CEH self study - appropriate experience?

RichAsskikr

Hey there,

I am currently self-studying for the CEH, as a potential first step towards a career in InfoSec. But I am slightly concerned regarding this "two years of information security related work experience" requirement.

I have worked in IT now for the past 7 years, with the past few years as a network engineer and now as IT Admin. I have performed all the usual activities that these roles generally include, such as configuring various network infrastructure devices inc. firewalls, network/host security solutions (e.g. anti-virus, proxy servers, etc), securing mobile devices, maintaining regular backups, etc. I also hold MCSE: Security and CCNA: Security.

This may be a completely stupid question, but is this enough...or do they expect you to have held a security analyst position for the past few years?

Any help/clarification would be greatly appreciated

JDMurray

You should contact the EC-Council directly to get the official answer as to your eligibility. The topic of your question is "Exam Eligibility Question."

jvrlopez

Contact them to be sure, but in my opinion, that should suffice.

After their recent defacement, I believe they're trying to be more thorough to save face...it took my CCNA 8 hours to grant me CPEs for my CEH, but its taken a week for my CISSP to update.

JDMurray

Cisco may very well employe more people in their Training/Education department than EC-Council does in their entire organization.

jvrlopez

Sorry, I should have made it a little bit more clear.

It took my CCNA pass 8 hours to update for my CPEs for EC Council back in October, but my CISSP pass last week has taken over a week to update.

JDMurray

Cisco probably also employes more people in their Training/Education department than the (ISC)2 does in their entire organization too. Most independant certification vendors are actually very small shops regardless of how popular their certifications are.

RichAsskikr

I agree, you are probably right, regarding getting the info straight from the source.

I'll give them a shout, and see what they say. Either way, i'll post back on here!

RichAsskikr

Ok, so I posed the question to EC-Council via the support page (Thanks for the link, JDMurray!).

They asked for a detailed copy of my resume which I provided yesterday. They have just come back to me now with the kinda generic response of..


"Hi Richard,

You can apply for CEH exam under self-study mode. You need to get your current or ex-employer who can confirm your 2 years of work experience in Infosec field

Please visit the below link for information related to Eligibility process

Application Process Eligibility

Thank you"


I am going to assume that my experience was sufficient then. Good times

JDMurray

RichAsskikr wrote: »

Application Process Eligibility

This is actually a very good page. The plan that EC-Council has mapped out to just to get a CEH exam voucher is confusing at best. This link shows that people who buy the official course in its various forms (instructor-led training (ILT), computer-based training (CBT), online live training, or academic learning) automatically qualify for a CEH exam voucher, while people that do pure self-study must provide proof of previous InfoSec experience (2+ years) as part of their qualifications to be allowed to purchase an exam voucher.

Most IT security cert vendors will let you take their exam(s) now and accumulate the required professional experience later, but the ECC wants their exam candidates to have that experience before they sit for their exams.

RichAsskikr

Yeah, I had already seen that page (and others) mentioning the criteria regarding self-study.

To be honest, its a bit of a joke. Forking out £2k for a one week course, does not equal 2 years of InfoSec experience in my opinion. I dont care how good the instructor is, or how informative the courseware is!

Maybe I'm just being stupid, but "2 years of previous InfoSec experience" is alittle vague to me. As I said before, do they consider the general sec duties of a SysAdmin as appropriate, or do they expect specific InfoSec experience (i.e. working as a Sec Analyst). Either way though, I asked the question, and got the answer....sort of.

To be honest, my main concern really, is that I am doing this all self-study (and self-funded!). And so, as much as I am really enjoying the subject matter, I didnt want to be paying $100 for an Exam Eligibility Form, if I had no chance of getting it approved. Specially when I am planning on going onto further certs afterwards!

RichAsskikr

Just wanted to close the loop on this, so to speak.

I did the exam this afternoon.....and passed with a 92%!!

Have to admit, halfway through the exam, I thought I was going to be lucky to get the required 70%.
Some questions I werent sure about, and others came from nowhere!

But, absolutely chuffed with the result.....now, onto the SSCP!

JoJoCal19

Congrats and great score!

cyberguypr

Congrats!