GPEN vs. CEH

So, I completed SEC560 the week of the 8th. I plan on taking my GPEN on November 30th. (Unless I feel more confident before then.) I feel that with a solid index I can pass the exam. I will then hopefully start Cyber OPS for 90 days

. That leaves with an opening for a spring time self-study cert.

For those of you who have both, how much overlap is there between GPEN and CEH? Is this something that a person could pass with a normal amount of study from a book and practice exam? I know folks Poo-poo it here, but its still a pretty good pass for the HR filters.

OSCP will be my summer time self study after I take SEC660 and get the GXPN.

Find more posts tagged with

Comments

Kalabaster

If you know the stuff in GPEN, the stuff in CEH is adorable. Just take a few free practice tests and giggle to yourself.

edit: I just saw you mentioned going for the GXPN. The GPEN doesn't lead into the GXPN as smoothly as you'd think. Just be aware that you should prep a bit before going into it, it's kind of a different animal.

thegoodbye

I'd recommend doing GPEN --> OSCP --> GXPN...then OSCE if you're still interested in exploit dev.

Ertaz

Kalabaster wrote: »

If you know the stuff in GPEN, the stuff in CEH is adorable. Just take a few free practice tests and giggle to yourself.

edit: I just saw you mentioned going for the GXPN. The GPEN doesn't lead into the GXPN as smoothly as you'd think. Just be aware that you should prep a bit before going into it, it's kind of a different animal.

I'd recommend doing GPEN --> OSCP --> GXPN...then OSCE if you're still interested in exploit dev.

Thanks for the feedback guys.
I will consider doing OSCP first. OSCE may be a moonshot. I don't know how interested/capable I'll be in exploit dev. I'll need to come a long way in my scripting skills.

636-555-3226

FWIW, if you want to be a dedicated pentester, keep working the SEC560/GPEN stuff until you're not very reliant on your index for the 70-whatever score you need to pass the exam. If you're going to get a job pentesting, you're going to need to know the stuff and won't have time to look it up. Most engagements you'll be there for a week, which isn't a lot of time in companies with a mature security program, and the last thing I want to see is my pentester looking up on Google what -sT means with nmap.

Ertaz

636-555-3226 wrote: »

FWIW, if you want to be a dedicated pentester, keep working the SEC560/GPEN stuff until you're not very reliant on your index for the 70-whatever score you need to pass the exam. If you're going to get a job pentesting, you're going to need to know the stuff and won't have time to look it up. Most engagements you'll be there for a week, which isn't a lot of time in companies with a mature security program, and the last thing I want to see is my pentester looking up on Google what -sT means with nmap.

I'm kinda just trying it out. I'm not one by trade at the moment, but I've always been interested in it from afar. I now have an employer that will pay for SANS classes and allow time for study so I am going to go after it and see how far I can get. I also want to use it to advance my powershell and python knowledge. The certs are a nice to have, but I'm skilled enough in other areas that if I miss the mark or decide being a world class pen tester isn't for me that I won't starve

.

As far as googling stuff on site, yeah, I'll be labbing it up at the house so that I will have the knowledge at my fingertips before I take the exam. This stuff is simultaneous fun and frustration. I am going to explore it until it stops being either one.

TechGromit

thegoodbye wrote: »

I'd recommend doing GPEN --> OSCP --> GXPN...then OSCE if you're still interested in exploit dev.

The GPEN is a little pricey compared to the OSCP, someone claimed that if you could pass the OSCP, than it possible to challenge the GPEN without too much difficulty, Not sure if they were serious or not. From a cost standpoint, wouldn't you be better off taking the OSCP first?

quogue66

I just passed the GPEN and plan on going after the OSCP next. Like you I also plan on squeezing the Cisco certification in around mid-November. I have heard a lot of negative talk about the CEH. I interviewed with someone that told me he was forced to get it and never even listed it on his resume. I heard the training is a waste of money and the ceh doesn't hold any weight except to HR or recruiters. I have to wait untilo 2017 for my work to pay for OSCP so I'm passing the time by reading a couple books on Python followed by some Powershell.

stephens316

I would not waste the money on CEH

mudflaps

At face value, the GPEN would be much better than the CEH. It is a garbage cert, imo.

E Double U

The path that I've seen others take is CEH -> GPEN -> OSCP. If you knock out the GPEN and want in an easy W then give CEH a shot. If your employer pays for it then I think you should definitely do it. If my employer wasn't covering it I would pass on it.