CEH vs eJPT vs Pentest+ for a (relatively) newcomer to pentesting?

srothmansrothman Member Posts: 73 ■■■□□□□□□□
edited May 2020 in Pentesting
I'm looking to include some dedicated effort to honing my skill as a pen tester while carrying on with the rest of my studies. At the moment I am heavily invested in Cloud Security, specifically on the governance and compliance side of things, with a big focus on cloud infrastructure security, but I'm keen to take this up to add some variety. You know what they say, spice of life and all that.

In any case, I've been looking at these certifications, and the related coursework and material, and hoping to hear some opinions on which would be a softer landing for a "hobbyist" breaking into penetration testing?

TIA

Comments

  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    edited May 2020
    The best way to hone your skills is through hands on practice.  The eJPT bundle comes with coursework, labs, and a practical lab based certification.  The eJPT would be my pick out of the three you listed.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    I've only taken the CEH and eJPT. It's a hard choice. For knowledge and skill learning, the eJPT all the way. You get the knowledge, the labs, the hands on, the final you're actually doing the work and breaking into boxes. It's excellent. It just lacks the HR recognition. For a resume perspective, the CEH will have more pull. It's just more expensive and I really didn't think it was that great of a certification (even worse when you go for the overall value with the cost). 


  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    If this is just to gain knowledge and if you're the one paying for it, definitely eJPT.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • srothmansrothman Member Posts: 73 ■■■□□□□□□□
    Thanks for the feedback. @iBrokeIT and @PC509, you touched on a very important aspect. While I get that "self-learning" is the way to go for most all things nowadays, having a more guided experience, at least initially, makes a lot of sense to me, and having a structured approach through the eJPT would probably yield more benefit in the short term.

    @yoba222 , I will be paying for this myself, so thanks for highlighting this. I figured if I take to it, and I am able to add value in my current role, I'll get my employer to consider funding some of the later courses.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    For real-world pentesting practice, join a few bug bounty programs and perform vuln assessments for real.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    For just gaining knowledge, as mentioned before look at that eJPT. I will always suggest a slightly more lab-driven and hands-on approach to learning when it's compatible with the student. Many are looking for certs to fuel job hunting success. But for real learning, it's all about hands-on or creating opportunities to put learning into practice!

    If you already feel comfortable with general tools, attacks, and infosec jargon as you may come across on infosec twitter or blogs or forums, skip the CEH.


    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • srothmansrothman Member Posts: 73 ■■■□□□□□□□
    I've registered there, thanks. Busy looking at the activities and what's available. For someone like me, though, that's like saying "You want to be a pilot? Just go hop into that plane over there and start flying". I really do need the theory-based primer, so will likely start with the eJPT, at least to give me that inch-deep mile wide view.
  • dmaketasdmaketas Member Posts: 21 ■■■□□□□□□□
    Personally I did the eJPT as a good starting point mostly for my own personal development and initiation. On the other hand I'm based in Europe, so I don't have to deal with CEH and DOD approved certifications or my work activities are such that I have to perform pen test. As such my vote goes to eJPT and once you are done I recommend Practical ethical hacking by Heath Adams, which I am doing at the moment.
  • srothmansrothman Member Posts: 73 ■■■□□□□□□□
    dmaketas said:
    Personally I did the eJPT as a good starting point mostly for my own personal development and initiation. On the other hand I'm based in Europe, so I don't have to deal with CEH and DOD approved certifications or my work activities are such that I have to perform pen test. As such my vote goes to eJPT and once you are done I recommend Practical ethical hacking by Heath Adams, which I am doing at the moment.
    I had to return to give you kudos on recommending the course by Heath Adams. It's different to any of the other courses I've watched, and one of the best in terms of both content and quality I've ever come across on Udemy. Thanks for the nudge! I've watched only a few vids in the course, but it's really one I'll be returning to a few times.
Sign In or Register to comment.