powerfool wrote: »
I have to agree with the CEH being worthless. I went to a class for it because I thought the labs would be fun and interesting, but I was sadly disappointed when we were running attacks against unpatched Windows 2000 systems.The one thing that I think folks should consider when trying to be rounded in security is how well they understand, and can validate with certifications, the components for which they are securing. For instance, if you are working to secure a Windows network, you need a solid foundations in Windows... you need to know Active Directory, Group Policy, NTFS permissions, etc. If you are securing a network infrastructure, you need to understand routing and switching fundamentals.A lot of folks are pushing security as a separate field and I just perceive that as naive. To be more thoughtful of security and to have it as a part of enterprise culture, it has to be integrated. Security, as a career focus, should be a progression. Become a network or systems admin, move into engineering work. Centripetally focus on security along the way. Gain maturity and respect and make sure you understand business requirements and processes. I can't imagine someone thinking, when they develop an infrastructure, that security shouldn't be a consideration.Is there an area of focus you have in mind for your security endeavors? If so, get down to the fundamentals of it.
klhatchett wrote: »
I am actually currently a Information Security and Assurance student and I know that the Security+ certification is helpful, and I was actually thinking about trying to receive the CEH certification but based on the information you all have given I wont waste my money or time on it, unless I plan on working for the government or find a company that will pay for the test