CEH vs eJPT vs Pentest+ for a (relatively) newcomer to pentesting?
srothman
Member Posts: 82 ■■■■□□□□□□
I'm looking to include some dedicated effort to honing my skill as a pen tester while carrying on with the rest of my studies. At the moment I am heavily invested in Cloud Security, specifically on the governance and compliance side of things, with a big focus on cloud infrastructure security, but I'm keen to take this up to add some variety. You know what they say, spice of life and all that.
In any case, I've been looking at these certifications, and the related coursework and material, and hoping to hear some opinions on which would be a softer landing for a "hobbyist" breaking into penetration testing?
TIA
In any case, I've been looking at these certifications, and the related coursework and material, and hoping to hear some opinions on which would be a softer landing for a "hobbyist" breaking into penetration testing?
TIA
Comments
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□The best way to hone your skills is through hands on practice. The eJPT bundle comes with coursework, labs, and a practical lab based certification. The eJPT would be my pick out of the three you listed.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
PC509 Member Posts: 804 ■■■■■■□□□□I've only taken the CEH and eJPT. It's a hard choice. For knowledge and skill learning, the eJPT all the way. You get the knowledge, the labs, the hands on, the final you're actually doing the work and breaking into boxes. It's excellent. It just lacks the HR recognition. For a resume perspective, the CEH will have more pull. It's just more expensive and I really didn't think it was that great of a certification (even worse when you go for the overall value with the cost).
-
yoba222 Member Posts: 1,237 ■■■■■■■■□□If this is just to gain knowledge and if you're the one paying for it, definitely eJPT.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
srothman Member Posts: 82 ■■■■□□□□□□Thanks for the feedback. @iBrokeIT and @PC509, you touched on a very important aspect. While I get that "self-learning" is the way to go for most all things nowadays, having a more guided experience, at least initially, makes a lot of sense to me, and having a structured approach through the eJPT would probably yield more benefit in the short term.
@yoba222 , I will be paying for this myself, so thanks for highlighting this. I figured if I take to it, and I am able to add value in my current role, I'll get my employer to consider funding some of the later courses.
-
JDMurray Admin Posts: 13,090 AdminFor real-world pentesting practice, join a few bug bounty programs and perform vuln assessments for real.
-
LonerVamp Member Posts: 518 ■■■■■■■■□□For just gaining knowledge, as mentioned before look at that eJPT. I will always suggest a slightly more lab-driven and hands-on approach to learning when it's compatible with the student. Many are looking for certs to fuel job hunting success. But for real learning, it's all about hands-on or creating opportunities to put learning into practice!If you already feel comfortable with general tools, attacks, and infosec jargon as you may come across on infosec twitter or blogs or forums, skip the CEH.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
srothman Member Posts: 82 ■■■■□□□□□□I've registered there, thanks. Busy looking at the activities and what's available. For someone like me, though, that's like saying "You want to be a pilot? Just go hop into that plane over there and start flying". I really do need the theory-based primer, so will likely start with the eJPT, at least to give me that inch-deep mile wide view.
-
dmaketas Member Posts: 21 ■■■□□□□□□□Personally I did the eJPT as a good starting point mostly for my own personal development and initiation. On the other hand I'm based in Europe, so I don't have to deal with CEH and DOD approved certifications or my work activities are such that I have to perform pen test. As such my vote goes to eJPT and once you are done I recommend Practical ethical hacking by Heath Adams, which I am doing at the moment.
-
srothman Member Posts: 82 ■■■■□□□□□□dmaketas said:Personally I did the eJPT as a good starting point mostly for my own personal development and initiation. On the other hand I'm based in Europe, so I don't have to deal with CEH and DOD approved certifications or my work activities are such that I have to perform pen test. As such my vote goes to eJPT and once you are done I recommend Practical ethical hacking by Heath Adams, which I am doing at the moment.