certifications for ethical hacking

p-coderp-coder Member Posts: 14 ■■■□□□□□□□
Hi everyone,

I am currently doing a course in full-stack Ruby on Rails software development, but lately I have started to become interested in ethical hacking. Since I do not have much background in IT, would it be a good idea for me to start with certifications like the CompTIA A+, Network+, and Security+? What other certifications should I get for ethical hacking?

At what point would I be able to find entry-level positions in the security field?

Comments

  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,226 Mod
    Search the forums, they're full of similar threads.


    eLearnSecurity, OSCP, GPEN
  • iBrokeITiBrokeIT GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,303 ■■■■■■■■■□
    I suggest that you start visiting the job boards so you can actually see for yourself what skills, certs and other demands employers have for candidates...
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA | eCPPT | eWPT | eCTHP

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,892 Admin
    Nobody gonna mention EC-Council Certified Ethical Hacker? ;)
  • E Double UE Double U Member Posts: 1,764 ■■■■■■■■■□
    JDMurray wrote: »
    Nobody gonna mention EC-Council Certified Ethical Hacker? ;)

    I'm going to report this post as abuse.
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, ITIL 4 Foundation, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    Do admins have self-banning capability?
  • Mike7Mike7 Member Posts: 1,080 ■■■■□□□□□□
    I am reporting the post as spam. ;)
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,892 Admin
    Awwwww...hey, I'm teaching a CEHv9 course in a couple of months. There's a lot of good information in there. It's just the pricing that's hard to swallow.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Not only price, I think the requirements to take this exam is ridiculous too. They could get so many more people if they removed those and just sold the course for it separately. I have very hard time believing they are making as much as they could from this cert.
  • ChinookChinook Member Posts: 206
    JDMurray wrote: »
    Awwwww...hey, I'm teaching a CEHv9 course in a couple of months. There's a lot of good information in there. It's just the pricing that's hard to swallow.

    I agree. This forum often maligns the C|EH, but I think it's a good introductory ethical hacker course. The content isn't the problem; the cost is. Nearly 2 grand in training for a basic understanding of the tool set, social engineer, etc isn't worth it. You'd be better spending the money taking online learning courses & actually doing.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,892 Admin
    Not only price, I think the requirements to take this exam is ridiculous too. They could get so many more people if they removed those and just sold the course for it separately. I have very hard time believing they are making as much as they could from this cert.

    Remember that the target market for the CEH are organizations who will pay to train and certify their people in cybersecurity. There is more money in certifying people en masse from organizational budgets than from the individuals that randomly wander in from the street. The non-training requirements (i.e., $600 and two years of information security experience) is used to keep up the perceived value of the cert (e.g., the training appears to be worthy of two years of InfoSec experience, and the CEH must be worth something if it's that costly to obtain).
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    E Double U wrote: »
    i'm going to report this post as abuse.


    lol lol
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    JDMurray wrote: »
    is used to keep up the perceived value of the cert (e.g., the training appears to be worthy of two years of InfoSec experience, and the CEH must be worth something if it's that costly to obtain).

    I agree with this. Coming from a person who did "wander in from the street" so to speak, I can say one of the appeals is that not everyone is going to achieve this. Granted, that could have more to do with the barrier to admittance more than the "difficulty" of the exam. However, the fact still stands that, by and large, the CEH is a rarity and can be a big plus on a resume.

    I took the test without official training, and having to prove my experience, pay additional fees, and jump through all the hoops. Personally, I sort of liked the vetting process, even if it was A LOT of money, and a major PITA. However, as you said, I think the "perceived" value is still something that is "worth" buying into. (I say "perceived" for a reason) - I think something like the OSCP is probably much more valuable as a whole, but the perceived value isn't there yet.

    Curious, ISC has a pretty tight vetting process, along with membership dues, endorsement process, etc ... Most people don't scrutinize them as much as ECCouncil.

    Chinook wrote: »
    I agree. This forum often maligns the C|EH, but I think it's a good introductory ethical hacker course. The content isn't the problem; the cost is. Nearly 2 grand in training for a basic understanding of the tool set, social engineer, etc isn't worth it. You'd be better spending the money taking online learning courses & actually doing.

