Denied CEH Eligibility

Peace101Peace101 Registered Users Posts: 2 ■□□□□□□□□□
Hello All,

My name is Peace101 and I am new to this forum. A couple of days ago, I submitted my CEH eligibility form so that I could purchase the voucher. Unfortunately, I was denied due to my lack of "experience" in the Information/Cyber Security Industry. My background is as such: a bachelor's in Computer Engineering, a master's in Computer Forensics from George Mason University, and one year working in a federal government SOC. In addition to sending my application and resume, I'd also sent my graduate school official transcript and a penetration test writing sample. In the application, I also stated this with the following information:

• Masters of Science in Computer Forensics from George Mason University (1.5 years)
- Performed malware reverse engineering
- Possess practical penetration testing knowledge
- Performed both network and traditional forensic analysis
- Practical knowledge of incident response


• Basic understanding of TCP/IP protocols and networking


• Proficient in the use of Kali Linux and its various tools (Nmap, Aircrack, SqlMap, Nessus, Nikto, TCPDump, Wireshark, Metasploit)


• Proficient in the Python scripting language
- Created automated scripts for both penetration testing and work-related use


• Performed vulnerability assessments


• Worked in a Security Operation Center (SOC) environment [1 year]
- Performed log analysis
- Performed Packet Capture Analysis
- Network Forensics
- Malware Analysis
- Email Analysis

When I received the denial, I called EC-Council headquarters and directed to front desk which yield to no resolution. What other options can I take?

Comments

  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    Well, their requirement is 2 years work experience (not school) or to take their course. So your other option would be to wait 1 year or take their course.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    A much as I despise this organization the eligibility criteria is clearly not being met so this is on you. BlackBeret is right, either wait or pay $850 for training.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Well you either probably 1.) didn’t read the requirements close enough, or 2.) thought you could squeeze through.

    2 years of work experience is pretty clearly stated so hopefully you didn’t pay out of pocket. Get the feds to pay for your training or wait till you have 2 years.
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    I would just walk away from this cert if I were you. It will get you through the HR person but more Security professionals think this cert is a joke.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    CISSP and CEH are very good certs to get you in for a first-round interview, so I woundn't discount CEH if you are looking for InfoSec work. However, for the "net cred," there are a lot better "Hacking+" certs out there.
  • Peace101Peace101 Registered Users Posts: 2 ■□□□□□□□□□
    It said that you have to have 2 years of information security experience not 2 years of working in the information/cyber security industry. If they stated the latter, I wouldn't have an issue, but they stated the former.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Original post mentioned only the SOC job. What other security experience do you have?
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Peace101 wrote: »
    It said that you have to have 2 years of information security experience not 2 years of working in the information/cyber security industry. If they stated the latter, I wouldn't have an issue, but they stated the former.
    It looks like they have some inconsistencies of how they word things on their website.

    Under the FAQ (https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/#1--can-i-pursue-self-study-and-attempt-the-exam-instead-of-attending-formal-training-) it says "work experience", but under other areas it says related experience.

    Just for future reference, if education can be applied, they will usually have some kind of a waiver description area. Any experience requirement is going to only be work experience.
  • ThinLineThinLine Registered Users Posts: 4 ■□□□□□□□□□
    Easy. Don’t spend your hard earned $$$ with them. Choose another Certification. I have a CEH, and have not seen any real value. EC-Council has poor customer service as well.

    This Cert is not transformative for your career. Don’t look back.
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□


    If you're going for DOD, the CEH is now obsolete. The CSA+ seems a much better value.
  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    "When not reading and understanding the requirements goes wrong" is what this should be titled. CEH from a learning standpoint is not very good but it does open MANY doors for you. Also, CSA+ isnt recognized by the DoD yet (at least where I work anyway). Whats the source for that chart?EDIT: nevermind, found it on DISA. That's wierd tho because we don't accept it here.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    Looks like CSA+ is a lot cheaper too.
    $320 USD for the exam.

    CEH is now $950 USD for the exam.

    Annual renewal is a little cheaper $50 vs $80.

    Looks like CSA+ does not have any experience requirements.

    "Recommended Experience Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, CSA+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus."
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    I would just walk away from this cert if I were you. It will get you through the HR person but more Security professionals think this cert is a joke.

    And to the person who sent me some feedback to this comment regarding that the eJPT is a joke, my thought is at least to get it you have to do hands on work and not just do rogue memorization on tools, so it is ok with me being a joke to people. The CSA+ cost me $50 not a bad fee to see what it was about and it was still way better than the CEH.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    (*Psst!*)

    Prefer looking into certs like SANS GPEN or OSCP as more mainstream or accepted certs to pursue in lieu of the C|EH.

