CEH - Has it value ??
Dear all,
I would like your valuable opinion on this matter.
I'm in the security industry a couple of years as security engineer and I already hold the CISSP certification.
At the moment I'm trying to expand my knowledge on the infosec department and I'm thinking to start the CEH cer.
So my question is that do you think that it will be provide me any value?
I'm
not going to follow the area of PenTest which means to work for an
integrator that provide these kind of services. I prefer to stay in in
house on companies that accept this kind of services.
In addition i checked the CISM cer. but i believe is too much managerial for me.
Do you have any suggestions that could fulfill appropriately the CISSP ? what is your opinion on this matter?
BR
Comments
If not, then I would say it has no value at all. There are much better certs out there. Pentest+, eJPT, etc. that have more hands on. I have a really negative opinion on EC|Council themselves, but the CEH had to be one of the least valuable certs I've taken outside of my Vista certs from Microsoft.
I would honestly stay far away from the C|EH regardless and here's why:
- Most professionals have a negative view of the C|EH and know it's a joke. OSCP, PenTest+, etc... Are all more respected and half the cost or less.
- HR and non-technical managers may see it in positive light but the rest of us professionals know what it really is.
- ECC Council is an incredibly money grubbing and greedy organization. C|EH is by far one of the most expensive exams I've ever seen at $900 for a voucher it's absurdly overpriced. I have my CISSP and when I took it it was $699, which I thought was also insane but at least I can say it was worth it to hold the CISSP at my current company.
- The actual content and the reason most people see it as a joke. I actually went through a C|EH course when it was v8 and I was shocked how elementary it was. I came out of it not even wanting to take the exam because I felt that it was just all a review of stuff I already knew. Like have you logged into a Kali Linux machine before? Have you used Angry IP Scanner? Great, you're a C|EH...
As others have said there are way better options out there and I hate giving crappy companies money. I still see the C|EH frequently on 'top paying IT Security Certifications' and it really shocks me. Not sure how it's still there as most people in industry see it as a joke. I kind of wish ECC Council would just disappear.
If you believe that an absurdly over-priced certification from a vendor based in Pakistan will help you get a job or promotion then go for it.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I'll also add that they're the only certification organization I've come across that has a sales team. I called them many moons ago to inquire about a training package for the C|EH (long before I knew it was a scam cert). Some random salesperson still calls and leaves me voice messages from time to time. She will always leave something a long the lines of "lock in our XYZ sale price now". Something just really not right about a certification authority calling me and begging me to buy their training and get certified. If the certification is worth it's money, I will call you and seek out the certification in my own way.
I've not once ever got a call from CompTIA, Cisco, Amazon, VMware, etc...
- Requirement for current or future role
- Genuine interest in the content covered in the cert course material
- Looks nice on resume even when not required
- Satisfaction from hobby as a cert collector
The reasons above sum up my cert journey.
Edit: When I do a search, I see these mainly:
- Global Knowledge - (Cert training company)
- CIO magazine
- Robert Half
- PC Mag
So Global Knowledge is definitely disqualified since they sell cert training. The other three seem reputable right? But when I dig into each article, every one of them cites the Global Knowledge "survey." So I stand by my point. And if I beleived the trash data the Global Knowledge creates, I'd just get an ITIL Foundations cert, collect $129,402 per year, and be done it.Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
I also think it's a little disingenuous to keep telling people this cert will get them a job or that it's a necessary place to start. There are so many better places to start and go for a fraction of the cost of this certification and training. I think the eJPT is a fantastic certification for the money at $400 for the basic PTS package with a voucher to take the exam. Meanwhile EC-Council charges like $1600 for a full training package for the C|EH, a 'Core' certification.
I have some co-workers who were previous DoD and they have the C|EH. One of them doesn't even list it on his LinkedIn because he is ashamed of it -- LOL (he also has OSCP). The others, along with the technical managers also mostly think it's a joke.