Why is CISSP more value than CEH?

HLRS

i would like to know why CISSP seems to have more credibility than CEH ? they seem similar, sorry if its dumb question.

Iristheangel

The CEH covers pen testing for the most part and only requires 2 years of security experience while the CISSP covers the breadth of knowledge of 10 broad security domains, an endorsement by a CISSP in good standing, and requires 5 years of security experience in at least two different domains. I haven't taken the CEH yet so I can't speak for the difficulty of the exam, but the pass rate for it is significantly higher (93% per my 20 second google search) compared with the CISSP exam (70%). There's also the lengths that ISC2 goes to protect the integrity of the exam including intense audits of candidates/exams, constant retirement of exam questions, and the fact that they've successfully kept valid brain **** from getting out (so far).

emerald_octane

CEH is cool but the cirricula is just a hodgepodge of downloadable tools and exploits that can be used against systems. CISSP shows you how to plan your security posture but not detailed ways to prevent/conduct exploits (specifically) like CEH will. They compliment each other. A manager with a CISSP and CEH will be in good shape.

bryguy

To simplify, IMHO, the CISSP was all theory no practice (typical management) ... When you finish the CISSP, you'll know a little bit about everything. Enough that you can interface with the techies without appearing clueless and make management decisions based on that information. The CEH was was more practicial and geared specifically towards the pen-testing side of security. You'll learn, and practice SQL injection commands, you'll create buffer overflows in C, you'll practice the nmap switches, etc. Very hands on, tech oriented. I think what makes the CISSP so arduous, is the bredth of the material covered. Just my two cents from an IT guy who has taken both recently. Best of luck in your cert endeavors.

beads

Think of the C|EH as the "Tour of Tools" and the CISSP as the "Tour of Security Concepts". They are necessarily related but the CISSP is much more in demand than a pentesting cert that is fairly narrow in comparison.

- beads

tpatt100

Have you ever browsed EC-Council's web page? They fixed it up quite a bit but it was like the CWSP site that had so many broken links. EC-Council also had some issues with their official course material.

ptilsen

EC-Council is a joke, IMO. I won't get any of ECC certifications unless required by an employer. The organization appears to have little integrity and has been extremely unprofessional in what I've seen of their various practices.

OSCP and GPEN seem like more rigorous and serious certifications to explore than C|EH, which as stated is just a collection of tools. IMO even from a technical standpoint knowledge of networking, common systems, and programming are more valuable than C|EH. Tools are easy to learn, even as you use them. They have man pages for a reason. Technology is not as easy to learn, and you can do just about anything if you know the technology (again, systems, networking, programming).

CISSP is focused on good policy, which is equally important to and often necessary for good implementation of technology. Along with the good reputation of the cert and vendor and experience requirements, this is why it's so highly valued in the industry, for highly technical and barely-or-non-technical positions alike.

Rather than CEH, again, I would recommend pursuing OSCP, GPEN, SSCP, or even non-security foundation certs such as Net+, Linux+, CCNA, RHCSA, MCSA, and so on.

JDMurray

The certification provider the for CISSP has far more credibility in the InfoSec industry than the guys who produce the CEH.

loneferret

I would have to agree with JD...

Also depends on how you look at it. The term "more value" could be left to interpretation.

For example, CISSP makes it very easy (or easier) to get your resume passed HR hence upping your chances for an interview versus CEH.
CEH on the other hand may be more valuable for someone in the pentesting realm of InfoSec.

We could also look at it from from this angel "How valuable is it for me?". Does one take CISSP or CEH just to help get a job, or for the pleasure
of learning. For me every certification I took was based on "how much new stuff will I learn"... but that's me

I suppose we could compare difficulty between the two certifications. The preparation needed etc. But I'm firm believer that difficulty is relative,
and something easy for one can also be very difficult for someone else.

So any answer in my opinion would be subjective in nature.

My 2cents.. cash'em or drop'em

secben

I'm someone who has both certifications. They are not equal at all. CISSP is a very hard exam.

I studied for CISSP for about an year (well, you dont need to, but I did) and it helped me tremendously with my understanding of information security as a hole. That's why I think it has that much of recognition in the industry.

CEH on the other hand has mixed responses from people. Some simply discredit it and some does not. I think it's a cheaper certification than SANS and other certs. CEH is not for all the information security, it's mainly or pentesters and security analysts.

• If you want build a strong infosec career go or CISSP
• I you want to be a security analyst/pentester and get a start do CEH

beads

No doubt that the CISSP is a much more difficult exam in comparison to the C|EH. Like secben, I hold both. Took my C|EH at the end of the course and scored a bit better than average, at the time. There is absolutely no way you could even begin to think about sitting in a week long course and expect to pass the CISSP without serious months study time before. Even then I'd have a hard time thinking anyone would stand a reasonable chance of passing. Photographic memory wouldn't be of much help here as the exam is based on your ability to apply the knowledge rather than regurgitate command lines and identify concepts.

- beads

- beads