    Agreed. 2 grand for training that would equal the CEH would be a bit much. But I do think the vetting process to sit for the exam without the training makes it obtainable at a somewhat reasonable rate (100.00 + 600.00 I believe). I also think it gives you a nice little edge in the fact that you have the chops without a specific course.
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Back to the topic at hand:
    p-coder wrote: »
    Hi everyone,

    I am currently doing a course in full-stack Ruby on Rails software development, but lately I have started to become interested in ethical hacking. Since I do not have much background in IT, would it be a good idea for me to start with certifications like the CompTIA A+, Network+, and Security+? What other certifications should I get for ethical hacking?

    At what point would I be able to find entry-level positions in the security field?

    I think its going to depend greatly on if you want to go into pentesting, or security in general. I think starting with something like Security+ and SSCP would be a great starting point. It's also going to force you into learning alot of the basics that the CEH builds on. From there, if you REALLY want to get into pentesting, CEH would be a good intro (assuming your okay with the price point). Other great options from there would be: GPEN, and once you have some experience OSCP.

    Overall, I think you would probably have better luck (and immediate success) with some of the more entry level certs like Security+ and SSCP. Sometimes quick wins can help win the long term battle.
  • chrisonechrisone Senior Member Member Posts: 2,130 ■■■■■■■■■□
    JDMurray wrote: »
    Awwwww...hey, I'm teaching a CEHv9 course in a couple of months. There's a lot of good information in there. It's just the pricing that's hard to swallow.

    Its a pretty good entry level exam , knowledge wise. Price wise? ughhhh......
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCTHPv2 (report: awaiting results), eLearnSecurity: eCPTXv2 (Late-Nov)
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,226 Mod
    I will always recommend eLearnSecurity eJPT over CEH. Much MUCH cheaper, and fully practical - nothing beats hands on learning
  • varelgvarelg Banned Posts: 790
    CEH's website was hacked recently, if I'm not mistaken. And it wasn't ethical at all.
  • devilbonesdevilbones Member Posts: 318 ■■■■□□□□□□
    varelg wrote: »
    CEH's website was hacked recently, if I'm not mistaken. And it wasn't ethical at all.
    They encourage you to hack their website.
  • wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    JDMurray wrote: »
    Nobody gonna mention EC-Council Certified Ethical Hacker? ;)

    Best cert ever!!!
  • wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Yeah agree if its self study i wouldn't pay that price
  • ChinookChinook Member Posts: 206
    UnixGuy wrote: »
    I will always recommend eLearnSecurity eJPT over CEH. Much MUCH cheaper, and fully practical - nothing beats hands on learning

    I completely agree. I'd also add in Offensive Security's offerings as a way of getting practical experience in pen testing. Toss in learning Wireshark as well.
  • p-coderp-coder Member Posts: 14 ■■■□□□□□□□
    Thank you all for the helpful comments and not banning our moderator. :)
    BuzzSaw wrote: »
    Overall, I think you would probably have better luck (and immediate success) with some of the more entry level certs like Security+ and SSCP. Sometimes quick wins can help win the long term battle.

    I agree that getting some quick wins would be helpful to get started. As for certifications like A+ and Network+, I get the impression that they are not specifically needed for ethical hacking, although it might not be a bad idea to study them for general knowledge without actually taking the exams.

    At any rate, I will look into some of the cheaper certifications like eLearnSecurity eJPT and Offensive Security's offerings for hands on learning.
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    p-coder wrote: »
    Thank you all for the helpful comments and not banning our moderator. :)



    I agree that getting some quick wins would be helpful to get started. As for certifications like A+ and Network+, I get the impression that they are not specifically needed for ethical hacking, although it might not be a bad idea to study them for general knowledge without actually taking the exams.

    At any rate, I will look into some of the cheaper certifications like eLearnSecurity eJPT and Offensive Security's offerings for hands on learning.

    I agree. I think A+ is probably one you could pass over

    Network + isnt needed, but it would sure help in understanding the basics of why certain attacks work as well as they do!
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,000 ■■■■■■■■□□
    JDMurray wrote: »
    Awwwww...hey, I'm teaching a CEHv9 course in a couple of months. There's a lot of good information in there. It's just the pricing that's hard to swallow.

    Even free is too much. icon_lol.gif
    Still searching for the corner in a round room.
Sign In or Register to comment.