|
Title: CEH Recertification (valid for 2 years) Post by: nebu10uz on May 02, 2007, 05:34:28 PM I was just browsing the new eccouncil website and noticed the following in their taking exam section for CEH:
Quote Do I have to recertify? From June 2007 onwards, CEH certification will be valid for 2 years. You will need to earn EC-Council Professional Education Credits (EPE) to maintain the certification. Arrrrrggg!! Man, I can't believe this. What about for all the people who are already CEH. Will their CEH cert expires? Do they have to recertify? This really sucks, does anyone hear $$$$$$ in eccouncil pockets. I sure do! http://eccouncil.org/takeexam.htm (http://eccouncil.org/takeexam.htm) Title: Re: CEH Recertification (valid for 2 years) Post by: LSOChris on May 02, 2007, 05:47:50 PM i dont, and think i never will, feel that entry level certifications should ever expire. they represent a minimum baseline knowledge and while you could argue that times change, i could argue that most of the stuff they teach in CEH will not change. become obsolete maybe, but not change. the methodology will stay the same (at least for awhile)
i personally like the Cisco's business model (to an extent) that while it does technically require a recert every 2 or 3 years, if you take and pass an upper level exam(one of the CCNP exams) it starts your clock ticking on your old exam too. thats good, that rewards furthering your knowledge and IMO doesnt appear on the greedy side. of course if you just want to keep you CCNA you can just take that test again too (but you have a choice) i think it would be a good idea to retest your LPTXYZPQ-whatever every couple of years because this person is supposed to have an advanced knowledge of the subject, but for entry level i dont think so. Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on May 02, 2007, 07:24:38 PM Good catch, I didn't see that on there but I expected that change to happen when there was a message in their portal stating they were reviewing the process and new changes would take place this summer.
I also think it would be a good idea if ECC followed suit with Cisco and allowed you to renew your lower certifications by passing a higher one. Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on May 02, 2007, 07:26:15 PM Hmm.. I re-read that and it doesn't say anything about re-testing, just that you need to maintain EPE credits...
Title: Re: CEH Recertification (valid for 2 years) Post by: nebu10uz on May 02, 2007, 08:19:04 PM actually, maintaining the CEH cert by earning EPE credits. Probably attending conferences and courses.
Title: Re: CEH Recertification (valid for 2 years) Post by: LSOChris on May 02, 2007, 09:00:53 PM you dont think its excessive to require that and bi-annual fees to keep an entry level cert?
Title: Re: CEH Recertification (valid for 2 years) Post by: nebu10uz on May 02, 2007, 09:08:14 PM I certainly do and that's why I'm disappointed :(
Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on May 03, 2007, 07:37:51 AM Here's what I was told by EC-Council:
"If you attend any of our Hacker Halted events, obtain other certifications you will maintain the CEH certification. Please look out for more details on EPE credits next week on our website." So it sounds that by attending a Hacker Halted conference (and hopefully they'll open it to others), or achieving another EC-Council certification (from this statement, it doesn't sound like it matters which) you will maintain CEH. Title: Re: CEH Recertification (valid for 2 years) Post by: nebu10uz on May 03, 2007, 10:04:38 AM Hey Venom77, thanks for the info. I guess it's not so bad attending the Hacker Halted con or earning other cert from eccouncil in order to maintain your CEH. There are benefits from this such as continuous education and staying on top of the latest tools and hacking techniques, however, when you are in my position working in a startup company that can't afford sending their staff members to conferences and such, it really is hard in terms of financial cost to attend these events in a bi-annually basis.
For me, the economical way of keeping tabs on the latest security and hacking trends is to subscribe to magazines, downloading podcast, visiting websites and purchasing books. Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on May 03, 2007, 03:41:21 PM I agree. I currently receive no employer paid coverage either. So far, everything has had to be paid out of my own pocket (or I've been lucky enough to loan money from my father that I'll pay back later).
Title: Re: CEH Recertification (valid for 2 years) Post by: Chuck on May 08, 2007, 03:30:13 AM Yes the boots are not exactly cheap. That is why I was trying to figure out exactly which one to start with, so I would not waste my money. I am glad I did not rush into anything especially since I will probably not use any of my certs until I finish up school in 2 years.
Title: Re: CEH Recertification (valid for 2 years) Post by: Oyle on May 08, 2007, 10:00:55 AM Well, that sucks. But from the wording, it sounds as if it starts in June 07, so I should be safe.
