Pengu wrote: » I have been studying for this for the past 2 weeks so have bought books and apps and stuff but I can help thinking its a big waste of time. I am a technical test analyst and do much of the security testing for my company in a sensitive environment. I asked my boss the other day if he would vouch for me with EC-Council and he said that he is sorry but it would be unethical for him to do so as I am not a proper pen tester!?! clearly he misses the point, but that's a battle for another day. So, I am looking at $100 dollar eligibility fee (which I might lose) a $500 exam cost and now I read posts that there is a new yearly $80 subscription cost to keep the cert!?! surely not? I'm enjoying the subject but at this stage of my career I need to get some quals down on my CV to stand apart when I am out of a job in 5 months. Persevere or look elsewhere? I am thinking of just going for CISSP instead, it might be less complicated to do so even though it is a much bigger challenge. I have worked with a few CISSPs for many years, so at least they are aware of my extensive experience across a number of the domains.
IronmanX wrote: » CISSP requires 5 years cumulative paid full-time work experience in two or more of the 8 domains. Also requires you to be endorsed " by an (ISC)² certified professional who is an active member, and who is able to attest to your professional experience." CEH attempted with out the official training must "Have at least two years of information security related experience.". It is pretty vague, but if your boss doesn't think you qualify ask them to pay for training and you wont have to qualify. I don't know what you do as a technical test analyst. If your having trouble getting approved for CEH your not going to get approved for CISSP. Sounds like that is doubtful if you are out of a job in 5 months. Maybe Sec + would be a better start at this point.
Pengu wrote: » The reason why I was interested in CEH is because it is a bit of gap in my knowledge and I think knowing some of this stuff would help me become a good Security tester. I don't want to become a manager at this stage of my career - I have done all that. Managers in my field get in work at 7am and leave past 7pm I no longer wish to be involved in that kind of punishing routine. My only doubts about doing the CISSP is that agencies will see that on my CV and push me towards managerial roles, me I would rather stay in the weeds, do my 8 hour shift and get back home.
lsud00d wrote: » CEH is like a slightly more in-depth/technical S+. If it's required for a job go for it, if you want it for knowledge purposes there's unlimited free resources online.
