Is this still worth doing with all the extra costs now?

PenguPengu Member Posts: 46 ■□□□□□□□□□
I have been studying for this for the past 2 weeks so have bought books and apps and stuff but I can help thinking its a big waste of time.

I am a technical test analyst and do much of the security testing for my company in a sensitive environment. I asked my boss the other day if he would vouch for me with EC-Council and he said that he is sorry but it would be unethical for him to do so as I am not a proper pen tester!?! clearly he misses the point, but that's a battle for another day.

So, I am looking at $100 dollar eligibility fee (which I might lose) a $500 exam cost and now I read posts that there is a new yearly $80 subscription cost to keep the cert!?! surely not?

I'm enjoying the subject but at this stage of my career I need to get some quals down on my CV to stand apart when I am out of a job in 5 months.

Persevere or look elsewhere? I am thinking of just going for CISSP instead, it might be less complicated to do so even though it is a much bigger challenge. I have worked with a few CISSPs for many years, so at least they are aware of my extensive experience across a number of the domains.

Comments

  • LollyBagginsLollyBaggins PMP, CISSP, CISM, CISA, CRISC, CGEIT, C|EH, C|BP, AWS CSAA, AWS CDA, AWS CSS Member Posts: 14 ■■■□□□□□□□
    Go for the CISSP for ROI.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    Pengu wrote: »
    I have been studying for this for the past 2 weeks so have bought books and apps and stuff but I can help thinking its a big waste of time.

    I am a technical test analyst and do much of the security testing for my company in a sensitive environment. I asked my boss the other day if he would vouch for me with EC-Council and he said that he is sorry but it would be unethical for him to do so as I am not a proper pen tester!?! clearly he misses the point, but that's a battle for another day.

    So, I am looking at $100 dollar eligibility fee (which I might lose) a $500 exam cost and now I read posts that there is a new yearly $80 subscription cost to keep the cert!?! surely not?

    I'm enjoying the subject but at this stage of my career I need to get some quals down on my CV to stand apart when I am out of a job in 5 months.

    Persevere or look elsewhere? I am thinking of just going for CISSP instead, it might be less complicated to do so even though it is a much bigger challenge. I have worked with a few CISSPs for many years, so at least they are aware of my extensive experience across a number of the domains.

    CISSP requires 5 years cumulative paid full-time work experience in two or more of the 8 domains.
    Also requires you to be endorsed " by an (ISC)² certified professional who is an active member, and who is able to attest to your professional experience."

    CEH attempted with out the official training must "Have at least two years of information security related experience.".
    It is pretty vague, but if your boss doesn't think you qualify ask them to pay for training and you wont have to qualify.


    I don't know what you do as a technical test analyst.
    If your having trouble getting approved for CEH your not going to get approved for CISSP. Sounds like that is doubtful if you are out of a job in 5 months.

    Maybe Sec + would be a better start at this point.
  • ThomasITguyThomasITguy Banned Posts: 181
    If you work in the Govt sector just get your CASP. That will allow you to move up.
  • PwncakesPwncakes Registered Users Posts: 3 ■■■□□□□□□□
    I think it depends on your career objectives. If you are interested in penetration testing CEH is a relevant and valid cert to hold. From your post, it sounds like you are pretty vested in the process. Did you already submit the $100 registration fee and completed form? If so, and this is something you really want to do, I think you just need to get your boss on the same page. If he's just being a jerk, and there's someone above or below your boss that can vouch for you, then you may be able to contact EC-Council and let them know that you need to specify an alternate person to verify your experience. Just be ready to provide a simple honest answer.
  • PenguPengu Member Posts: 46 ■□□□□□□□□□
    IronmanX wrote: »
    CISSP requires 5 years cumulative paid full-time work experience in two or more of the 8 domains.
    Also requires you to be endorsed " by an (ISC)² certified professional who is an active member, and who is able to attest to your professional experience."

