CEH Worth Doing?

Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□

Guess I am half looking to get back into the cert game, so nervous more than anything else,

Debating if I should take the CEH or not. Noticed the version just jumped to version 9 and not sure if the training material has matured enough for me to work off of. And I remember finding the pre-tests to be more esoteric and just frustrating. But the boss just asked me why I never bothered to cert up, and now i feel obligated. Looking for a yes/no from this forum with some 9.x materials recommendations? How do CEH hacker courses online measure up these days?

--- Background ---
Certs all earned w/o cheats (proud of that!)
MCSE Security
CCNA Security
Cisco Firewall Specialist

Formal classes:
In Redhat Security, Kali Linux, Pen Testing, Nmap, Puppet Security, Python Secure Programming, Juniper Security classes and attended a handful of security confs.

~5 years, 20+ projects including SOX, PCI and data gathering for formal investigations for LE.
OS hardning (patching, HIDS/HIPS, AV, FIM)
Security automation
Firewall and NIPS experience (snort , Juniper and cisco)
SIEM management, Application stack hardening, plenty of hours using Kali, NMAP and some closed source paid solutions

My job had me take informal CEH 7.0 and 8.0 classes over the years. But I really never had an urge to cert up because of sorta random nature of the cert. And I've never really seen any demand from employers. But if the boss is paying ... go/no go? Materials recommendation?


  • No_NerdNo_Nerd Banned Posts: 168
    I would do it just to check the box. I see you have Kali and NMAP listed up there so you might as well go get the CEH just my .02
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■□□□□□
    Is there a specific reason for CEH? If they are paying the official courseware is what I would opt for and that way you get labs. With your background I don't see it being much of an issue...although a GIAC certification might be better suited for you.
  • Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    Yeah, it's a no brainer. Guess I am nervous about playing the pass/fail game again. I've failed sooo many cert to the tune of thousand$. I hate getting money from the boss only to fail. Even worse when it's your own.

    Okay man up and schedule!
  • stephens316stephens316 Senior Member Member Posts: 203 ■■■■□□□□□□
    No its not worth it Take a SANS Class more respected than EC-Council
    Current Studying : GPEN |GCNF|CISSP??
    Current Reading : CISSP| CounterHack|Gray Hat Hacking
    Completed 2019 : GCIH
    Free Reading : History Books
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■□□□□□
    No its not worth it Take a SANS Class more respected than EC-Council
    You are working off the assumption his employer will pay $5,000 for the course...kinda funny to say it's not worth it when you have CEH in your future goals.
  • gncsmithgncsmith Senior Member Member Posts: 459 ■■■□□□□□□□
    Good luck (yes, take the course if employer's paying for it) and let us know how you do!
  • chrisonechrisone Senior Member Member Posts: 2,006 ■■■■■■■■■□
    Yes CEH is worth it.

    Anything is worth it, if it will help you get a better job and pay. Also the fact that CEH is non-lab, does not mean you will not learn anything. Besides, technically you should lab anything you learn regardless if the exam is lab oriented or not.

    Then it is up to you how to use the knowledge from CEH in order to help you with another certification goal, such as a SANS, OSCP, elearn certification.
    Certs: CISSP, OSCP, CRTP, eCPPT, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), eLearnSecurity: WAPTv3 (in-progress), eLearnSecurity: IHRP (completed), BlackHills InfoSec: Breaching the Cloud
    Certs: VHL: Advanced+ (completed), OSCP (completed), SLAE32, OSCE, AZ-500 (in-progress), MS-500, eLearnSecurity: eWPT, eLearnSecurity: eCIR (in-progress)
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    No its not worth it Take a SANS Class more respected than EC-Council

    Most of us do not have an employer with the budget or willingness to pay for SANS training/certs. For most of us outside of the defense and federal govt sectors, SANS and GIAC are not in our training budgets. Hell, I have a hard enough time getting my boss to set aside time for on-site training that was bundled with licensing. Enjoy the benefits of 8570 while you can...

    Also, do a search for CEH and another for GPEN on job boards...CEH easily more recognized than GPEN/GCIA/GCIH...SANS has a better rep than EC-Council within the infosec community perhaps...but the certs mostly serve as SEO for your electronic resume. If it's a large SOC or maybe an MSP GIAC might give a slight advantage over CEH/ECSA/LPT, but the GIAC path costs double or triple what it costs to get LPT.

    Most pentesters say the OSCP is the most valid of them all by far for their line of work.
Sign In or Register to comment.