the_hutch wrote: »
Most likely not. For starters, it is very unlikely that you will start your IT career in security. And that is all CEH is...a security certification. You'd be better off working on A+ or Network+...starting in a helpdesk and working your way up. I'm not suggesting that you shouldn't go for it, if that's what you are interested in. But its not the best way to start if your goal is to get your foot in the door.
If an English/History/physiology/economist/MBA major can make the switch to a CISSP position with no security experience, so can you!
jdubb45 wrote: »
I agree with what afcyung has said.
Check this out:https://www.cool.navy.mil/ia_documents/ia_iat_flow.htmhttps://www.cool.navy.mil/ia_documents/ia_iam_flow.htmhttps://www.cool.navy.mil/ia_documents/ia_iasae_flow.htm
The government is not playing around they want real IT pros not paperpeople
afcyung wrote: »
Short answer: no. Long Answer: it depends on what you want to do. Do you want to get into pen testing? If so there are much better and more relevant certs like the OSCP. If you are trying to get into security the best place to start is Sec + or GSEC (if you can afford it). The CEH won't teach you how to pen test either, it covers tools and their functions, nothing more.
Which I wouldn't expect to continue as a norm. As academia develops Cyber Security degrees and the NSA continues to push its certified MSIA programs the corporate world is going to want people who actually are specialized to fill security positions. Not to mention the potential Federal Laws looming that are going to require certified cyber security specialists. It also depends on what they are doing. They may have an excellent understanding of quantitative risk analysis something a business/economic degree probably covers making it relevant. Sometimes a degree is just proof you were able to complete something over 4 years.
My opinion on the CEH/EC-Council. Its largely a cert you can skip. I am not saying it won't add value to you but there just seems to be better certs in every topic the CEH tries to cover. For general Pen Testing you have the OSCP and the other certs they offer like CTP. You have the GPEN and other SANS Certs that cover other areas of security like the GCIH. When I was preping for the CEH, often I was asking myself, "Ok....why did I just read that exploit about Windows NT?". Even though, someone, somewhere, is still probably using it, it felt largely irrelevant. I didn't feel I was learning anything new, and the new stuff I did learn felt irrelevant. Also the company EC-Council has been getting bad rep for some time. You can search and find posts on this site alone taking about problems they have had with the company. Ethics is important, especially if you a security certifying body, EC-Council seems to have difficulties. Others probably have a different view of the cert, and I hope they didnt feel like they wasted their time like I did.
The problem with security personnel who don't have a Sys/Network Admin background is, they lack an intrinsic understanding of what the network is actually doing, how it functions, and how certain "security practices" can break or impede the functionality of the network to a point of uselessness. Understanding of a GPO and objects in a windows domain is one, of many, critical aspects someone tasked with securing a network needs to know. I work with a few people who are like this and it makes my life painful, they don't speak the language of the job and they don't understand what I am trying to accomplish. Is having a CCNA necessary for breaking into security? Nope, but it will make you a better security professional than the guy without any network knowledge.
I will point you to the sticky in the security cert forum. Pay attention to Keatron's Post. http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html
laughing_man wrote: »
I think everyone will agree with me in saying the no cert by itself will "get" you a job. A cert helps to validate skills, check a box for an HR person and nothing more really. Sure you learn stuff, but nothing beats experience.
That said, going out and working to get a cert on your own shows initiative, so thats good. Do you work in IT in any capacity now? Say at a help desk or as a support tech? Security is a tough nut to crack as many InfoSec folks move from being sysadmins to working in Security. It pays to know how systems work before you start securing them.
I will speak for myself that I had 5 years experience as a desktop support guy, and then only 18 months as a sysadmin until I moved to Security. I lucked out, but then again, I work as a junior analyst, which is the bottom of the totem pole for our security department. But hey, no complaints from me as it garners good experience. But I also knew folks and that is how I got in.
So I find the key to nailing a good job in IT (security or otherwise) is experience first, who you know is a very close second if not tied, then certs/education. But having CEH won't hurt you.
HatemTommy wrote: »
you took the cream out of the crops
you really said what i felt inside me ..I'm just new here and new in IT life in general but was planning to get certified in A+, CCNA and Linux+ then will kick it in with the CEH
halaakajan wrote: »
CEH is a ethical hacking certificate. If i am the employer I will expect that you have mastered Windows OS and/or UNIX OS. You can only secure or make a report of something which you have mastered. Just an opinion
YFZblu wrote: »
Right, but by the time he works his way up and gets an interview with the security team, they'll expect him to have the security credentials to be considered. In my experience anyway..
I started with a large company on the business side, moved to the helpdesk and worked my way up. Eventually I applied for a position as a Security Analyst - The security team essentially asked me to get my GSEC and get back to them.
docrice wrote: »
"Doing security work" is not a button-pushing exercise. It's not simply banging commands on a keyboard