Seeing a bunch of people saying the CEH is outdated

RewireRewire Member Posts: 12 ■□□□□□□□□□
So is it worth it or should I look at GIAC instead?

I'm hardcore gathering certifications trying to advance my career. I'm extremely interested in security due to it's growing prevalence and opportunities for side money like bug bounties and the like. I got my A+ recently just to have it, just passed Security+ on Tuesday after a few weeks of studying. Was looking at CEH for the next one but the comments here have me feeling like it's a bit more of a badge than actual relevant information.

I want to take the CISSP as that's more highly regarded, but I'm seeing that they require you to prove that you have 5 years experience in cyber security before you're granted the certification? I'm looking around for some more clarity regarding that before I get going on that course ware.

What's your take?

Comments

  • RewireRewire Member Posts: 12 ■□□□□□□□□□
    Sorry for double post but it seems there's no edit function?

    I do NOT have a degree in IT unfortunately as I went to college for something else. All I have is a worthless Associates that's in a field I could never find a position in. I DO have IT experience of close to 20 practical years (working on computers since I was 9), but of course, it's not on paper so no one cares. I also have about 7 years of IT work experience, but 4 of them are self employed, and none of it is in cyber security so I'm not sure if that's credible.

    So I'm looking for certifications that get me in the door without me having a degree. I'm trying to go for the most recognizable ones and the most desired, so that's why I got the CompTIA ones first. I feel like the CISSP is the next best thing, but I still need to figure out that experience thing.
  • VictorVictor5VictorVictor5 Member Posts: 77 ■■■□□□□□□□
    Rewire,

    As far as CISSP goes, if you don't have the 5 years experience, you can still sit for the exam, but you'll be a CISSP Associate until you hit the 5 year mark. If you have a CompTIA cert (I think Sec+, and/or Net+) that counts as one of your creditable years. Your education could count if you had a B.S. or higher, but again, only 1 year. So in essence, they'll give you 6 years to get the 5 year experience, but you'll have 1 year out of the way since you have CompTIA certs.

    I looked into this as I'm going to be going for CISSP after CEH (employer paying for CEH).

    VV5
    B.S. Electrical Engineering, M.S. Electrical and Computer Engineering, PhD Electrical and Computer Engineering
    J.D. Candidate (2L)
    In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
    ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
    Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
    Next: GCIA/GCWN and/or GCUX/PMP/GSE
    Next after next: Med school!!!!! Lol
  • atippettatippett Member Posts: 154
    Rewire,

    As far as CISSP goes, if you don't have the 5 years experience, you can still sit for the exam, but you'll be a CISSP Associate until you hit the 5 year mark. If you have a CompTIA cert (I think Sec+, and/or Net+) that counts as one of your creditable years. Your education could count if you had a B.S. or higher, but again, only 1 year. So in essence, they'll give you 6 years to get the 5 year experience, but you'll have 1 year out of the way since you have CompTIA certs.

    I looked into this as I'm going to be going for CISSP after CEH (employer paying for CEH).

    VV5

    This is wrong and can get you in a lot of trouble. You CANNOT claim "CISSP Associate." You can only claim "Associate of ISC2." You can't even tell anyone what test you took to get the Associate (CISSP, SSCP, CCSP, HCISPP, CAP, or CSSLP). If you get to an interview and the interviewer asks which test you took, you CANNOT say. If that person has their CISSP, they can report you.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Just curious, why can't you say what test you took? Could you just answer the question, "What cert will you be pursuing later on?" And just say you want to get your CISSP?

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • atippettatippett Member Posts: 154
    Associates of (ISC)² are NOT certified and may not use any Logo or description other than “Associate of (ISC)²”. Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than “Associate of (ISC)²”, in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)²certification.

    https://www.isc2.org/uploadedfiles/(isc)2_public_content/legal_and_policies/logoguidelines.pdf
  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    Also I wouldn't take it on our word alone when it comes to the CEH. Don't get me wrong, I'm not a big fan but you have to decide if it makes sense in your career at this time. It may have relevance and people might contact you over it. It may not
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    Coming from a IT Governance and compliance background I found my studies pursuing the C|EH extremely valuable. I had very little securtiy tools experience and studying generic tools, researching further and probably most importantly doing hands on lab with a more current toolkit, unreplaceable.

    I could of just gone straight to Off-Sec or the likes, but I had zero pentesting experience. Using C|EH studies provides anew elementary to intermediate outline.

    Now that I am schedule for SANS SEC504, I feel pretty confident going in.

    just my 2 cents.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • VictorVictor5VictorVictor5 Member Posts: 77 ■■■□□□□□□□
    Whoa thanks for the heads up atippett - boy did I read that wrong!

    So here's my question. Can we still take the CISSP exam if we don't have the 5 years of experience?

    VV5
    B.S. Electrical Engineering, M.S. Electrical and Computer Engineering, PhD Electrical and Computer Engineering
    J.D. Candidate (2L)
    In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
    ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
    Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
    Next: GCIA/GCWN and/or GCUX/PMP/GSE
    Next after next: Med school!!!!! Lol
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    My take is it never been indated to start with.

    But it's on DoD 8570 and often mentioned in JDs.
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    Outdated? The tools and such used are very old, but still very relevant. Some of the techniques are less used today than they were 10-20 years ago. But, the cert itself is still relevant and the knowledge is still relevant and very useful.

    Going through the cert, a lot of it was familiar from the tools I used in the early 90's when I was first getting into computer security (as a curiosity more than a career). Those tools have been updated and are still in use today for some things.

