Just passed secutiy+, should I go for CEH?

stefkstefk Member Posts: 8 ■■□□□□□□□□
Hi guys! I have been a security and Linux enthusiast since I was 16 (I am 22 now) and I have been working in security for about two years. Since I work in a small company, I perform a range of tasks which vary from penetration testing and auditing to implementation of SIEM, firewalls and review of internal policies/procedures.

I have done my A+ exam and just passed the Security+, considering my ideal career path would be penetration tester-->Security Architect (hopefully), I was wondering which exam you would suggest to go for, as I know there are lots out there and I wouldn't want to get multiple certs that are on the same level (like gsec and security+).

I have basic knowledge of scripting/programming languages such as Python, PHP, Javascript etc. and a very good understanding of web application penetration testing.

I have made a quick list with some approximate dates for my next certs and I would really appreciate it if you could give me your feedback on it (I don't have to necessarily obtain these certifications and in this exact order but I just wanted to have a baseline to work with).
  • Certified Ethical Hacker
  • Comptia Cybersecurity Analyst
  • Comptia Pentest+
  • Web Application Penetration Testing
  • Global Information Assurance Certification Penetration Tester
  • GIAC Web Application Penetration Tester
  • Comptia Advanced Security Practitioner
  • EC-Council Licensed Penetration Tester
  • Offensive Security Certified Professional
  • Certified Expert Penetration Tester
  • GIAC Exploit Researcher & Advanced Penetration Tester
  • Certified Expert Penetration Tester
  • Certified Information Systems Security Professional
  • Certified Information Security Manager
Also, for CEH would you suggest to enroll with online/classroom training with EC council or to just study by myself? I studied for A+ and Sec+ by myself but I could not find a good CEH online course which wasn't directly provided by EC council.

Thanks and have a lovely day!


Comments

  • stefkstefk Member Posts: 8 ■■□□□□□□□□
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Member Posts: 492 ■■■■■□□□□□
    edited February 2019
    I would suggest saving your money instead of wasting it on a worthless cert like the CEH. Some quick searching on this forum and elsewhere will turn up many horror stories and terrible reviews. The CompTIA Pentest + is a much better option now. There's also the OSCP if you want to actually learn some pentesting skills instead of just reading about them.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • stefkstefk Member Posts: 8 ■■□□□□□□□□
    McxRisley said:
    I would suggest saving your money instead of wasting it on a worthless cert like the CEH. Some quick searching on this forum and elsewhere will turn up many horror stories and terrible reviews. The CompTIA Pentest + is a much better option now. There's also the OSCP if you want to actually learn some pentesting skills instead of just reading about them.



    Thanks a lot for your suggestion! Although I always thought that ceh and in general ec council certs were more accredited in the industry and were more valuable for your cv?
    I am aware of the OSCP but I will practice with htb for a while before attempting it.

  • SteveLavoieSteveLavoie Member Posts: 705 ■■■■■□□□□□
    I would do Comptia Pentest+ instead of CEH,  much less expensive.  CEH was the king in that niche because they were alone, now Pentest+ is a better deal. Finally the best certs for pentest is OSCP. 
  • shochanshochan Senior Member Member Posts: 901 ■■■■■■□□□□
    Since you are so young, go ahead & get ALL of those certs that you listed & be the CertificationGodGuru!



    "It's not good when it's done, it's done when it's good" ~ Danny Carey
  • SteveLavoieSteveLavoie Member Posts: 705 ■■■■■□□□□□
    edited February 2019
    I would add that at your age, your priority should be to get a degree.  Often no degree is no-go for HR, whatever the number of certs you have. I am 42, and I only got an associate degree (Cegep in Quebec) and I could have missed to get a full 4 years degree. 

    Also certs have a short lifespan(2-3 years), but not a degree. 
  • stefkstefk Member Posts: 8 ■■□□□□□□□□
    Thanks a lot for your suggestion, I thought about getting a degree for quite a while but I'm unsure as to what degree I should go for... I don't see much value in getting a general IT or computer science degree because I already have a good knowledge of the fundamentals.
    I would add that at your age, your priority should be to get a degree.  Often no degree is no-go for HR, whatever the number of certs you have. I am 42, and I only got an associate degree (Cegep in Quebec) and I could have missed to get a full 4 years degree. 

    Also certs have a short lifespan(2-3 years), but not a degree.


  • SteveLavoieSteveLavoie Member Posts: 705 ■■■■■□□□□□
    Or get a degree even in a non-direct IT domain. Certs are short terms to medium terms compared to a degree. 

