I would agree with James on the subject of the CEH not being the best or
the worst as I too teach the CEH. I got to look at the CEH v5 materials
yesterday and yes he is right they are significantly improved.
As far as the subject of what to do for your resume it really boils down
to figuring out what you want (skill, cert, or both), and how you want
to go about getting it. You have to 2 basic paths as far as formal
education for this specific skill set:
Certification Based Training:
=============================
CEH (EC-Council)
CPTS/CPTP (Mile2)
OPSA/OPST (ISECOM)
Skill-Based Training:
=====================
Foundstone
SANS
BlackHat Workshops
There are of course others in both categories just ask Google - but I'm
sure you get the idea. I like to tell people that have experience in the
field to do the CISSP first, and use all of the above for your
continuing education credits required to keep your CISSP. Let's face it,
certs get you the interview - but skills/experience/personality get you
the job. I think you need both sides of the house really have the best
chance at being successful in the field. For people that are new to the
field I recommend that they go through the laundry list of
certifications:
Network+
Linux+
Security+
CEH/CHFI or other listed above
Any of the Skill-Based Training listed above
.....then the CISSP
Your mileage may vary, but I hope this helps.
--
Joe McCray
Toll Free: 1-866-892-2132
Email: joe@learnsecurityonline.com
Web: https://www.learnsecurityonline.com
Learn Security Online, Inc.
* Security Games * Simulators
* Challenge Servers * Courses
* Hacking Competitions * Hacklab Access
On Thu, 2006-12-14 at 15:30 -0600, James Michael Stewart wrote:
I am a CEH instructor. I can't say that CEH is the best certification or
course in the market, but it is neither worthless nor the worst course
available for the topic. Previous versions of the course had many serious
deficiencies. I've started teaching the newly released and revised CEH 5.0
courseware which is significantly better than 4.1. This version still has
room for improvement. CEH is not a skills course. It is an introduction and
overview of the concepts of hacking for the purposes of security assessment.
I do think it is much better and more informative than many of the MOC
courses, mainly due to its flexibility and lack of rigid structure.
As with any course and certification, it is as valuable as you make it. If
you are only in it to pass the exam and get another credential on your
resume, it is fairly poor. I doubt CEH would get you a job or promotion over
another person without the credential. However, if you are interested in the
topic and not already well-versed in the materials and tools, CEH is a great
introduction.
The CEH class is roughly 1/2 lecture and 1/2 lab work. Functioning in a 1-2
hour lecture/presentation/class discussion, followed by lab time. The
courseware books are huge, over 2600 pages. Designed to be used as
post-class references. There are 7 CDs of tools, well over 2,000 individual
tools. Plus a bootable BackTrack 1.0 CD (yeah 2.0 has just come out...)
There is more than enough material to fill an entire week, plus much more
content for students to investigate, research, and learn on their own. The
value of the class is based on the presentation skills of the instructor as
well as the participation and comradery of the students.
The CEH exam has been updated to reflect the improved content in the
courseware. However, the CEH 4.1 exam is still available until June 2007.
CEH is not for everyone, especially those who already know the basics of
hacking and who can use both Windows and Linux tools/utilities. A Foundstone
or SANS course would be most appropriate for those with moderate security
testing experience.
James Michael Stewart
michael@impactonline.com
IMPACT Online - www.impactonline.com
Austin, TX 78749
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Shain Singh
Sent: Thursday, December 14, 2006 1:22 AM
To: security-basics@securityfocus.com
Subject: RE: advice for CEH certification
Cort Boecking wrote:
What's wrong with CEH?
This is the last time it was discussed. Not sure if people's opinions have
changed.
http://www.securityfocus.com/archive/105/412138/30/0/threaded
nothing wrong with a certification that makes your 1337 ;)
--
Shaineel Singh
MakePeace Media LTD
http://mpm.org.au/shsingh
pgp id: 0xA9D8D351
fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C
This message was written entirely with recycled electrons.
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
signature.asc
Description: This is a digitally signed message part
