certifications for ethical hacking

p-coder

Hi everyone,

I am currently doing a course in full-stack Ruby on Rails software development, but lately I have started to become interested in ethical hacking. Since I do not have much background in IT, would it be a good idea for me to start with certifications like the CompTIA A+, Network+, and Security+? What other certifications should I get for ethical hacking?

At what point would I be able to find entry-level positions in the security field?

UnixGuy

Search the forums, they're full of similar threads.


eLearnSecurity, OSCP, GPEN

iBrokeIT

I suggest that you start visiting the job boards so you can actually see for yourself what skills, certs and other demands employers have for candidates...

JDMurray

Nobody gonna mention EC-Council Certified Ethical Hacker?

E Double U

JDMurray wrote: »

Nobody gonna mention EC-Council Certified Ethical Hacker?

I'm going to report this post as abuse.

cyberguypr

Do admins have self-banning capability?

Mike7

I am reporting the post as spam.

JDMurray

Awwwww...hey, I'm teaching a CEHv9 course in a couple of months. There's a lot of good information in there. It's just the pricing that's hard to swallow.

NetworkNewb

Not only price, I think the requirements to take this exam is ridiculous too. They could get so many more people if they removed those and just sold the course for it separately. I have very hard time believing they are making as much as they could from this cert.

Chinook

JDMurray wrote: »

Awwwww...hey, I'm teaching a CEHv9 course in a couple of months. There's a lot of good information in there. It's just the pricing that's hard to swallow.

I agree. This forum often maligns the C|EH, but I think it's a good introductory ethical hacker course. The content isn't the problem; the cost is. Nearly 2 grand in training for a basic understanding of the tool set, social engineer, etc isn't worth it. You'd be better spending the money taking online learning courses & actually doing.

JDMurray

NetworkNewb wrote: »

Not only price, I think the requirements to take this exam is ridiculous too. They could get so many more people if they removed those and just sold the course for it separately. I have very hard time believing they are making as much as they could from this cert.

Remember that the target market for the CEH are organizations who will pay to train and certify their people in cybersecurity. There is more money in certifying people en masse from organizational budgets than from the individuals that randomly wander in from the street. The non-training requirements (i.e., $600 and two years of information security experience) is used to keep up the perceived value of the cert (e.g., the training appears to be worthy of two years of InfoSec experience, and the CEH must be worth something if it's that costly to obtain).

BuzzSaw

e double u wrote: »

i'm going to report this post as abuse.

lol lol

BuzzSaw

JDMurray wrote: »

is used to keep up the perceived value of the cert (e.g., the training appears to be worthy of two years of InfoSec experience, and the CEH must be worth something if it's that costly to obtain).

I agree with this. Coming from a person who did "wander in from the street" so to speak, I can say one of the appeals is that not everyone is going to achieve this. Granted, that could have more to do with the barrier to admittance more than the "difficulty" of the exam. However, the fact still stands that, by and large, the CEH is a rarity and can be a big plus on a resume.

I took the test without official training, and having to prove my experience, pay additional fees, and jump through all the hoops. Personally, I sort of liked the vetting process, even if it was A LOT of money, and a major PITA. However, as you said, I think the "perceived" value is still something that is "worth" buying into. (I say "perceived" for a reason) - I think something like the OSCP is probably much more valuable as a whole, but the perceived value isn't there yet.

Curious, ISC has a pretty tight vetting process, along with membership dues, endorsement process, etc ... Most people don't scrutinize them as much as ECCouncil.

Chinook wrote: »

I agree. This forum often maligns the C|EH, but I think it's a good introductory ethical hacker course. The content isn't the problem; the cost is. Nearly 2 grand in training for a basic understanding of the tool set, social engineer, etc isn't worth it. You'd be better spending the money taking online learning courses & actually doing.

Agreed. 2 grand for training that would equal the CEH would be a bit much. But I do think the vetting process to sit for the exam without the training makes it obtainable at a somewhat reasonable rate (100.00 + 600.00 I believe). I also think it gives you a nice little edge in the fact that you have the chops without a specific course.

BuzzSaw

Back to the topic at hand:

p-coder wrote: »

Hi everyone,

I am currently doing a course in full-stack Ruby on Rails software development, but lately I have started to become interested in ethical hacking. Since I do not have much background in IT, would it be a good idea for me to start with certifications like the CompTIA A+, Network+, and Security+? What other certifications should I get for ethical hacking?

At what point would I be able to find entry-level positions in the security field?

I think its going to depend greatly on if you want to go into pentesting, or security in general. I think starting with something like Security+ and SSCP would be a great starting point. It's also going to force you into learning alot of the basics that the CEH builds on. From there, if you REALLY want to get into pentesting, CEH would be a good intro (assuming your okay with the price point). Other great options from there would be: GPEN, and once you have some experience OSCP.

Overall, I think you would probably have better luck (and immediate success) with some of the more entry level certs like Security+ and SSCP. Sometimes quick wins can help win the long term battle.

chrisone

JDMurray wrote: »

Awwwww...hey, I'm teaching a CEHv9 course in a couple of months. There's a lot of good information in there. It's just the pricing that's hard to swallow.

Its a pretty good entry level exam , knowledge wise. Price wise? ughhhh......

UnixGuy

I will always recommend eLearnSecurity eJPT over CEH. Much MUCH cheaper, and fully practical - nothing beats hands on learning

varelg

CEH's website was hacked recently, if I'm not mistaken. And it wasn't ethical at all.

devilbones

varelg wrote: »

CEH's website was hacked recently, if I'm not mistaken. And it wasn't ethical at all.

They encourage you to hack their website.

wayne_wonder

JDMurray wrote: »

Nobody gonna mention EC-Council Certified Ethical Hacker?

Best cert ever!!!

wayne_wonder

Yeah agree if its self study i wouldn't pay that price

Chinook

UnixGuy wrote: »

I will always recommend eLearnSecurity eJPT over CEH. Much MUCH cheaper, and fully practical - nothing beats hands on learning

I completely agree. I'd also add in Offensive Security's offerings as a way of getting practical experience in pen testing. Toss in learning Wireshark as well.

p-coder

Thank you all for the helpful comments and not banning our moderator.

BuzzSaw wrote: »

Overall, I think you would probably have better luck (and immediate success) with some of the more entry level certs like Security+ and SSCP. Sometimes quick wins can help win the long term battle.

I agree that getting some quick wins would be helpful to get started. As for certifications like A+ and Network+, I get the impression that they are not specifically needed for ethical hacking, although it might not be a bad idea to study them for general knowledge without actually taking the exams.

At any rate, I will look into some of the cheaper certifications like eLearnSecurity eJPT and Offensive Security's offerings for hands on learning.

BuzzSaw

p-coder wrote: »

Thank you all for the helpful comments and not banning our moderator.



I agree that getting some quick wins would be helpful to get started. As for certifications like A+ and Network+, I get the impression that they are not specifically needed for ethical hacking, although it might not be a bad idea to study them for general knowledge without actually taking the exams.

At any rate, I will look into some of the cheaper certifications like eLearnSecurity eJPT and Offensive Security's offerings for hands on learning.

I agree. I think A+ is probably one you could pass over

Network + isnt needed, but it would sure help in understanding the basics of why certain attacks work as well as they do!

TechGromit

JDMurray wrote: »

Awwwww...hey, I'm teaching a CEHv9 course in a couple of months. There's a lot of good information in there. It's just the pricing that's hard to swallow.

Even free is too much.