GPEN vs. CEH

ErtazErtaz Member Posts: 934 ■■■■■□□□□□
So, I completed SEC560 the week of the 8th. I plan on taking my GPEN on November 30th. (Unless I feel more confident before then.) I feel that with a solid index I can pass the exam. I will then hopefully start Cyber OPS for 90 days :). That leaves with an opening for a spring time self-study cert.

For those of you who have both, how much overlap is there between GPEN and CEH? Is this something that a person could pass with a normal amount of study from a book and practice exam? I know folks Poo-poo it here, but its still a pretty good pass for the HR filters.


OSCP will be my summer time self study after I take SEC660 and get the GXPN.

Comments

  • KalabasterKalabaster Member Posts: 86 ■■□□□□□□□□
    If you know the stuff in GPEN, the stuff in CEH is adorable. Just take a few free practice tests and giggle to yourself.


    edit: I just saw you mentioned going for the GXPN. The GPEN doesn't lead into the GXPN as smoothly as you'd think. Just be aware that you should prep a bit before going into it, it's kind of a different animal.
    Certifications: A+, Net+, Sec+, Project+, Linux+/LPIC-1/SUSE CLA, C|EH, eWPT, GMON, GWAPT, GCIH, eCPPT, GPEN, GXPN, OSCP, CISSP.
    WGU, BS-IT, Security: C178, C255, C100, C132, C164, C173, C172, C480, C455, ORA1, C182, C168, C394, C393, C451, C698, C697, C176, C456, C483, C170, C175, C169, C299, C246, C247, C376, C179, C278, C459, C463, C435, C436.
    Legend: Completed, In-Progress, Next
  • thegoodbyethegoodbye Member Posts: 94 ■■□□□□□□□□
    I'd recommend doing GPEN --> OSCP --> GXPN...then OSCE if you're still interested in exploit dev.
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    Kalabaster wrote: »
    If you know the stuff in GPEN, the stuff in CEH is adorable. Just take a few free practice tests and giggle to yourself.


    edit: I just saw you mentioned going for the GXPN. The GPEN doesn't lead into the GXPN as smoothly as you'd think. Just be aware that you should prep a bit before going into it, it's kind of a different animal.

    I'd recommend doing GPEN --> OSCP --> GXPN...then OSCE if you're still interested in exploit dev.


    Thanks for the feedback guys.
    I will consider doing OSCP first. OSCE may be a moonshot. I don't know how interested/capable I'll be in exploit dev. I'll need to come a long way in my scripting skills.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    FWIW, if you want to be a dedicated pentester, keep working the SEC560/GPEN stuff until you're not very reliant on your index for the 70-whatever score you need to pass the exam. If you're going to get a job pentesting, you're going to need to know the stuff and won't have time to look it up. Most engagements you'll be there for a week, which isn't a lot of time in companies with a mature security program, and the last thing I want to see is my pentester looking up on Google what -sT means with nmap.
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    FWIW, if you want to be a dedicated pentester, keep working the SEC560/GPEN stuff until you're not very reliant on your index for the 70-whatever score you need to pass the exam. If you're going to get a job pentesting, you're going to need to know the stuff and won't have time to look it up. Most engagements you'll be there for a week, which isn't a lot of time in companies with a mature security program, and the last thing I want to see is my pentester looking up on Google what -sT means with nmap.

    I'm kinda just trying it out. I'm not one by trade at the moment, but I've always been interested in it from afar. I now have an employer that will pay for SANS classes and allow time for study so I am going to go after it and see how far I can get. I also want to use it to advance my powershell and python knowledge. The certs are a nice to have, but I'm skilled enough in other areas that if I miss the mark or decide being a world class pen tester isn't for me that I won't starve :).

    As far as googling stuff on site, yeah, I'll be labbing it up at the house so that I will have the knowledge at my fingertips before I take the exam. This stuff is simultaneous fun and frustration. I am going to explore it until it stops being either one.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    thegoodbye wrote: »
    I'd recommend doing GPEN --> OSCP --> GXPN...then OSCE if you're still interested in exploit dev.

    The GPEN is a little pricey compared to the OSCP, someone claimed that if you could pass the OSCP, than it possible to challenge the GPEN without too much difficulty, Not sure if they were serious or not. From a cost standpoint, wouldn't you be better off taking the OSCP first?
    Still searching for the corner in a round room.
  • quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    I just passed the GPEN and plan on going after the OSCP next. Like you I also plan on squeezing the Cisco certification in around mid-November. I have heard a lot of negative talk about the CEH. I interviewed with someone that told me he was forced to get it and never even listed it on his resume. I heard the training is a waste of money and the ceh doesn't hold any weight except to HR or recruiters. I have to wait untilo 2017 for my work to pay for OSCP so I'm passing the time by reading a couple books on Python followed by some Powershell.
  • stephens316stephens316 Member Posts: 203 ■■■■□□□□□□
    I would not waste the money on CEH
    ______________
    Current Studying : GPEN |GCNF|CISSP??
    Current Reading : CISSP| CounterHack|Gray Hat Hacking
    Completed 2019 : GCIH
    Free Reading : History Books
  • mudflapsmudflaps Member Posts: 75 ■■□□□□□□□□
    At face value, the GPEN would be much better than the CEH. It is a garbage cert, imo.
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    The path that I've seen others take is CEH -> GPEN -> OSCP. If you knock out the GPEN and want in an easy W then give CEH a shot. If your employer pays for it then I think you should definitely do it. If my employer wasn't covering it I would pass on it.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
Sign In or Register to comment.