Not a subscriber though.

Anyway, thanks for the clarification. The "EC Council" way is definitely different from how ISC2 and CompTIA do things.

My CEH cert says CEH version 7. I did not use official courseware. If the exam isn't developed from the courseware, then it's pretty clear that vv7 indicates the exam version.

As usual, ECC is full of poo.

And there's not a chance in hell I'm going to pay $80/year to maintain this cert. That wasn't part of the agreement when I took the exam.

colemic wrote: »

My CEH cert says CEH version 7. I did not use official courseware. If the exam isn't developed from the courseware, then it's pretty clear that vv7 indicates the exam version.

This is pre-ANSI. The exam not being developed from the courseware is an ANSI requirement.

colemic wrote: »

And there's not a chance in hell I'm going to pay $80/year to maintain this cert. That wasn't part of the agreement when I took the exam.

Same here. Unless my employer wants to pay for it.

Then how did they get into 8570? I thought ANSI was a requirement to be on that list, and they've been on there for at least 3-5 years.

Same way everyone else got onto 8570 initially I assume. None of those certifications were ANSI compliant when 8570 came out. My guess would be, just as it allowed people time to get certified, they also allowed time for the certification bodies to become compliant. But yeah, the only reason any of them are striving for ANSI is because the DoD wants it. No one else in the private sector cares - and, quite honestly (as can be seen by all of the mess/confusion caused) ANSI makes things more of a pain.

My exam was NOT pre-ANSI. CEH has been ANSI certified since 2012.

[url=http://webcache.googleusercontent.com/search?q=cache:AHUv4HLOuqsJ:www.eccouncil.org/news/ec-council-achieves-ansi-17024-for-cehv8/+&cd=2&hl=en&ct=clnk&gl=us]EC-Council Achieves ANSI 17024 Accreditation for Its Certified Ethical Hacker (CEHv

Certification | EC-Council News[/url]

This page is conveniently not available anymore.

CISSP has been ANSI accredited since 2004. CISA/CISM probably just as long. It is ridiculous to claim that DoD is driving ANSI in certs. EC-Council wants it so they can try to extort more money from cert holders.

You'll note that it says V8. Which doesn't have jack to do with courseware.

eccouncil.jpg

colemic wrote: »

My exam was NOT pre-ANSI. CEH has been ANSI certified since 2012.

www.eccouncil.org/news/ec-council-achieves-ansi-17024-for-cehv8/+&cd=2&hl=en&ct=clnk&gl=us]EC-Council Achieves ANSI 17024 Accreditation for Its Certified Ethical Hacker (CEHv Certification | EC-Council News[/url]

This page is conveniently not available anymore.

CISSP has been ANSI accredited since 2004. CISA/CISM probably just as long. It is ridiculous to claim that DoD is driving ANSI in certs. EC-Council wants it so they can try to extort more money from cert holders.

You'll note that it says V8. Which doesn't have jack to do with courseware.

Huh, yeah. I'm not sure how they made it onto 8570 prior to ANSI then. Looking at the ANSI list, you're right. ISC2/GIAC/CompTIA have all been accredited much longer. Guess you'll have to go ask DoD.

When did you take your exam? Does your certification say ANSI on it? No, it doesn't. So it's not ANSI. You took a CEH exam and earned a certification that says "version 7" which, as you've pointed out, is prior to version 8 when it earned the accreditation.

When certifications already exist and have a versioning system prior to ANSI accreditation, ANSI requires some way to distinguish the accredited version from the non-accredited version (e.g., CompTIA "CE"). Initially, this was "v8" as you've seen. EC-Council made the decision to drop the version number going forward so that all ANSI accredited certification holders are just "CEH" and anyone prior to that would be "CEHv7", "CEHv5", etc. You also get a nice, shiny little ANSI accredited logo of some sort on the certification.

Are you honestly trying to say that anyone really gives a **** about ANSI accreditation? Do you look for only ANSI accredited providers when considering a certification? Does it do anything for you? The answer is [should be] no. The only groups that care (as you've pointed out, they require it) about the accreditation are in the public sector. The government is a big market for all of the certification bodies. For them to fully ignore it would be stupid on their part. Is OffSec accredited? No. Will they be? Not likely. Do they still put out good training and respected certifications? Yes.