    - b/eads
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    And to the person who sent me some feedback to this comment regarding that the eJPT is a joke, my thought is at least to get it you have to do hands on work and not just do rogue memorization on tools, so it is ok with me being a joke to people. The CSA+ cost me $50 not a bad fee to see what it was about and it was still way better than the CEH.
    Sometimes it’s not always about what YOU value the most in a certification, it’s what an employer values or wants. Regardless of the opinions on the quality of CEH, HR departments know what it is and sometimes getting past them is half the battle.
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    TechGuru80 wrote: »
    Sometimes it’s not always about what YOU value the most in a certification, it’s what an employer values or wants. Regardless of the opinions on the quality of CEH, HR departments know what it is and sometimes getting past them is half the battle.

    Yeap. It's also why the CISSP sometimes suffers in some circles. Companies have made it the defacto cert in a lot of job requirements but its not a technical cert when they are looking for someone with a lot of hands on. It is very strange for me to have the conversation when people tell me they met someone with a CISSP and doesn't know how to be technical.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • JockVSJockJockVSJock Member Posts: 1,118
    Considered yourself touched by an angel or divine intervention, or whatever you want to believe in.

    There is a lot of criticism against the C|EH for the hype it generates and EC|Council for their lack of professionalism and their snake-oil sales approach to the IT certification industrial complex that they are a part of.

    Here is my review of me taking the C|EH.

    http://www.techexams.net/forums/ec-council-ceh-chfi/126125-successfully-passed-c-eh-my-professional-opinion-eccouncil-cert-industry.html

    After getting this cert, I've only been contacted for temp pen test/info assurance positions. That's it.

    Too bad this post wasn't stickied, otherwise I would have never attempted this cert:

    http://www.techexams.net/forums/ec-council-ceh-chfi/110311-wanna-get-ec-council-ceh-think-again.html

    Honestly if you have the skill set that you wrote up, I would say go for info sec positions that matchs or exceed your experience. Do you live in a big or near a big IT city say like Silicon Valley?
    JDMurray wrote: »
    CISSP and CEH are very good certs to get you in for a first-round interview, so I woundn't discount CEH if you are looking for InfoSec work. However, for the "net cred," there are a lot better "Hacking+" certs out there.
    ***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)

    "Its easier to deceive the masses then to convince the masses that they have been deceived."
    -unknown
  • wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    I would just walk away from this cert if I were you. It will get you through the HR person but more Security professionals think this cert is a joke.

    That could be said about the CISSP any other cert! Give me experience over some expensive cert anyday
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Cert requirements are cert requirements. We're lucky if we can get waivers from some organizations.
    Just keep doing what you're doing and on top of that, you're getting great experience so far.

    There are other certifications that are probably more worth earning instead of the CEH. OSCP could be done while you're waiting for the two year requirement to be met. Maybe getting the SSCP as well??

    I know that the CEH is asked by a lot of companies but as much as it costs to take the test, I think that you could really use that money somewhere else.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • [Deleted User][Deleted User] Senior Member Posts: 0 ■■□□□□□□□□
    Just hang in there! I found the C|EH to be useful. Just get another year of security experience and you'll be good. Best of luck hope things work out!
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    FWIW ... my .02 cents ...

    I think the value in CEH is what you make of it ... and what fits YOUR situation ...

    CEH isn't totally worthless IMO. Is it worth the (nearly) one thousand dollars? Probably not ... is it worth something? yes.

    I am neck deep in the middle of the OSCP course and I can say, without a moment of doubt, that the CEH compared to this is an entry level certification by far. However, a lot of the same study material I used for CEH I am going back and referencing in OSCP ... The skill sets do transfer .. albeit only a little.

    So, I'll just throw this out there. If you are in a position where someone else is going to pay for it? And you are trying to build up to something like OSCP? I don't see an issue in going for it. You will end up covering a lot of the same ground ... IF you only have 1000.00 and you have to pick what route to go, I would not go CEH and would explore other options with your own money.

    One last thought: While some (maybe even a lot) in the security field think CEH isn't worth the money, others that are in the technology field, but NOT focused on security still respect it. (Yeah, mostly because its a name ...) My current role is not only Security related, but overlaps a lot of other areas. When I am talking with customers (like it or not) "Certified Ethical Hacker" buys more credence with them than something they've never heard of like "OSCP" - When I am talking with someone very technical, OSCP is like the biggest name drop ever ....

    So I'm just saying, it depends on your situation! Your life! you lead it!
Sign In or Register to comment.