CEH worthwhile?

suicideducky

Hello all, this is my 1st post on TechExams. Although I have been reading through it for a few months or so.

Ok well I'm currently planning to take a CEH bootcamp style course, where for 5 days some instuructor guides me through the courseware, before taking said course though I am doing some self study at home from books and the great teacher of the internet, google.

I have choosen to take the bootcamp style course as I do not have the two years InfoSec experience required for self study, and my dad offered to pay for it xD


Basically I would like to know is the CEH course all that worthwhile as a whole?
after reading articles like this:
http://blogs.ittoolbox.com/security/investigator/archives/run-away-from-the-ceh-certification-9639
I am somewhat put off.

So if anyone who is CEH certified, has taken the course, or just has any experience/info about CEH i'd be glad to hear your opinion xD

Thanks again,
Chris Hall.

[EDIT]
the actual course I will be taken is this:
https://www.auldhouse.co.nz/content/202FCFB2-2BC9-4462-B795-E3E21A2E24BD.html?course=COUR2007040411082807010039

keatron

I think negative remarks will be made about any certification. I remember reading this article a few times (seems like 2 or more years ago). Most of it is flat out not true (at least not today). CEH certification remains a good introduction into penetration testing. And how good of an experience you have is highly dependent on the quality of the instructor, training program, etc.

suicideducky

Thanks keatron, I did notice that the article was somewhat dated.
After posting I decided to email the instructor for the course.
Although after looking at this profile on auldhouse (prometric training provider) I didn't see CEH listed as one of his current certs.

Thanks again,
Chris Hall.

silentc1015

suicideducky wrote:

Hello all, this is my 1st post on TechExams. Although I have been reading through it for a few months or so.

Ok well I'm currently planning to take a CEH bootcamp style course, where for 5 days some instuructor guides me through the courseware, before taking said course though I am doing some self study at home from books and the great teacher of the internet, google.

I have choosen to take the bootcamp style course as I do not have the two years InfoSec experience required for self study, and my dad offered to pay for it xD


Basically I would like to know is the CEH course all that worthwhile as a whole?
after reading articles like this:
http://blogs.ittoolbox.com/security/investigator/archives/run-away-from-the-ceh-certification-9639
I am somewhat put off.

So if anyone who is CEH certified, has taken the course, or just has any experience/info about CEH i'd be glad to hear your opinion xD

Thanks again,
Chris Hall.

[EDIT]
the actual course I will be taken is this:
https://www.auldhouse.co.nz/content/202FCFB2-2BC9-4462-B795-E3E21A2E24BD.html?course=COUR2007040411082807010039

Studying for it gave me a lot of knowledge, not to mention it was incredibly fun, but no employer I've dealt with has cared about it or even known what it was. I consider it worthwhile to have gotten, but it hasn't earned me any points w/ recruiters, managers, or HR departments.

suicideducky

silentc1015 wrote:

Studying for it gave me a lot of knowledge, not to mention it was incredibly fun, but no employer I've dealt with has cared about it or even known what it was. I consider it worthwhile to have gotten, but it hasn't earned me any points w/ recruiters, managers, or HR departments.

Well I live in new zealand and I highly doubt that more that many, if any, employers know what it is.

CEH and security+ are the only infosec related courses offered in my local area, CEH being introduced within the last couple of years of so.

I'm not concered to much with the affect CEH will have on my CV, as I currently am employed as an 'assistant IT manager' working for my dad during the holidays < big clue as to my age right there.

I plan to 'double dip' in the CEH courseware, I'm working my way through "The CEH Prep Guide" and after plan to skim read through the exam prep guide (time permitted) just to make sure I soak up as much information before I take the actual course itself.

Thanks again,
Chris Hall

keatron

This is the one thing people have to understand about CEH, and most other security related certifications. Most companies don't really care about them UNLESS, that company is in the business of doing penetration testing, security assessments/audits, or some kind of security or vulnerability research. (as mine does). Most companies that are looking for IT talent rarely if ever look for true security talent. Often times you have your typical sys admin or IT director who has convinced his/her employer that they already know everything about security. Trust me, we run into this ALL THE TIME when there has been a breach of some sort, and nobody on staff hasn't the slightest clue as to where to start, yeah they might have policies, and maybe even taken a few classes and gained some certs, but this is stuff you have to be doing everyday to truly become efficient and effective at it. Will CEH alone make you more valuable? Not much, but if you gain the CEH curriculum knowledge, then practice and fine tune those skills, your value can increase exponentially. Having the CEH tells me (as an employer) you know the general concept of what pentesting and white hat hacking involves, that gets you to my conference room for an interview. Then the interview will tell me just how deep your "rabbit hole" goes.

Keatron.

Ahriakin

The value of a cert is in the knowledge it gives you, even if it's not directly related to your career choice. Personally I want to do the CEH to enhance and compliment my IDS/IPS knowledge as pure pen-testing is not on my radar....and well....it just looks cool (I am the guy that told my boss I wanted to build a honeypot subnet just so I could proclaim myself "Supreme Overlord of the Darknet" )

joelpietersen

personally i think it would really be worthwhile.

zen master

I'd suggest the CISSP if you have enough years under your belt. I do however think that this is more 'real world' useful than Security+ which is the only other option for someone at entry level. So, yes, it can be worthwhile, but there is a better, more respected option if you've got years under your belt and Security+ counts towards your MCSA whereas CEH does not.

dynamik

It depends on what you want to do. If you want to do pen testing, you'd be better off going with the SSCP, CEH, OSCP, GPEN, etc.

JDMurray

dynamik wrote: »

If you want to do pen testing, you'd be better off going with the SSCP, CEH, OSCP, GPEN, etc.

This is also true if you are a software engineer who wants to develop the kinds of tools found on these certs. Here in SoCal, we have lots of these security tools companies (e.g., Foundstone, NT OBJECTives, eEye Digital Security, Rapid7, Symantec, McAfee) that would look with interest at resumes with pen testing certs.