You are still, repeatedly, missing the point. v8 is an exam. That is really obvious. Not a training class number. That is why people are getting so bent out of shape. If there wasn't anexam change, why do some just say CEH, and some say CEH v8? They took the same test, right? What's the difference? And who cares if there's a nice, shiny little ANSI logo?

Personally do I care about ANSI? Nope. But it exists to serve a need. ANSI isn't the one causing all of the confusion in this, EC Council is.

ECC Council is a certification mill. I know it, you know it, they know it, so let's acknowledge it for what it is.

And I'm damn sure not giving them any more money to maintain, 'just because.'

Yes, because I don't think you're clearly making your point (as I'm still not sure what it is - but if you can sum up what you're asking/complaining about in a line or two, that'd be great). I've only provided an explanation of what has transpired with EC-Council and ANSI accreditation. How you, and others, choose to interpret it is up to you but all of you seem to be running yourselves in circles trying to find a way for it to make sense the way you want it to be.

EC-Council used to use a version system, yes. These versions, going back to 1 and up to 7 matched for both courseware and exam "version" (even though the exam number, 312-50, never changed). When "version 8" was rolled out, along with it came the ANSI accreditation. At this time, the only ANSI accredited version was "CEH v8" which consisted of both courseware and the updated (from v7) version of the exam. This version of the exam went through all of the ANSI requirements in its creation. At a future point in time, EC-Council decided to drop the version number from the exam and the certification so that, going forward, all ANSI accredited certification holders would be "CEH." This is where you would get the bit of overlap in some people saying they have "CEH" and some saying they have "CEH v8." It's the same concept as you alluded to earlier. You said you took the exam in 2012 after version 8 was out. But, you still took the version 7 exam and earned the version 7 certification. I think this pretty clearly shows that EC-Council did previously allow overlap when new exam versions were rolled out, despite people complaining about lack of announcement and not allowing old versions to be taken. This, as of today, is no longer the case. They have, however, maintained the version number for their courseware. Why? I don't know, as it only further confuses things. It didn't help that you had a certain training center keep the version number on the exam when they weren't supposed to (which is why you saw them drop it so quickly when all of these complaints started happening - that was a mistake on part of the training center, not EC-Council).

"And who cares if there's a nice, shiny little ANSI logo" << Exactly my point?? No one.

And no, I think people are bent out of shape because they failed an exam.

I am not defending EC-Council. I cannot provide you with answers regarding their business decisions. All I can do, as above, is explain what has happened to cause the mess.

Bottom line, it is what it is. You and anyone else has a right to be upset and can complain all you want. Maybe one day they'll make the business decisions that you would like them to make.

For now, on a personal level, I could care less about the issues anyone here has. I'm a bit tired of explaining the same stuff over and over (it's clearly not getting through), and most people want to come and attack me for giving them an answer they don't want to hear because they failed a test.

E Double U

To CEH, or not to CEH. That is the question.

BillV_ wrote: »

Bottom line, it is what it is. You and anyone else has a right to be upset and can complain all you want. Maybe one day they'll make the business decisions that you would like them to make.

For now, on a personal level, I could care less about the issues anyone here has. I'm a bit tired of explaining the same stuff over and over (it's clearly not getting through), and most people want to come and attack me for giving them an answer they don't want to hear because they failed a test.

If so many people have a hard time 'getting it' then perhaps it's the message/explanation that needs to be adjusted. After reading through the other thread, I feel that people have a right to be upset - not because they didn't pass, but because they feel like the goalposts were moved in the middle of the game. Regardless of what you (or EC Council) think, there is some validity to their points and it isn't being addressed to their satisfaction. They aren't asking to have scores adjusted, like after what happened with ISC(2) and the CISSP exam a few years ago where some received passing grades in error.