    CEH attempted with out the official training must "Have at least two years of information security related experience.".
    It is pretty vague, but if your boss doesn't think you qualify ask them to pay for training and you wont have to qualify.


    I don't know what you do as a technical test analyst.
    If your having trouble getting approved for CEH your not going to get approved for CISSP. Sounds like that is doubtful if you are out of a job in 5 months.

    Maybe Sec + would be a better start at this point.

    Did Security+ last year but felt it was very basic and I think I got about 90+ percent after about 2 weeks training. So I do know a lot of this stuff. I also have 25 years experience across a broad spectrum of these domains.

    i'm a contractor so have minimal contact with my boss at my current place of work. In truth he probably fobbed me off because he doesn't want the hassle - after all he is not really my boss, just head of the department where I currently work at.

    I know a few CISSP and they have a greater knowledge of what I do and what I have done.
  • PenguPengu Member Posts: 46 ■□□□□□□□□□
    The reason why I was interested in CEH is because it is a bit of gap in my knowledge and I think knowing some of this stuff would help me become a good Security tester.

    I don't want to become a manager at this stage of my career - I have done all that. Managers in my field get in work at 7am and leave past 7pm I no longer wish to be involved in that kind of punishing routine. My only doubts about doing the CISSP is that agencies will see that on my CV and push me towards managerial roles, me I would rather stay in the weeds, do my 8 hour shift and get back home.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    Pengu wrote: »
    The reason why I was interested in CEH is because it is a bit of gap in my knowledge and I think knowing some of this stuff would help me become a good Security tester.

    I don't want to become a manager at this stage of my career - I have done all that. Managers in my field get in work at 7am and leave past 7pm I no longer wish to be involved in that kind of punishing routine. My only doubts about doing the CISSP is that agencies will see that on my CV and push me towards managerial roles, me I would rather stay in the weeds, do my 8 hour shift and get back home.

    Yeah I also believe CISSP is more for managers, although others disagree.

    You say your a contractor do you work for a contracting company? Just thinking someone within the contracting company may be able to vouch.
    It does sound like your customer (boss) just doesn't want the hassle.
    If your a sole proprietor contractor surely EC Council has away to deal with this. Maybe try and contact them.

    CEH sounds like a good next step for you and i would think would be worth it as a contractor to get if you want to get into pen testing.
  • lsud00dlsud00d Member Posts: 1,571
    CEH is like a slightly more in-depth/technical S+. If it's required for a job go for it, if you want it for knowledge purposes there's unlimited free resources online.
  • GessGess CISSP, Server+, SCCM 2012, Project+; J.D. Member Posts: 144 ■■□□□□□□□□
    A few weeks after I passed the C|EH they sent me an e-mail saying they were going to start charging dues. I highly doubt they lowered the cost of the exam. In light of that I made the decision to let it lapse. The financial barrier to entry is too high for as disorganized as the organization is. If I were in a more technical area of IT I might consider keeping it up, but in reality I'm transitioning into Policy/Compliance management so I'm going to ride my CISSP instead.

    At least the C|EH will become more exclusive moving forward. I imagine many people are like me, and others won't sit for it at all moving forward.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    lsud00d wrote: »
    CEH is like a slightly more in-depth/technical S+. If it's required for a job go for it, if you want it for knowledge purposes there's unlimited free resources online.

    Have you taken the CEH? I have not taken Sec+ so i can't compare. I don't see a lot of failures on the Sec+ sub forum so its my impression its not that challenging, but really that is not a good way to look at it.

    I don't think CEH is going to turn you into a Pen Tester but its a start. Some people in the field do Pen Testing with nothing some do it with OSCP, so it just depends. Since you are a contractor though CEH will help you with the DoD requirements.



    All Exams now of days with CE have fees. I think Sec+ is cheaper at $50 a year.

    @GESS Yeah I can see people not actively using them just letting them expire.
Sign In or Register to comment.