CEH vs eJPT vs Pentest+ for a (relatively) newcomer to pentesting?
srothman
Member Posts: 50 ■■■□□□□□□□
I'm looking to include some dedicated effort to honing my skill as a pen tester while carrying on with the rest of my studies. At the moment I am heavily invested in Cloud Security, specifically on the governance and compliance side of things, with a big focus on cloud infrastructure security, but I'm keen to take this up to add some variety. You know what they say, spice of life and all that.
In any case, I've been looking at these certifications, and the related coursework and material, and hoping to hear some opinions on which would be a softer landing for a "hobbyist" breaking into penetration testing?
TIA
In any case, I've been looking at these certifications, and the related coursework and material, and hoping to hear some opinions on which would be a softer landing for a "hobbyist" breaking into penetration testing?
TIA
Comments
-
iBrokeIT
GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,303 ■■■■■■■■■□
The best way to hone your skills is through hands on practice. The eJPT bundle comes with coursework, labs, and a practical lab based certification. The eJPT would be my pick out of the three you listed.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA | eCPPT | eWPT | eCTHP
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security -
PC509
CISSP, CEH, CCNA: Security/CyberOps, Sec+, CHFI, A+, Proj+, Server+, MCITP Win7, Vista, MCP Server 2 Oregon, USMember Posts: 801 ■■■■■■□□□□
I've only taken the CEH and eJPT. It's a hard choice. For knowledge and skill learning, the eJPT all the way. You get the knowledge, the labs, the hands on, the final you're actually doing the work and breaking into boxes. It's excellent. It just lacks the HR recognition. For a resume perspective, the CEH will have more pull. It's just more expensive and I really didn't think it was that great of a certification (even worse when you go for the overall value with the cost).
-
yoba222
Senior Member Member Posts: 1,206 ■■■■■■■■□□
If this is just to gain knowledge and if you're the one paying for it, definitely eJPT.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
srothman
Member Posts: 50 ■■■□□□□□□□
Thanks for the feedback. @iBrokeIT and @PC509, you touched on a very important aspect. While I get that "self-learning" is the way to go for most all things nowadays, having a more guided experience, at least initially, makes a lot of sense to me, and having a structured approach through the eJPT would probably yield more benefit in the short term.
@yoba222 , I will be paying for this myself, so thanks for highlighting this. I figured if I take to it, and I am able to add value in my current role, I'll get my employer to consider funding some of the later courses.
-
JDMurray
MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,939 Admin
For real-world pentesting practice, join a few bug bounty programs and perform vuln assessments for real.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
LonerVamp
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 515 ■■■■■■■■□□
For just gaining knowledge, as mentioned before look at that eJPT. I will always suggest a slightly more lab-driven and hands-on approach to learning when it's compatible with the student. Many are looking for certs to fuel job hunting success. But for real learning, it's all about hands-on or creating opportunities to put learning into practice!If you already feel comfortable with general tools, attacks, and infosec jargon as you may come across on infosec twitter or blogs or forums, skip the CEH.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP? -
srothman
Member Posts: 50 ■■■□□□□□□□
I've registered there, thanks. Busy looking at the activities and what's available. For someone like me, though, that's like saying "You want to be a pilot? Just go hop into that plane over there and start flying". I really do need the theory-based primer, so will likely start with the eJPT, at least to give me that inch-deep mile wide view.
-
dmaketas
Member Posts: 13 ■■■□□□□□□□
Personally I did the eJPT as a good starting point mostly for my own personal development and initiation. On the other hand I'm based in Europe, so I don't have to deal with CEH and DOD approved certifications or my work activities are such that I have to perform pen test. As such my vote goes to eJPT and once you are done I recommend Practical ethical hacking by Heath Adams, which I am doing at the moment.
-
srothman
Member Posts: 50 ■■■□□□□□□□
I had to return to give you kudos on recommending the course by Heath Adams. It's different to any of the other courses I've watched, and one of the best in terms of both content and quality I've ever come across on Udemy. Thanks for the nudge! I've watched only a few vids in the course, but it's really one I'll be returning to a few times.dmaketas said:Personally I did the eJPT as a good starting point mostly for my own personal development and initiation. On the other hand I'm based in Europe, so I don't have to deal with CEH and DOD approved certifications or my work activities are such that I have to perform pen test. As such my vote goes to eJPT and once you are done I recommend Practical ethical hacking by Heath Adams, which I am doing at the moment.