By broadcasting that you are vice chair of the Scheme/Appeals/whatever the committee is called, you've made it clear that you are, in fact, aligned with EC Council, and you ARE defending them. Knock yourself out, but at least own it. Spades are spades. If you don't like that people don't like your snake oil, go peddle it somewhere else.

lol... okay. I guess I fail to see it because it's still an easy test, regardless of any updates. If you can't pass it, then I don't know what to tell you. I am not defending, and have not defended, any of their decisions, in any of my posts. And yes, people have filed their complaints/appeals to have their scores adjusted.

But, like I said, I don't care and it's not worth my time to post here. Sucks for the people that failed. Good luck to them for filing their complaints. I will no longer address them here or provide any assistance. Feel free to spout out whatever you want in the forums, as I'm sure that will accomplish a whole lot... but thanks for the suggestion, I shall "go peddle my snake oil elsewhere."

...signing off.

GreaterNinja

My Bullshit radar goes off so hard when I read Billv's comments.
Billv supposedly writes the questions and he gives the used car salesmen speeches with no actual numbers to back up his numbers.
Sorry dude, but if you are here as a representative of CEH, then I will absolutely question everything you say.

So far your numbers do not add up. You have no sources. You have no actual stats either. You down play events and significance.
Your ANSI response is full of holes as CompTIA has multiple exams and versions for the same respective A+, Network+, Security+, CASP. In simple English: There are multiple versions of an exam that have time overlap and they still count for the same respective ANSI accredited certification program. Additionally when BillV originally gave the "CEH" has no versions story I found EC-Council had its only ANSI accredited certification specifically registered as version 8. For all I know it probably still is.

One more thing. BillV has not taken the actual exam in a proctored environment. And even if he did now he would obviously know the answers.

As someone who has studied Official CEH V8 courseware and Official CEH v9 courseware and passed the newest CEH exam (Post Oct. 15, 2015) I can tell you for a fact the exam aligns more with the version 9 courseware than real world on the job experience.

Examples: You are expected to know every single variation and parameter of how to use a tool. That comes out to pages of combinations for potential solutions. This is done by labbing and memorization from labs and tutorials and guides. Attack phases, and the other methods? Memorization directed by CEH courseware. It does not exactly align with Industry accepted standards. Knowing every switch and parameter for a tool does not imply you have real world experience. The new CEH exam does stupid stuff like switching industry defined definitions with synonyms that would be found in a thesaurus or taught in the CEH V9 material.

The exam covers ALE/ARO/SLE? and newly developed Risk Management Framework that is still under development. Sorry, but again this aligns with CEH V9 Courseware. Google hacking / Advanced operators? Sure I know a bit, but it still aligns more with the CEH V9 courseware than with real world experience as one really will not know every single Google Advanced Operator syntax and how to specifically use it.

EC Council did a horrible job distributing material and the exam aligns more with V9 courseware than with real on the job experience.

The biggest failure of people like Billv is they take information and restate it like its a assumed truth / postulate of a system. This is how big companies make critical mistakes. Consequently, this is how a bunch of other people screw up. Its just pure idiocracy.

I think the best advice is to not believe a word that BillV says unless he divulges topics the exam covers. EC-Council is a business. Its in their best interest to sell catchy named certifications, reading material, courses, courseware, books, bumper stickers, annual membership fees.

wayne_wonder

Has the ec council tr*ll gone biggest trouble maker ever let's keep on the topic and not give him anymore time

Sch1sm

Another issue I encountered (I didn't mention in my OP because it was still ongoing and as I said the ECC apparently monitor this forum) was trying to get my resit attempt registered on my ASPEN account. I would like to hear from anyone else who passed their exam via proctoru to see if they had a similar experience. My first attempt was at a VUE centre and the result was available to view on ASPEN very quickly (I can't be sure exactly when but I think it only took a matter of hours) but after a day and a bit my new result wasnt there, I emailed the ECC to ask when I can expect it to be updated. I was expecting a reply along the lines of "it's an automated procedure that will take 3-5 working days" which I would have been happy with, however to my surprise the reply asked me to send my exam transcript, the time of my exam and the email address I had used to register with. I found this pretty strange, especially since once you've finished your exam on proctoru they confirm your result has been submitted properly. So, why should I be emailing this information, especially after being the one to initiate contact? Eventually it took over a week and about 5 or 6 very frustrating emails to the ECC to get the result submitted to my aspen account. I'm not exactly sure if this is the standard procedure or not but the impression I got was that the staff had to manually update my records after I had sent them my transcript and details so hopefully someone could clarify the situation or share their experience.

