CEH or CHFI ??

prateek.vyas

Hi Friends

I have CISSP certification and now I am planning for next certification.

Can anyone suggest which one will be more relevant certification to pursue CEH or CHFI ?
I see many people giving CEH but very few going for CHFI. Does this mean that CHFI does not have much market value ?

Please advice.

Thanks.

Master Of Puppets

The answer depends on a lot of things. Generally, the CEH is more marketable than the CHFI but it does depend on your situation. What kind of work do you do?

prateek.vyas

I am Network Security Specialist in an IT firm. But I want to shift to Information Security field, for which they said CISSP is a good certification to have. So I studied my ass off and cleared CISSp. Now my dilemma is that most of the job opennings for CISSP ask for 8-9 years experience and I have only 4 + years of experience. So I feel like my certification is a waste. Hence I plan to pursue some other certification which guys with my experience have. And I see many people going for CEH but some say forensic is an upcoming field so I am totally LOST on which cert to opt next

Master Of Puppets

No worries, the CISSP can never be a waste. When you add CEH to it, you will definitely be landing interviews. CEH is nothing special really, most people in the industry don't have much respect for it. However, it can be good as an entry level cert. Also, it is highly valued by HR so it comes very handy when job hunting. If I had to choose, I would go with CEH.

If you are looking to get into the forensics field, I don't think the CHFI will do anything for you. It is another entry level cert that doesn't hold much weight when it comes to a job in forensics. This field is very specialized and requires a lot. I will not go into detail about suitable certification because there have been a lot of discussions on the forum. Do a quick search and read them - IMO, you will find a great amount of useful info.

Last but definitely not least - apply to those jobs. Forget what the requirements say and apply anyway. You may be pleasantly surprised by the result. Security pros are still in a shortage and those requirements are supposed to fit the ideal candidate. Submit your application and with your experience and certs, I am sure you will get invited to an interview. After that it depends on your skills. Good security pros with 8-10 years of experience don't grow on trees. Many people get hired for a job that is supposed to require X years of experience or a degree, for example.

We're here if you need to bounce your ideas off someone. There are a lot of knowledgeable people on this forum. Good luck!

Khaos1911

The more important question is what in InfoSec interests you? If you're interested in Pen testing, CEH is a good place to start because it introduces you to all the tools you would need to really get going in that field. If you're into forensics, those EnCase certs are highly valued and that vendor is well respected.

There are way more areas to get invovled in, such as installing and administering IPS, identity and access mgmt, Application security such as SAP or Oracle, Installing and administering the web filtering systems (BlueCoat, Websense, etc.) for these major companies, dealing with the Antivirus protection for all the hosts on the network, firewall management, E-Discovery, Encryption, the VPN solution/administration for the company... Man the list goes on and on, well outside of just things you can get certified in.