    It's still a useful cert. I wasn't impressed by the difficulty and it wasn't bleeding edge, but it is still useful.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    Will you learn to use tools that only exploit older systems?
    Yes
    Does learning a tool that can only work against Windows XP systems make that tool outdated?
    Absolutely not..........
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    My take is it never been indated to start with.

    But it's on DoD 8570 and often mentioned in JDs.

    Yes and you will then be certified as an “Associate of (ISC)²”

    As mentioned before you can not use the CISSP logo, but I think you could say in a interview that you took and passed the CISSP exam (Any one see anything in the policy about that??).
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    IronmanX wrote: »
    Will you learn to use tools that only exploit older systems?
    Yes
    Does learning a tool that can only work against Windows XP systems make that tool outdated?
    Absolutely not..........

    To expand on this, I am currently reading Counter Hack Reloaded by Ed Skoudis (SANS fellow). he published it in 2005! well I'm here to say that the theory and techniques are still the same. That's right, a book writing in 2005 is still relevant today. TBH I think EC-COUNCIL uses the book for their exams lol.

    shoot, even most of the tools mention in a book from 2005 are still being used today lol
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • atippettatippett Member Posts: 154
    IronmanX wrote: »
    Yes and you will then be certified as an “Associate of (ISC)²”

    As mentioned before you can not use the CISSP logo, but I think you could say in a interview that you took and passed the CISSP exam (Any one see anything in the policy about that??).

    The policy says: "Associates of (ISC)² are NOT certified and may not use any Logo or description other than “Associate of (ISC)²”. Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than “Associate of (ISC)²”, in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)²certification.

    Please read bolded area
  • Moldygr33nb3anMoldygr33nb3an Member Posts: 241
    Lol how do you even enforce that?

    "I took an ISC exam but I can't tell you which one because doing so is a violation of their guidelines."

    That's ridiculous. I don't think they enforce it because LinkedIn is littered with these claims.

    Honestly if the interviewer was in the business of reporting those kind of violations, they would probably never bother asking the questions. Otherwise, I'd slap "associate of (ISC)²" under your certifications field on your resume.
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • atippettatippett Member Posts: 154
    Lol how do you even enforce that?

    "I took an ISC exam but I can't tell you which one because doing so is a violation of their guidelines."

    That's ridiculous. I don't think they enforce it because LinkedIn is littered with these claims.

    Honestly if the interviewer was in the business of reporting those kind of violations, they would probably never bother asking the questions. Otherwise, I'd slap "associate of (ISC)²" under your certifications field on your resume.

    http://www.techexams.net/forums/jobs-degrees/125063-poser-says-what.html

    This is a good thread to read
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    Some certified people, including those that know the rules and are in charge of hiring others, think that a CISSP should adhere by the rules. It's a small thing, but if you're willing to bypass that rule, what other ones would you break? Would I trust you when it came to security?

    I have found that honesty and integrity are vital in this industry.

    Enforced? I'm sure there are some CISSP's that place some value with their cert. It doesn't take much to make a report.

    I'm not a CISSP yet (2018 goal).

    Whether or not it's enforced doesn't mean it's not a written rule that comes with the certification. Some people follow the rules, some people don't. Who do you want in charge of your IT security? Someone you can trust. Someone that can follow very simple and trivial rules.

    Just my opinion, anyway.
  • atippettatippett Member Posts: 154
    PC509 wrote: »
    Some certified people, including those that know the rules and are in charge of hiring others, think that a CISSP should adhere by the rules. It's a small thing, but if you're willing to bypass that rule, what other ones would you break? Would I trust you when it came to security?

    I have found that honesty and integrity are vital in this industry.

    Enforced? I'm sure there are some CISSP's that place some value with their cert. It doesn't take much to make a report.

    I'm not a CISSP yet (2018 goal).

    Whether or not it's enforced doesn't mean it's not a written rule that comes with the certification. Some people follow the rules, some people don't. Who do you want in charge of your IT security? Someone you can trust. Someone that can follow very simple and trivial rules.

    Just my opinion, anyway.

    Hit it right on the head.
  • globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
    atippett wrote: »
    The policy says: "Associates of (ISC)² are NOT certified and may not use any Logo or description other than “Associate of (ISC)²”. Under no circumstances may they identify which exam they have successfully passed or use any Logo, other than “Associate of (ISC)²”, in any manner. Failure to abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)²certification.

    Please read bolded area

    This makes me curious to know why anyone would bother taking the CISSP exam if they didn't have the experience... Am I missing something? Is it just completely pointless to even attempt the exam without the years of experience?
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    This makes me curious to know why anyone would bother taking the CISSP exam if they didn't have the experience... Am I missing something? Is it just completely pointless to even attempt the exam without the years of experience?

    The DoD accepts the Associate of IS2 for one of their requirements. And I've heard some employers want their employees to take it even if they don't have the experience to get the full CISSP. Other than those two reasons you are correct, there is almost zero point.
  • ethical-hacker-73ethical-hacker-73 Member Posts: 6 ■□□□□□□□□□
    If all you have is a SEC+ plus, then take the CASP. It will qualify as a DoD 8750 credential and will be a mini-CISSP.

    I have CEH, CISSP, CISA, SEC+
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    If all you have is a SEC+ plus, then take the CASP. It will qualify as a DoD 8750 credential and will be a mini-CISSP.

    I have CEH, CISSP, CISA, SEC+
    Depends on what kind of job. The GSLC from GIAC is for IAM 1-3 and the CASP is not so you would have to look at the requirements for the job. CAP is another certification that covers IAM levels.
Sign In or Register to comment.