CEH or SSCP

bharath917bharath917 Member Posts: 17 ■□□□□□□□□□
Hi All,

I am CCNA Security certified and last week i finished JNCIS(Juniper) Security. I have 3 years of experience in system administration and 1 year experience in network security. Now want to take a break from vendor specific Certification. I am interested in technical concepts of Security.Should i go for CEH or SSCPicon_confused.gif:
Some people say we should read CISSP book for SSCP. But i am not interested in CISSP because it is related to management. Some ppl says CEH just teaches how to use tools. Please suggest....

Comments

  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    I'd go for the CEH, primarily because it is more recognized than the SSCP.
    I am a Jack of all trades, Master of None
  • bharath917bharath917 Member Posts: 17 ■□□□□□□□□□
    Thanks for your response, i am happy with my current job as Network Security Engg and i am not bothered about recognization
    , just need info about which gives more knowledge.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    I don't see the point of CEH for most people unless they are trying to pad their resume or get introduced into pen testing. Maybe I'm wrong there.... Or maybe by technical security concepts you want to learn some pen testing? Definitely couldn't hurt and could be interesting than.

    I think CISSP teaches a lot of good security standard practice and procedures. Yes, it done on a management point of view but its still good and relevant information to know for anyone dealing with security. That is why I will be going for the CISSP later this year. And that is why you see it on every other IT Security job posting.

    Gratz on the networking security certs btw! icon_thumright.gif
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    Any cert will grant you knowledge, if you want some hardcore technical certs, try: Offensive Security Certified Professional (OSCP), Wireshark Certified Network Analyst (WCNA), Red Hat Certified Systems Administrator (RHCSA), etc.
    I am a Jack of all trades, Master of None
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    Can't really go wrong with CEH or SSCP, you'll learn cool stuff from both.

    Don't listen to the crowd that says "CEH just teaches you tools". They can't see the forest through the trees. You USE tools to DO things that APPLY technical security concepts, and in doing so, you learn 2 very valuable things:

    - Common vulnerabilities, recon/exploitation tactics, and mindset of an attacker (Red Team)
    - System hardening and countermeasures to defend against common attacks (Blue Team)

    Also, bear in mind, most people who pursue CEH just want the certificate. The problem with that is, you can pass the exam by merely wading knee-deep into the curriculum. Few go into the deep end. As with anything, with CEH you get back what you put into it.

    I haven't attempted SSCP but I'm a CISSP and I know that SSCP is more focused on technical hands-on infosec skills and knowledge. There's a good bit of overlap between the two but you'll learn more diverse areas of security with SSCP whereas CEH is more red-team vs blue-team stuff.

    Another cert that is in the same ballpark as SSCP and CEH is CompTia CASP. Just a thought.

    Think of SSCP as being between Sec+/GSEC and CISSP, and think of CEH as a prep course for ECSA/GCIH/GCIA (blue-team) or OSCP (red-team).
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Unless you become a pentester...guess what? You will probably use a lot of tools because it expedites the process since many companies don't have the time or money for you to sit there and develop zero-day exploits. With that being said, the tools you learn are relevant and the CEH can provide a good foundation of ethical hacking (especially if you move on to certifications like OSCP).

    From what I have seen, the SSCP seems to still be conceptual but more for the practitioner, not the manager.

    Something to consider...you might not be able to take the CEH with only one year direct information security experience. The requirement is two and I do not know if they will count your other experience (and you would end up having to take the more expensive bootcamp), whereas the SSCP only requires one year experience.
  • bharath917bharath917 Member Posts: 17 ■□□□□□□□□□
    Thanks for your inputs :)
  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    I couldn't agree more. That's why I chose to earn SSCP directly after Security+. I want to continue on the practitioner side of things. I had started working on CISSP but decided that I needed to focus on growing my technical skills (building a home lab and learning tools). I'll get back into CISSP eventually.

    I actually used a CASP study guide to help prepare for the SSCP exam, and it helped a lot. CASP is relatively new, but it looks like a good direction for the security practitioner.
    renacido wrote: »
    I haven't attempted SSCP but I'm a CISSP and I know that SSCP is more focused on technical hands-on infosec skills and knowledge. There's a good bit of overlap between the two but you'll learn more diverse areas of security with SSCP whereas CEH is more red-team vs blue-team stuff.

    Another cert that is in the same ballpark as SSCP and CEH is CompTia CASP. Just a thought.

    Think of SSCP as being between Sec+/GSEC and CISSP, and think of CEH as a prep course for ECSA/GCIH/GCIA (blue-team) or OSCP (red-team).
Sign In or Register to comment.