Would you put the CEH cert on your resume?

Been reading some related info and how HR could perceive it as a bad thing. If I can't add the cert to my resume without fear of not being considered for a job, there's no use in even attempting the certification. I'm 3/4 of the way done with studying too.

Anyone have thoughts on this?

Find more posts tagged with

Comments

Webmaster

CEH is my wishlist (SSCP or CISSP first) so yeah, I have some thoughts on this.

LostInSpace wrote:

Would you put the CEH cert on your resume?

Most definitely! Hack, I'd put it on my business cards, T-shirts and baseball caps. If the logo looks cool, I might even get a tattoo

Seriously though, any HR dep who considers the CEH cert as something 'bad' (which is pretty offensive) doesn't even deserve to have you as an employee.

Been reading some related info and how HR could perceive it as a bad thing.

Where did you read that?

Certified is a good word.
Ethical is a great word.
Hacker was good but became bad, but that's why they use 'ethical' as a prefix. Ethical hacking is a term, it is a job, a highly respectable job... I'd prefer it over Penetration Testing...

Because it is not as widely recognized as MS and Cisco certs for example, you might want to add a short description to the resume, and perhaps even a link to the EC-council's Code of Ethics.

If your resume is read by someone who is interested in hiring your skills (cause that's what you need to pass the exam right? skills.) for a security related job, they will surely recognize the CEH title as something 'good'. Again any employer who doesn't, doesn't deserve to have you as an employee and quite frankly I would want to work there in the first place. At least not until a CISSP or a system admin with Sec+ created some awareness.

LostInSpace wrote:

I'm 3/4 of the way done with studying too.

What's your opinion on the material so far?

/usr

I read it on various message boards, nothing too official, just some opinions.

I have mixed feelings on the material. It is mainly composed of tools which are used to hack. I see the upside of this, learning the tools which people use to gain access to your network, and learning to use those tools to your benefit. I wish that the material was more technical, however. Very rarely is an in depth explanation given as to how a certain exploit or technique works. They basically give you just enough information. The material I'm wishing for is beyond the scope of the book though. The thing is, I'm afraid that the tools I'm learning will be outdated much faster than the techniques.

garv221

I am curious to this subject also. I think its a cool cert but really know nothing other than what I have heard. So hows the studying going?

/usr

Pretty good...I just ordered the practice test from Boson.

So far I'm very disappointed, as I can't even download the test due to constant time-outs. Every other time I try to login I'm denied as well.

Webmaster

LostInSpace wrote:

They basically give you just enough information. The material I'm wishing for is beyond the scope of the book though. The thing is, I'm afraid that the tools I'm learning will be outdated much faster than the techniques.

I've read some comments about the material (including reviews at amazon.com) and read that a couple of times before. A lot of the tools on the exam objectives list, and even the techniques, are outdated already. But outdated doesn't mean it's not relevant anymore. It would be irrelevant if all sys and net admins would update all their systems frequently, fixing all the known holes.

Based on what I've heard and read so far, I do respect the cert. Having said that, I think it's more like 'certified script kiddie', with the difference that you will know what a 'script' actually does. To hack and crack the latest systems, you will need to be able to code your own tools, and before you can write good tools you'd have to know 'everything' about the system(s) you are attacking and even more importantly: networking (protocols in particular).

Nobody will expect you to make a system entirely secure (which is assumed to be impossible anyway), instead, you'll have to make it so secure that the attacker will move on to an easier target (because he found out that 'the tools' don't work on your systems).

I wish that the material was more technical, however. Very rarely is an in depth explanation given as to how a certain exploit or technique works.

If you really want to dig deeper into certain attacks and exploits you should download the tools (after which the attacks are often named), in many cases that would be the source code...

Isn't the exam recently updated/new version?

/usr

The tools come on the cd with the kit.

I realize what you're saying, and I honestly hope no one believes they are close to being a hacker after getting this cert. It's just an introduction really. It actually get's into some detail about what the tools exploit and how they work, but not that much.
This is a good cert to obtain general knowledge. A really good book, which I plan to finish as soon as I'm done with this cert, is Hacking: The Art of Exploitation. It goes into about as much detail as you could want on stack and heap overflows, as well as having a section on networking and cryptography. The entire book is programming. It guides you through the program, letting you try it, so you can actually see the exploit working. It's a great piece of work on the subject matter.

Webmaster

LostInSpace wrote:

The tools come on the cd with the kit.

ah yes, of course. But are the .c versions included? I assumed to kit contains only the compiled versions.

A really good book, which I plan to finish as soon as I'm done with this cert, is Hacking: The Art of Exploitation.

I read two chapters online I found through google, and I too liked it a lot. I actually read somewhere that it fills a lot of gaps for the CEH exam.

sysgate

Most HRs only know CISSP instead of CEH. Remember how to do HEX converstion will help passing the EXAM.