Passed the CEH

So, I took the CEH today and passed it in an hour with an 89% (after studying for all of a week). I have to say that I am actually disappointed with how the test went. Perhaps I got a lucky draw of questions, but it seemed like all it tested was my knowledge of the terms of the trade along with some basic usage of tools. Still, I can't complain too much, as the training and test were both paid for by the company.

My question is, where do I go from here? I have two years experience in logical access, along with two and a half years of desktop support and programming experience. I was thinking of taking the CHFI (I'd like to be a forensic investigator or incident handler), but if it is anything like the CEH, I'm not sure that it would be worth the time and expense. I've also been interested in hacking/pen testing for a long time, so I was looking at the OSCP, but I don't think I'm ready for that yet. Any ideas? Also, do you think it would be worth it to take the Sec+ as opposed to aiming for a higher level cert?

Find more posts tagged with

Comments

Whiteout

Here is an overdue congrats sir! What is your programming background in?

Wolvendeer

Thank you.

A little bit of everything. My favorite language is Tcl, but I've used AHK a lot for work, and I've done work in C#, VBA/S, C++, and probably a few other languages that I've never bothered to master. Thus far I've tended to be more of a jack of all trades than a master of one. Most of what I do is make and maintain various small software packages and scripts written in various languages for my team so that we can automate various portions of our work, although my boss is talking about implementing a larger software package soon and wanting to do some coding for it in house.

Whiteout

Ah, good stuff. I have never used either Tcl or AHK, mostly have just stayed in the C world. I am by no means an expert in security certs, but it seems a lot of people go for the CISSP as well. That might be one thing to check out.

CHeers.

JDMurray

Congratulations on your pass!

Other posts here on TE have indicated that the CHFI is similar to the CEH in form and function, but with a computer forensic content. You can search these threads for "CHFI" to get the straight poop from people that have taken the exam.

The Security+ is a good exam for people who are looking for an intro to Information Security. If you are already above the basic level, the SSCP and CASP are worth looking at. If you can quality right now for the full CISSP certification, you should go for that.

the_hutch

Wolvendeer wrote: »

it seemed like all it tested was my knowledge of the terms of the trade along with some basic usage of tools.

Sounds like a CEH test to me.

CHFI is a fun course, but still just a test of basic knowledge of the concepts. If you are wanting to go the PenTesting route, SecurityTube Python Scripting Expert and eCPPT are good options for getting prepared for OSCP.