CEH Worth it after Sec+?

So I recently got the Security+ certification, and I'm trying to decide which cert to go for before starting grad school. I was looking at CEH as a candidate, but now I'm wondering if it's going to be too similar to Sec+. Should I study for the CEH exam, or would I be better off jumping in to something like Red Hat? The transition to v9 of the CEH exam seems to have been fairly messy, and I can't deny that it's made me a little nervous.

My short-term goal is to move from my current position into information security, doing something like penetration testing. I've expressed interest with my employer and things seem to be working that direction, but I want to make myself more useful. Would CEH help me with that, or am I better off just focusing on some programming courses or something else?

Find more posts tagged with

Comments

OctalDump

CEH is worthwhile after Security+. It is much more focussed on pen testing type knowledge, eg attack types, vulnerability scanning, testing tools, methodology.

It's a good starting place for Incident Handling, Penetration Testing, Analyst, even network defence type roles. By itself it won't turn you into an ethical hacker, but it covers a lot of necessary knowledge.

There are v9 guides coming, and the official courseware is already available.

The other areas to explore in the short term if you are interested in pen testing are Python (or any programming), Linux and the eLearnSecurity Penetration Testing Student course and associated eJPT certification.

chrsnlde

My employer has a Security Analyst position available that I'm applying for, but they are looking for someone with a CEH. The position has been open to the public for about 2 months now and we've gotten 20+ applications, none had CEH, but most had Security+. So far we haven't hired anyone. I'm now going for my CEH in hopes of getting the position. I'm located on the west cost in the US.

636-555-3226

CEH is good for HR & hiring managers who don't know much about infosec. You can do better than CEH depending on your budget and technical background. GIAC GPEN, OSCP, some people here recommend eCPPT - these are all better options in terms of real life skills, but very few hiring managers have any idea what any of those actually are.

gncsmith

What's the study timeframe for the C|EH?

Also, would you suggest someone have more networking knowledge than Net+ or would that be sufficient?

Any other suggestions?

EnderWiggin

CEH is definitely worthwhile, as it will get you past HR filters. It will also give you a foundation to build on to eventually become a penetration tester.

JustFred

It's also expensive as hell and I'm not even sure how they get away with it.

OctalDump

JustFred wrote: »

It's also expensive as hell and I'm not even sure how they get away with it.

I got mine reduced cost as part of another course I was doing, and free exam voucher.

CASP is $414, and probably $100 for books. CEH is $500 for the exam + $100 for application fee, books are probably about the same as CASP. GIAC is much more expensive (as we all know), (ISC)2 is cheaper. OSCP is more expensive, eCPPT is more. eJPT is about $300. So, maybe expensive but not outrageously expensive.

Yes, the official courseware is quite expensive, and a course can be very expensive, but that's true of most courses.

tmurphy3100

OctalDump wrote: »

CEH is worthwhile after Security+. It is much more focussed on pen testing type knowledge, eg attack types, vulnerability scanning, testing tools, methodology.

It's a good starting place for Incident Handling, Penetration Testing, Analyst, even network defence type roles. By itself it won't turn you into an ethical hacker, but it covers a lot of necessary knowledge.

There are v9 guides coming, and the official courseware is already available.

The other areas to explore in the short term if you are interested in pen testing are Python (or any programming), Linux and the eLearnSecurity Penetration Testing Student course and associated eJPT certification.

That eJPT seems like an awesome deal. Not sure If I should squeeze it out because I am in the middle of my WGU MSCIA program and will have to take the CEH soon...

OctalDump

tmurphy3100 wrote: »

That eJPT seems like an awesome deal. Not sure If I should squeeze it out because I am in the middle of my WGU MSCIA program and will have to take the CEH soon...

I think the eJPT is currently 20% off. It's self paced and has "lifetime" access to the courseware, 30 hours lab access, and and 1 free resit on the exam. So, it might be worth buying now even if you don't complete for several months.

tmurphy3100

So is it 20% off the 299, or 299 is already 20% off?

**never mind, the Home page has the coupon. Thanks!

globalenjoi

Thanks for the replies everyone. I think I'll go ahead and focus on it for now, to keep the information fresh after Security+. Does 2 months sound like a realistic target, or would it require less time if I'm just coming off of the Security+ info?

As a side note, I have started to work on programming some. I started with Python for about 2 weeks, then had an opportunity to dive into PHP for a project at work. It's been rough since I've never taken a programming course in my life. I started the open Java course through University Helsinki based on a few recommendations and I've been chipping away at that. I've got Kali Linux running on a VM and an old netbook, and a SamuraiWTF VM as well, though the hardest part of either has just been learning Linux commands as I go.

IronmanX

globalenjoi wrote: »

I've got Kali Linux running on a VM and an old netbook, and a SamuraiWTF VM as well, though the hardest part of either has just been learning Linux commands as I go.

Sorry off topic.
I've never heard of SamuraiWTF. Does it provide something that Kali doesn't?

virtualizationG

Good morning,
After taking the security+ I sat for the CEH myself. 100% worth it both for educational and career options it opens up. After passing the CEH I got the books and prepared for the CHFI, CCSK and ISC2 SSCP for about two weeks each. I now hold all those certifications and I'm currently rocking on CISSP and CCSP in the coming weeks.

My theory has always been simple, never become a silo in an industry that thrighs on diversity. Just my opinion.

evopilot

been thinking of CEH after eJPT still unsure tho