Denied CEH Eligibility

Peace101

Hello All,

My name is Peace101 and I am new to this forum. A couple of days ago, I submitted my CEH eligibility form so that I could purchase the voucher. Unfortunately, I was denied due to my lack of "experience" in the Information/Cyber Security Industry. My background is as such: a bachelor's in Computer Engineering, a master's in Computer Forensics from George Mason University, and one year working in a federal government SOC. In addition to sending my application and resume, I'd also sent my graduate school official transcript and a penetration test writing sample. In the application, I also stated this with the following information:

• Masters of Science in Computer Forensics from George Mason University (1.5 years)
- Performed malware reverse engineering
- Possess practical penetration testing knowledge
- Performed both network and traditional forensic analysis
- Practical knowledge of incident response


• Basic understanding of TCP/IP protocols and networking


• Proficient in the use of Kali Linux and its various tools (Nmap, Aircrack, SqlMap, Nessus, Nikto, TCPDump, Wireshark, Metasploit)


• Proficient in the Python scripting language
- Created automated scripts for both penetration testing and work-related use


• Performed vulnerability assessments


• Worked in a Security Operation Center (SOC) environment [1 year]
- Performed log analysis
- Performed Packet Capture Analysis
- Network Forensics
- Malware Analysis
- Email Analysis

When I received the denial, I called EC-Council headquarters and directed to front desk which yield to no resolution. What other options can I take?

BlackBeret

Well, their requirement is 2 years work experience (not school) or to take their course. So your other option would be to wait 1 year or take their course.

cyberguypr

A much as I despise this organization the eligibility criteria is clearly not being met so this is on you. BlackBeret is right, either wait or pay $850 for training.

TechGuru80

Well you either probably 1.) didn’t read the requirements close enough, or 2.) thought you could squeeze through.

2 years of work experience is pretty clearly stated so hopefully you didn’t pay out of pocket. Get the feds to pay for your training or wait till you have 2 years.

supasecuritybro

I would just walk away from this cert if I were you. It will get you through the HR person but more Security professionals think this cert is a joke.

JDMurray

CISSP and CEH are very good certs to get you in for a first-round interview, so I woundn't discount CEH if you are looking for InfoSec work. However, for the "net cred," there are a lot better "Hacking+" certs out there.

Peace101

It said that you have to have 2 years of information security experience not 2 years of working in the information/cyber security industry. If they stated the latter, I wouldn't have an issue, but they stated the former.

cyberguypr

Original post mentioned only the SOC job. What other security experience do you have?

TechGuru80

Peace101 wrote: »

It said that you have to have 2 years of information security experience not 2 years of working in the information/cyber security industry. If they stated the latter, I wouldn't have an issue, but they stated the former.

It looks like they have some inconsistencies of how they word things on their website.

Under the FAQ (https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/#1--can-i-pursue-self-study-and-attempt-the-exam-instead-of-attending-formal-training-) it says "work experience", but under other areas it says related experience.

Just for future reference, if education can be applied, they will usually have some kind of a waiver description area. Any experience requirement is going to only be work experience.

ThinLine

Easy. Don’t spend your hard earned $$$ with them. Choose another Certification. I have a CEH, and have not seen any real value. EC-Council has poor customer service as well.

This Cert is not transformative for your career. Don’t look back.

Ertaz

If you're going for DOD, the CEH is now obsolete. The CSA+ seems a much better value.

McxRisley

"When not reading and understanding the requirements goes wrong" is what this should be titled. CEH from a learning standpoint is not very good but it does open MANY doors for you. Also, CSA+ isnt recognized by the DoD yet (at least where I work anyway). Whats the source for that chart?EDIT: nevermind, found it on DISA. That's wierd tho because we don't accept it here.

IronmanX

Looks like CSA+ is a lot cheaper too.
$320 USD for the exam.

CEH is now $950 USD for the exam.

Annual renewal is a little cheaper $50 vs $80.

Looks like CSA+ does not have any experience requirements.

"Recommended Experience Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, CSA+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus."

supasecuritybro

supasecuritybro wrote: »

I would just walk away from this cert if I were you. It will get you through the HR person but more Security professionals think this cert is a joke.

And to the person who sent me some feedback to this comment regarding that the eJPT is a joke, my thought is at least to get it you have to do hands on work and not just do rogue memorization on tools, so it is ok with me being a joke to people. The CSA+ cost me $50 not a bad fee to see what it was about and it was still way better than the CEH.

beads

(*Psst!*)

Prefer looking into certs like SANS GPEN or OSCP as more mainstream or accepted certs to pursue in lieu of the C|EH.