    Also, in 15 years, it will permit you to get a Masters... that will really help you. 
  • NetworkNewbNetworkNewb Member Posts: 3,290 ■■■■■■■■■□
    edited February 2019
    Personally feel like that is way too many certs on pentesting and most would just be overlap.  Too much overkill.   IMO, you'd be better off spending your time joining a local group (or online) and work on networking with people and working with others on ideas.   Come up with projects to work on in your spare time... Share your project and outcomes with the community... Looks alot better to employers and will learn more than just going for a bunch of certs.  Will have a lot more fun doing it as well.
  • SteveLavoieSteveLavoie Member Posts: 705 ■■■■■□□□□□
    Personally feel like that is way too many certs on pentesting and most would just be overlap.  Too much overkill.   IMO, you'd be better off spending your time joining a local group (or online) and work on networking with people and working with others on ideas.   Come up with projects to work on in your spare time... Share your project and outcomes with the community... Looks alot better to employers and will learn more than just going for a bunch of certs.  Will have a lot more fun doing it as well.
    Prospective employers will see a blog, or some reseach, or some bug bounty,  and participation in a local security community as good as a bunch of overlapping certs. Gets certs to show expertise in different domain, but 2 certs on the same domain it is of no value. Also with your participation to conference or by presenting you will get a lot of good networking (the people kind of networking) in those conference and community.  
  • MontagueVandervortMontagueVandervort Senior Member Member Posts: 399 ■■■■■□□□□□
    stefk said:
    Thanks a lot for your suggestion, I thought about getting a degree for quite a while but I'm unsure as to what degree I should go for... I don't see much value in getting a general IT or computer science degree because I already have a good knowledge of the fundamentals.

    You are missing something very, very crucial here.

    stefk said:
    I have done my A+ exam and just passed the Security+, considering my ideal career path would be penetration tester-->Security Architect (hopefully), I was wondering which exam you would suggest to go for, as I know there are lots out there and I wouldn't want to get multiple certs that are on the same level (like gsec and security+).

    If you're going into Security, you'll need a firm understanding of networks, network processes, and data traversal within/amongst networks.

    I would highly suggest you study Network+ material (even if you don't test it out) before you go for anything else on that list.
  • stefkstefk Member Posts: 8 ■■□□□□□□□□
    I always thought about getting a degree but I am working full time and I'm not sure I would have enough timetto study... My girlfriend suggested an online degree, what do you guys think?
  • MontagueVandervortMontagueVandervort Senior Member Member Posts: 399 ■■■■■□□□□□
    stefk said:
    I always thought about getting a degree but I am working full time and I'm not sure I would have enough timetto study... My girlfriend suggested an online degree, what do you guys think?

    If this is something you want to really do then go for it. Just be sure the school is reputable.

    As for having enough time to study, that's all in the scheduling of your time. Full time job only takes at most 11 hours a day (including a 1.5 hr commute). That leaves 13 hours a day to still work with. That is more than enough time to study.
  • NetworkNewbNetworkNewb Member Posts: 3,290 ■■■■■■■■■□
    edited February 2019
    stefk said:
    I always thought about getting a degree but I am working full time and I'm not sure I would have enough timetto study... My girlfriend suggested an online degree, what do you guys think?

    Unless you have 2 full time jobs you should have enough time imo.   I finished my degree while working (although I was only working about 25-30 hours a week and not full time)
  • bub9001bub9001 Member Posts: 229 ■■■□□□□□□□
    I am planning on doing all the CEH video's on Pluralsight but not taking the exam, then moving on to CompTIA Pentest+. I am waiting to see if my SANS training will be approved by my employer. If it doesn't get approved this year, at least I am moving in the general direction.

    I don't agree the the CEH is completely useless, but for the cost of the cert it's hard to want to spend that amount of money on a cert that may not hold the weight it use to hold. 

    On the college ed, I did my B.S. thought WGU while working a full time job and many of may co-workers have done the same thing. WGU has B.S. and Masters degree in IT fields that are worth your time and effort. I plan to do my Masters down the road sometime in the near future. More than likely in the InfoSEC side. Brick and mortar for IT degrees aren't what they are cracked up to be now days. I work around a lot of IT people that spent 5 years going to classes that could have had it done in 2-3 years tops via WGU. Most major university's offer online classes along with full degree options via online coverage of the field. Really no reason anymore not get your B.S. If you every go and look at jobs else where you're going to be competing against other IT professionals that have the B.S. and you'll want to have it just in case. 

    hope this helps, thanks


    “You were born to win, but to be a winner you must plan to win, prepare to win, and expect to win.” - Zig Ziglar

    Goals for 2019: CEH, and CND
    Goals for 2019: CCNA or ECSA
  • stefkstefk Member Posts: 8 ■■□□□□□□□□
    edited February 2019
    Thanks for all the useful suggestions guys!
    I think I will definetely for for a bachelors although I might need to wait a year or so to be more financially stable.
    I'm the meantime I'm doing a couple of certs from eLearn just so I don't get rusty and I will do network+ as well before starting studying for my degree.
    I'm still not sure how to determine which online unis are reputable. 

    What degree would you suggest? I was thinking about computer science or IT but I'd rather get something more specific to infosec. 

    Also I probably can't go for the Uni you have suggested as I live in Australia.
  • NetworkNewbNetworkNewb Member Posts: 3,290 ■■■■■■■■■□
    Just don't underestimate what networking with others and joining local groups in your area can do for you.   I'd argue it can matter more than getting certs.
  • stefkstefk Member Posts: 8 ■■□□□□□□□□
    How would you suggest to go about that? Meetup or something like that?
  • NetworkNewbNetworkNewb Member Posts: 3,290 ■■■■■■■■■□
    Yep, Meetup is a great place to start
Sign In or Register to comment.