CEH Worth it after Sec+?

globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
So I recently got the Security+ certification, and I'm trying to decide which cert to go for before starting grad school. I was looking at CEH as a candidate, but now I'm wondering if it's going to be too similar to Sec+. Should I study for the CEH exam, or would I be better off jumping in to something like Red Hat? The transition to v9 of the CEH exam seems to have been fairly messy, and I can't deny that it's made me a little nervous.

My short-term goal is to move from my current position into information security, doing something like penetration testing. I've expressed interest with my employer and things seem to be working that direction, but I want to make myself more useful. Would CEH help me with that, or am I better off just focusing on some programming courses or something else?

Comments

  • OctalDumpOctalDump Member Posts: 1,722
    CEH is worthwhile after Security+. It is much more focussed on pen testing type knowledge, eg attack types, vulnerability scanning, testing tools, methodology.

    It's a good starting place for Incident Handling, Penetration Testing, Analyst, even network defence type roles. By itself it won't turn you into an ethical hacker, but it covers a lot of necessary knowledge.

    There are v9 guides coming, and the official courseware is already available.

    The other areas to explore in the short term if you are interested in pen testing are Python (or any programming), Linux and the eLearnSecurity Penetration Testing Student course and associated eJPT certification.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • chrsnldechrsnlde Member Posts: 10 ■□□□□□□□□□
    My employer has a Security Analyst position available that I'm applying for, but they are looking for someone with a CEH. The position has been open to the public for about 2 months now and we've gotten 20+ applications, none had CEH, but most had Security+. So far we haven't hired anyone. I'm now going for my CEH in hopes of getting the position. I'm located on the west cost in the US.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    CEH is good for HR & hiring managers who don't know much about infosec. You can do better than CEH depending on your budget and technical background. GIAC GPEN, OSCP, some people here recommend eCPPT - these are all better options in terms of real life skills, but very few hiring managers have any idea what any of those actually are.
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
    What's the study timeframe for the C|EH?

    Also, would you suggest someone have more networking knowledge than Net+ or would that be sufficient?

    Any other suggestions?
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    CEH is definitely worthwhile, as it will get you past HR filters. It will also give you a foundation to build on to eventually become a penetration tester.
  • JustFredJustFred Member Posts: 678 ■■■□□□□□□□
    It's also expensive as hell and I'm not even sure how they get away with it.
    [h=2]"After a time, you may find that having is not so pleasing a thing, after all, as wanting. It is not logical, but it is often true." Spock[/h]
  • OctalDumpOctalDump Member Posts: 1,722
    JustFred wrote: »
    It's also expensive as hell and I'm not even sure how they get away with it.

    I got mine reduced cost as part of another course I was doing, and free exam voucher. :/

    CASP is $414, and probably $100 for books. CEH is $500 for the exam + $100 for application fee, books are probably about the same as CASP. GIAC is much more expensive (as we all know), (ISC)2 is cheaper. OSCP is more expensive, eCPPT is more. eJPT is about $300. So, maybe expensive but not outrageously expensive.

    Yes, the official courseware is quite expensive, and a course can be very expensive, but that's true of most courses.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • tmurphy3100tmurphy3100 Member Posts: 154 ■■■□□□□□□□
    OctalDump wrote: »
    CEH is worthwhile after Security+. It is much more focussed on pen testing type knowledge, eg attack types, vulnerability scanning, testing tools, methodology.

    It's a good starting place for Incident Handling, Penetration Testing, Analyst, even network defence type roles. By itself it won't turn you into an ethical hacker, but it covers a lot of necessary knowledge.

    There are v9 guides coming, and the official courseware is already available.

    The other areas to explore in the short term if you are interested in pen testing are Python (or any programming), Linux and the eLearnSecurity Penetration Testing Student course and associated eJPT certification.


    That eJPT seems like an awesome deal. Not sure If I should squeeze it out because I am in the middle of my WGU MSCIA program and will have to take the CEH soon...
    2020 Goals: CCNA R&S, Cysa+, AZ103, Linux+, Pentest+
  • OctalDumpOctalDump Member Posts: 1,722
    That eJPT seems like an awesome deal. Not sure If I should squeeze it out because I am in the middle of my WGU MSCIA program and will have to take the CEH soon...

    I think the eJPT is currently 20% off. It's self paced and has "lifetime" access to the courseware, 30 hours lab access, and and 1 free resit on the exam. So, it might be worth buying now even if you don't complete for several months.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • tmurphy3100tmurphy3100 Member Posts: 154 ■■■□□□□□□□
    So is it 20% off the 299, or 299 is already 20% off?

    **never mind, the Home page has the coupon. Thanks!
    2020 Goals: CCNA R&S, Cysa+, AZ103, Linux+, Pentest+
  • globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
    Thanks for the replies everyone. I think I'll go ahead and focus on it for now, to keep the information fresh after Security+. Does 2 months sound like a realistic target, or would it require less time if I'm just coming off of the Security+ info?

    As a side note, I have started to work on programming some. I started with Python for about 2 weeks, then had an opportunity to dive into PHP for a project at work. It's been rough since I've never taken a programming course in my life. I started the open Java course through University Helsinki based on a few recommendations and I've been chipping away at that. I've got Kali Linux running on a VM and an old netbook, and a SamuraiWTF VM as well, though the hardest part of either has just been learning Linux commands as I go.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    I've got Kali Linux running on a VM and an old netbook, and a SamuraiWTF VM as well, though the hardest part of either has just been learning Linux commands as I go.

    Sorry off topic.
    I've never heard of SamuraiWTF. Does it provide something that Kali doesn't?
  • virtualizationGvirtualizationG Member Posts: 19 ■■□□□□□□□□
    Good morning,
    After taking the security+ I sat for the CEH myself. 100% worth it both for educational and career options it opens up. After passing the CEH I got the books and prepared for the CHFI, CCSK and ISC2 SSCP for about two weeks each. I now hold all those certifications and I'm currently rocking on CISSP and CCSP in the coming weeks.

    My theory has always been simple, never become a silo in an industry that thrighs on diversity. Just my opinion.
  • evopilotevopilot Member Posts: 16 ■□□□□□□□□□
    been thinking of CEH after eJPT still unsure tho
Sign In or Register to comment.