- b/eads

TechGuru80

supasecuritybro wrote: »

And to the person who sent me some feedback to this comment regarding that the eJPT is a joke, my thought is at least to get it you have to do hands on work and not just do rogue memorization on tools, so it is ok with me being a joke to people. The CSA+ cost me $50 not a bad fee to see what it was about and it was still way better than the CEH.

Sometimes it’s not always about what YOU value the most in a certification, it’s what an employer values or wants. Regardless of the opinions on the quality of CEH, HR departments know what it is and sometimes getting past them is half the battle.

supasecuritybro

TechGuru80 wrote: »

Sometimes it’s not always about what YOU value the most in a certification, it’s what an employer values or wants. Regardless of the opinions on the quality of CEH, HR departments know what it is and sometimes getting past them is half the battle.

Yeap. It's also why the CISSP sometimes suffers in some circles. Companies have made it the defacto cert in a lot of job requirements but its not a technical cert when they are looking for someone with a lot of hands on. It is very strange for me to have the conversation when people tell me they met someone with a CISSP and doesn't know how to be technical.

JockVSJock

Considered yourself touched by an angel or divine intervention, or whatever you want to believe in.

There is a lot of criticism against the C|EH for the hype it generates and EC|Council for their lack of professionalism and their snake-oil sales approach to the IT certification industrial complex that they are a part of.

Here is my review of me taking the C|EH.

http://www.techexams.net/forums/ec-council-ceh-chfi/126125-successfully-passed-c-eh-my-professional-opinion-eccouncil-cert-industry.html

After getting this cert, I've only been contacted for temp pen test/info assurance positions. That's it.

Too bad this post wasn't stickied, otherwise I would have never attempted this cert:

http://www.techexams.net/forums/ec-council-ceh-chfi/110311-wanna-get-ec-council-ceh-think-again.html

Honestly if you have the skill set that you wrote up, I would say go for info sec positions that matchs or exceed your experience. Do you live in a big or near a big IT city say like Silicon Valley?

JDMurray wrote: »

CISSP and CEH are very good certs to get you in for a first-round interview, so I woundn't discount CEH if you are looking for InfoSec work. However, for the "net cred," there are a lot better "Hacking+" certs out there.

wayne_wonder

supasecuritybro wrote: »

I would just walk away from this cert if I were you. It will get you through the HR person but more Security professionals think this cert is a joke.

That could be said about the CISSP any other cert! Give me experience over some expensive cert anyday

jamesleecoleman

Cert requirements are cert requirements. We're lucky if we can get waivers from some organizations.
Just keep doing what you're doing and on top of that, you're getting great experience so far.

There are other certifications that are probably more worth earning instead of the CEH. OSCP could be done while you're waiting for the two year requirement to be met. Maybe getting the SSCP as well??

I know that the CEH is asked by a lot of companies but as much as it costs to take the test, I think that you could really use that money somewhere else.

[Deleted User]

Just hang in there! I found the C|EH to be useful. Just get another year of security experience and you'll be good. Best of luck hope things work out!

BuzzSaw

FWIW ... my .02 cents ...

I think the value in CEH is what you make of it ... and what fits YOUR situation ...

CEH isn't totally worthless IMO. Is it worth the (nearly) one thousand dollars? Probably not ... is it worth something? yes.

I am neck deep in the middle of the OSCP course and I can say, without a moment of doubt, that the CEH compared to this is an entry level certification by far. However, a lot of the same study material I used for CEH I am going back and referencing in OSCP ... The skill sets do transfer .. albeit only a little.

So, I'll just throw this out there. If you are in a position where someone else is going to pay for it? And you are trying to build up to something like OSCP? I don't see an issue in going for it. You will end up covering a lot of the same ground ... IF you only have 1000.00 and you have to pick what route to go, I would not go CEH and would explore other options with your own money.

One last thought: While some (maybe even a lot) in the security field think CEH isn't worth the money, others that are in the technology field, but NOT focused on security still respect it. (Yeah, mostly because its a name ...) My current role is not only Security related, but overlaps a lot of other areas. When I am talking with customers (like it or not) "Certified Ethical Hacker" buys more credence with them than something they've never heard of like "OSCP" - When I am talking with someone very technical, OSCP is like the biggest name drop ever ....

So I'm just saying, it depends on your situation! Your life! you lead it!