Just passed CEH and eyeing Sec+. Suggestions?

tomatotuxtomatotux Member Posts: 23 ■□□□□□□□□□
Anyone know of a good prep material? Would I already have the requisite knowledge for this? Will Sarah leave Matt for Andy? Will Jimmy's evil twin set fire to the town outhouse? These questions and more, hopefully answered in the next post!

Comments

  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    What is your career goal/path? After CEH I would focus on intermediate level certs. I wouldn't waste my time on security+. Employers will only see your CEH and not really notice your security+ cert. It almost seems like a step backwards. There are other good certs from eccouncil CHFI: Hacking forensics investigator, LPT: Licensed Penetration tester, CSA: Ceritied security analyst. Security Training, IT Security, Security Certification, Security Courses, Security Analyst Training, Cert Training, Forensic Training, Information Security Training, Computer Security Training

    There are also SANS security certifications technical and management level. The GIAC Security Certification Roadmap

    ISC2 certifications general/management security. CCSP or CISSP. https://www.isc2.org/credentials/default.aspx

    Offensive security certs in pentesting. OSCP and OSCE. https://www.offensive-security.com/information-security-certifications/

    edit: forgot to add
    You can go the vendor route and go the cisco security track, palo alto security track, windows security track, etc. Your time is better spent on intermediate level and towards a bigger goal. CCNA security, Palo Alto, Checkpoint.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    chrisone has some good info above. But if you want to get your Sec+, you can get Darrel Gibson's Security+ book, take a couple weeks and read it, then take the test. If you have the money for the test and couple weeks to kill I think the Security+ will look good on a resume.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    I agree, it is a known cert and you will gain from it. That is why I asked what your career goals and path were. You may not need the security+. The materials NetworkNewb provided should be an excellent choice if you do proceed with security+.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    Look at the qualifications for the type of role you want and plan accordingly.

    For a non-pentester security role when you have limited experience, go for one of these next: sec+, SSCP, or GSEC. Sec+ is the best known of the 3.

    if you want to be a pentester, learn Python or Ruby or both, powershell, vbscript, bash, and then look into OSCP. Of course app and db pentesters would thrown in JavaScript, sql, etc.
  • OctalDumpOctalDump Member Posts: 1,722
    @=renacido

    Sec+ might be the most common, but what matters is what is asked for in the roles you are looking at. For example, most jobs asking for CISSP won't care about Security+. I am seeing GIAC mentioned more in Info Sec, alongside CISSP. CHFI occasionally. Alongside CEH, I see maybe the other Penetration Tester certifications - eCPTT, OPST, OSCP -, CISSP/CISM/CISA/CRISC, Cisco (CCNA/CCNP R+S, Sec etc), and GIAC (GCIH, GWAPT etc). A lot mention also skills with networking, Windows, Unix/Linux, and programming without specifying certifications. Degrees Bachelor or even Master's are also pretty common requirement.

    GCIH is meant to be a good follow on from CEH. GSEC is a good general choice. The downside with both is the cost.

    Of course, it matters a lot which area of Info Sec you plan on entering.
    renacido wrote: »
    if you want to be a pentester, learn Python or Ruby or both, powershell, vbscript, bash, and then look into OSCP. Of course app and db pentesters would thrown in JavaScript, sql, etc.

    This is excellent advice. If you are seriously thinking of the pen tester route, then programming skills - Python is near the top of that list - are essential. OSCP is a great option. Offensive Security also offer a free Metasploit course, which is a great step before OSCP.

    More generally, I also recommend looking at the GIAC roadmap and the CompTIA roadmap for a broad overview of possible paths and specialisations.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • JockVSJockJockVSJock Member Posts: 1,118
    If you have CEH, why bother with Security+? Unless you Department of Defense (DoD).

