Options

Thinking of doing CEH+ECSA then LPT?

twetwe Member Posts: 10 ■□□□□□□□□□
Hi guys,

I have been looking into doing a CEH and ECSA course. But was wondering about LPT afterwards?

It seems like it is an online test only through EC Council themselves? Is that correct?

https://cert.eccouncil.org/lpt-application-form.html


What do people think of this route?

Comments

  • Options
    twetwe Member Posts: 10 ■□□□□□□□□□
    I was also going to take Comptia Network+ as a basis for understanding networking.

    Should I have any major concerns with this process?

    I am taking all of them by group classes rather than virtual classrooms so it is an investment.

    I have seen jobs in the UK looking for similar qualifications along with OSCP. Unfortunately having a young family means I cannot dedicate that time unless it was away somewhere at a physical location.
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Network+ is a great start. I'd recommend it for sure and I think most others here would as well.

    As for EC-Council, you'll hear various opinions from people here. I'm on the side of it's garbage, sad to say. I've reviewed some material from some classes and I was very less than impressed with the craftsmanship. In at least the materials I've reviewed, I've seen very poor grammar and writing from someone who writes English at a 5th-grade level. CompTIA, ISC2, & ISACA are all well-written, on the other hand. That said, the CEH will get you some HR & resume respect, but for people applying for jobs with me I don't give any credit for EC-Council certs.

    I've heard multiple people speak highly of eLearnSecurity. I've never reviewed their material, but I think if you search around here you'll see more people are positive with them as opposed to a 50/50 split with EC-Council.
  • Options
    twetwe Member Posts: 10 ■□□□□□□□□□
    I think this is the biggest problem with all the certs out there.
    For example OSCP there is no classroom available, where others require a pre-req of being a security analyst or similar for a number of years.
    Looking at actual job listings it does seem possible to enter a position with the EC Council certs which I guess is my main aim.
    CREST seems popular to but more limited to UK and Europe where I want to go for a certificate that is more recognised.
    Can I ask, when you reviewed the EC Council material was that in the last year or so? Just wondering about the many iterations if peoples feelings are from a few years back or from now.
    CISSP seems highly regarded to but again seems like a lot of pre-reqs for now.
  • Options
    OctalDumpOctalDump Member Posts: 1,722
    CEH has good visibility, although it's a relatively basic certification within its speciality. ECSA, I'm told, isn't much more than some basic CEH skills and a written report. I've not heard of anyone having it, or it ever being asked for. LPT does seem a bit more involved, and I think has a background test, so in theory these stringent requirements should make it better, but again I've never heard of anyone having it or it being asked for.

    There was a reddit AMA a while ago with various Pen Tester companies, and they were generally anti-certification with the exception of the OSCP. In this field, what distinguishes you are your skills, which they are quite happy to test out. Papers don't seem to hold much weight, except when clients ask for them, and in that case they usually only ask for the CEH.

    If you are looking to become a Pen Tester, then I'd suggest that CEH isn't a terrible place to start, and the certification might give you some benefit - particularly among people who don't know much about the field. Cybrary.it is a great resource to start with as well.

    I'd then look at learning some of those tools a bit more in depth, and then doing the OSCP online course or eCPT or mile2. There are a number available. The idea is to get real hands on skills.

    One place where LPT might be useful is where you wanted to set up a business for yourself, somewhere where there isn't already a body like CREST to provide some kind of assurance.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • Options
    twetwe Member Posts: 10 ■□□□□□□□□□
    Thanks for the extra information.

    I have passed my Comptia Network+ and Ec Council CEH course.

    I do feel that the CEH course was more basic than I though and in hindsight it does show how many companies don't know the difference in quality between CEH and other courses to advertise the job positions. I wouldn't have felt confident enough to actually be a penetration tester with just CEH.

    Currently doing my ECSA course and I found that better. Apparently this year they changed it so that there is coursework where you have to provide information about the network in the virtual environment they give you and penetrate particular machines, do cross site scripting or SQL injection on certain websites. Some of the challenges were very simple but others were interesting and definitely more challenging than CEH. I even couldn't complete 2 of the challenges.

    I have however passed my coursework as I knew I had more than the 70% minimum required and now have the exam to do so will start revising for it soon.

    One thing that is disappointing is the cost vs quality. For example the ECSA study guide is literally a black and white book of all the pdf presentations. The CEH book is an actual book.
Sign In or Register to comment.