CEH Worth Doing?

Hey,

Guess I am half looking to get back into the cert game, so nervous more than anything else,

Debating if I should take the CEH or not. Noticed the version just jumped to version 9 and not sure if the training material has matured enough for me to work off of. And I remember finding the pre-tests to be more esoteric and just frustrating. But the boss just asked me why I never bothered to cert up, and now i feel obligated. Looking for a yes/no from this forum with some 9.x materials recommendations? How do CEH hacker courses online measure up these days?

--- Background ---
Certs all earned w/o cheats (proud of that!)
MCSE Security
Security+
CCNA Security
Cisco Firewall Specialist

Formal classes:
In Redhat Security, Kali Linux, Pen Testing, Nmap, Puppet Security, Python Secure Programming, Juniper Security classes and attended a handful of security confs.

Experience:
~5 years, 20+ projects including SOX, PCI and data gathering for formal investigations for LE.
OS hardning (patching, HIDS/HIPS, AV, FIM)
Security automation
Firewall and NIPS experience (snort , Juniper and cisco)
SIEM management, Application stack hardening, plenty of hours using Kali, NMAP and some closed source paid solutions

My job had me take informal CEH 7.0 and 8.0 classes over the years. But I really never had an urge to cert up because of sorta random nature of the cert. And I've never really seen any demand from employers. But if the boss is paying ... go/no go? Materials recommendation?

Find more posts tagged with

Comments

No_Nerd

I would do it just to check the box. I see you have Kali and NMAP listed up there so you might as well go get the CEH just my .02

TechGuru80

Is there a specific reason for CEH? If they are paying the official courseware is what I would opt for and that way you get labs. With your background I don't see it being much of an issue...although a GIAC certification might be better suited for you.

Daniel333

Yeah, it's a no brainer. Guess I am nervous about playing the pass/fail game again. I've failed sooo many cert to the tune of thousand$. I hate getting money from the boss only to fail. Even worse when it's your own.

Okay man up and schedule!

stephens316

No its not worth it Take a SANS Class more respected than EC-Council

TechGuru80

stephens316 wrote: »

No its not worth it Take a SANS Class more respected than EC-Council

You are working off the assumption his employer will pay $5,000 for the course...kinda funny to say it's not worth it when you have CEH in your future goals.

gncsmith

Good luck (yes, take the course if employer's paying for it) and let us know how you do!

chrisone

Yes CEH is worth it.

Anything is worth it, if it will help you get a better job and pay. Also the fact that CEH is non-lab, does not mean you will not learn anything. Besides, technically you should lab anything you learn regardless if the exam is lab oriented or not.

Then it is up to you how to use the knowledge from CEH in order to help you with another certification goal, such as a SANS, OSCP, elearn certification.

renacido

stephens316 wrote: »

No its not worth it Take a SANS Class more respected than EC-Council

Most of us do not have an employer with the budget or willingness to pay for SANS training/certs. For most of us outside of the defense and federal govt sectors, SANS and GIAC are not in our training budgets. Hell, I have a hard enough time getting my boss to set aside time for on-site training that was bundled with licensing. Enjoy the benefits of 8570 while you can...

Also, do a search for CEH and another for GPEN on job boards...CEH easily more recognized than GPEN/GCIA/GCIH...SANS has a better rep than EC-Council within the infosec community perhaps...but the certs mostly serve as SEO for your electronic resume. If it's a large SOC or maybe an MSP GIAC might give a slight advantage over CEH/ECSA/LPT, but the GIAC path costs double or triple what it costs to get LPT.

Most pentesters say the OSCP is the most valid of them all by far for their line of work.