    Check out CISSP.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • hannismhannism Member Posts: 112
    I concur with what has been said. If you have CEH, taking Security+ isn't worth it. Even if you are DoD, the 8570.1M places CEH over the Security+.
    Obtained: CompTIA Linux+ [X] CompTIA Security + [X] CCENT [X] CCNA: Routing and Switching [X] CCNA: Security [X] CCNA: Wireless [X] Linux Server Professional (LPIC-1) [X] SUSE Certified Linux Administrator [X]
    Currently studying: Red Hat Certified System Administrator > Red Hat Certified System Engineer > CISSP
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    I guess I've never really looked too much into the CEH, but doesn't the CEH and Security+ cover completely different topics?? Find it confusing people are saying CEH is better than Sec+. It really depends on what area he wants to go in... Like the Sec+ I got this year definitely helped me land my Systems Security Analyst position I just got. (I don't have any other security certs)

    If he has the experience he should just go for the CISSP though.
  • OctalDumpOctalDump Member Posts: 1,722
    Security+ covers a broad range of topics. It's like very introductory level of CISSP. GISF, GSEC, CASP, SSCP, maybe even CISM are other 'broad/general' security certifications.

    CEH covers mostly pen test area, although it's entry level pen test, so it does meld well with incident handling and maybe even forensics. CEH assumes more technical knowledge than Security+, but it is more focussed. You aren't going to need to know much about ALEs or back ups or BCP etc.

    Security+ is a good baseline certification to have, really for anyone in IT. But if you are already at CEH level, then maybe a similar level (intermediate) generalist cert like GSEC/SSCP/CASP is a better thing to aim for. It will have similar breadth, but more depth, and maybe is worth more.

    Certainly if you meant the experience requirements for CISSP (4 years if you have also CEH), then it is a good thing to aim at. It's a little lighter on technical, hands on, but maybe that doesn't matter.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • tomatotuxtomatotux Member Posts: 23 ■□□□□□□□□□
    Essentially I want to work incident response, move toward digital forensics and working with law enforcement. I'm interested in doing some pentesting, but blue team is my heart and bread and butter. I'm considering OSCP, but Sec+ kept showing up so I thought I'd examine it.

    Also, I'm looking for something that moves my career forward but I'm really not a manager. I know where I want to go, but I also know feeding my family is kind of important and I want to have the capacity to get a job that will do that, whether it is in my chosen field or not.

    Thanks for all the thoughts and suggestions!
  • CertifiedWardCertifiedWard Registered Users Posts: 3 ■□□□□□□□□□
    I have a quick question for you, i am interested in taking the CEH cert. will 5 years of Network Infrastructure experience from being in the Air Force qualify me to take it? I am not in the force anymore but that 5 years experience is the only thing going for me..
  • OctalDumpOctalDump Member Posts: 1,722
    I have a quick question for you, i am interested in taking the CEH cert. will 5 years of Network Infrastructure experience from being in the Air Force qualify me to take it? I am not in the force anymore but that 5 years experience is the only thing going for me..

    The eligibility criteria are here. The main concern is this point:
    Have at least two years of information security related experience.
    So for you, I guess the question is how much of that network infrastructure experience could you say was security related? Were you configuring firewalls? VPNs? Dealing with PKI? Installing certificate? Dealing with crypto? Any experience with IDS/IPS? Running vulnerability scans? That kind of thing.
    If you can scrape together two years of that kind of thing, then you are in with a good chance.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    I have a quick question for you, i am interested in taking the CEH cert. will 5 years of Network Infrastructure experience from being in the Air Force qualify me to take it? I am not in the force anymore but that 5 years experience is the only thing going for me..

    Do you plan to self-study and take the exam?
    They will contact your supervisor to validate the minimum 2 years infosec experience.

    I wrote an overview of the entire process at http://www.techexams.net/forums/ec-council-ceh-chfi/113086-ceh-journey-kmastaflashs-tale.html#post968448.
  • mayacosta78mayacosta78 Member Posts: 8 ■□□□□□□□□□
    Can you pls share what study materials you used to study for CEH?
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Can you pls share what study materials you used to study for CEH?
    Sorry bro. I took the exam last year when it was CEHv8. Do check out EC-Council CEH and CHFI Forums for tips.
Sign In or Register to comment.