IronmanX

Sch1sm wrote: »

I'm not exactly sure if this is the standard procedure or not but the impression I got was that the staff had to manually update my records after I had sent them my transcript and details so hopefully someone could clarify the situation or share their experience.

This happened to me as well.

Email from EC-Council:
"
Greetings from EC-Council!!

Thank you for your email.

Kindly forward me a copy of your score transcript for authentication purposes and also let us know the following data so that I can find your exact details from our records.

1> Date of Certification
2> Email ID used while registering for the Examination
3> Exam portal name (IBT, APTC, VUE)

Have a nice day!
"

Also after I sent the information:
"Kindly take a note that you will be able to see your online certificate in your account within 7 working days from the date of certification."

It ended up taking 11 working/business days.
So really it did not take that long I just expected it to be pretty much instant.

IronmanX

Wow went back and read through this thread. I just gotta shake my head at the people on this forum.
This is suppose to be a place for professionals in the industry and so many have a hard time with logic and reading comprehension.

I don't know if I should waste the bytes trying to reason with people who clearly just don't get it......
So lets forget about the hey whats changed in CEHv8 course and CEHv9 course and think course equals exam
Or not poke holes in how v7 cert was v7 because that was pre ansi.

Maybe I have not been around on this forum long enough but whats with the un-logical hate?
Lets forget a bunch of people failed who frankly should have failed (I've asked what questions they have had trouble on).

Now everyone is up in arms about the $80 a year.
Where is the logic in that?

I pass the CISSP, Security+ and CEH in 2015.

2016 fees:
CISSP = $85
Sec+ = $49
CEH = $0

2017 fees:
CISSP = $85
Sec+ = $49
CEH = $0

2018 fees:
CISSP = $85
Sec+ = $49
CEH = $0

2019 fees
CISSP = $85
Sec+ = $49
CEH = $80

***plus with CEH they are giving free exam vouchers every CE cycle.

Where is the logic with all this CEH hate. You have a professional here who also volunteers to be on EC Council and the general population of this forum don't have the reading compression to get what he is saying.

I agree there are problems with EC Council but the complaints i see on here come on.... really.
#1. Yes you have to know your Nmap switches.
#2. Yes you have to pay an annual fee to hold a cert, not just an EC Council cert.

GreaterNinja

Well I gotta shake my head at you IronmanX.

I find it funny and suspicious you are constantly posting on every CEH thread like you are the expert of the new CEH 312-50 exam when you haven't even taken the new CEH 312-50 exam.
By your own words, you took the exam back in March 2015. This implies you have taken the older CEH V8 exam and not the new CEH 312-50 exam.

If you haven't taken the new exam, then why are you posting like you are the expert on almost every single CEH thread? Your experience and feelings are no longer as relevant as the people who have actually taken the new exam. Frankly, all you are doing is assuming and speculating.

How am I to respect you and Billv as professionals when I read and analyze what you both write and find no real numbers given, bs statistics (Billv), weak logical connections and even logical contradictions? Do you think your statements or Billv's statements would be very convincing in a business presentation or even in a legal proceeding?

You say I am wrong about the new exam aligning more to the Official CEHv9 Courseware than direct work experience, but you haven't even taken the new exam or EC-Council's Official CEH V9 material. So the simple question is: How do you know?
Because EC-Council has electrolytes?

Seriously, EC-Council is an organization that misspells more words than when I use to drunk text my ex-gf. Just because they state certain things does not mean it is true.

You then go on asserting the issue with some of the people on the forum is about "reading comprehension" as if we are all idiots. I hate to break the news to you but the issue really seems to be that quite a few people here disagree with you or Billv.