I agree with ChrisG that a baseline "entry-level' cert should not expire. It may go obsolete, true, but the basic technologies will not change. My CCNA expired on me in Aug 04, I tried to upgrade it once, but without any access to actual equipment, my only choice is to memorize everything. To heck with Cisco. My local school IS offering CHFI classes, that I would love to do, and probably really CAN afford, depsite that it's still $2000. But this class is online at home, and while it's convienent and all, it's harder to get a hold of instructor to ask questions. Then on top of all that, the school does not even offer the exam. The closest place to me to do the exam is a 2 hr drive away. And I don't pass exams on the first time. Guess I'll spend my time just studying while I do chemo. I have to re-start my chemotherapy, starting tomorrow. I have a job interview today that I don't care about, and then I have chemo tomorrow. >:( Argh. :'( Title: Re: CEH Recertification (valid for 2 years) Post by: slimjim100 on May 08, 2007, 12:03:27 PM Oyle I hope you get to feeling better and try to stay positive as I know it will help you get thought the chemo.
Brian Title: Re: CEH Recertification (valid for 2 years) Post by: LSOChris on May 08, 2007, 02:39:00 PM ditto
Title: Re: CEH Recertification (valid for 2 years) Post by: jackveneno on June 11, 2007, 12:14:43 PM I am one of the people that don't count with money to attend classes nor EC-Coucil approved conferences. If they allow us to obtain the credits the same way I currently do for the CISSP then thats fine because there are plenty of free ways of obtaining CPE credits but going by the http://www.eccouncil.org/ece.htm website there is nothing that you could do for free and obtain credits, this to me its not right because if we passed this certification before Jun 2007 then we should be exempt or allow us to obtain credits as the CISSP does and lets not forget now we have to pay a $50 annual fee to EC-Council
EC-Council Continuing Education (ECE) Credits EC-Council is introducing continuing education points which will serve to ensure that all EC-Council certified professionals maintain and further their knowledge. Professionals will need to meet the requirements of the ECE to avoid revocation of certification. EC-Council Continuing Education (ECE) points will be earned by professionals through various means. Please see list of activities below for more information. EC-Council will begin its ECE points system effective 1 January 2008. EC-Council certified professionals who earn ECE points from now till 31 December 2007 will be able to register these points in 2008. ECE Requirements Professionals will need to meet minimum requirements to maintain their certification. 1. For CEH, CHFI, CNDA, ECSA, LPT and ECSP: Professionals will need to earn 120 ECE points over a period of three (3) years with a minimum of 20 ECE points earned each year. 2. For ENSA: Professionals will need to earn 60 ECE points over a period of three (3) years with a minimum of 20 ECE points earned each year. 3. Professionals will need to pay a maintenance fee of USD50 per annum. 4. Professionals must comply with EC-Council’s Code of Ethics. Annual Reporting ECE points are earned on a 1 January – 31 December calendar year. Certified professionals must register their ECE points earned by 20 January of the following year to maintain their certification status. Newly certified professionals will not need to register their ECE points for the year they attain certification. The certification period for newly certified professionals begins on 1 January of the following year. These professionals will not need to register their ECE points in the year of certification. However, points earned during the year of certification may be registered in the first reporting period. Certified professionals must register their ECE points earned via the ECE Credits System located in the EC-Council member portal. This system will available from 1 January 2008. Payment EC-Council Certified Professionals need to pay an annual maintenance fee of USD 50. All payments can be made online or via a check payment. Online payments can be made on EC-Council’s online orders page at http://www.eccouncil.org/orders.htm All check payments should be made payable to International Council Of E-Commerce Consultants and sent to EC-Council’s headquarters in Albuquerque, New Mexico, USA All payments must be received by 20 January Revocation & Appeal EC-Council certified professionals who fail to meet certification requirements will have their certification revoked and will not be allowed to continue usage of the certification. Individuals whose certification has been revoked will need to take and pass the certification exam again to achieve certification. Certified professionals whose certification has been revoked due to non-compliance of certification requirements may send in an appeal in writing to EC-Council. This appeal letter must be received by EC-Council within forty-five (45) days of the revocation notice, providing details of the appeal and reason(s) for non-compliance. ECE Qualifying Activities EC-Council certified professionals through various means such as: Method Points Passing the updated version of the exam of which the professional is certified 120 points (Full credit) Attending EC-Council’s Security Summit Seminar 10 points Attending EC-Council’s Hacker Halted Conference 30 points Attending EC-Council endorsed conferences and events 5 points Attending EC-Council Security Webinars 5 points Presentation of a research paper at EC-Council’s Security Summit Seminar 20 points Presentation of a research paper at EC-Council’s Hacker Halted Conference 40 points Presentation of a research paper at EC-Council’s Security Summit at EC-Council endorsed conferences and events 20 points Presentation of a research paper at EC-Council’s Security Summit at EC-Council Security Webinar 15 points Publication of articles and journals for the benefit of EC-Council members 25 points Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on June 11, 2007, 01:35:35 PM Wow, yeah, that's pretty lame of EC-Council. We'll see if it sticks though. There definitely won't be any happy people about that once they hear of this. I guess I wouldn't mind re-testing, but they should give some sort of massive discount. And they better give some sort of discount on the updated courseware materials as well. Seems like EC-Council is just getting greedy and saying it's all about the $$$
Title: Re: CEH Recertification (valid for 2 years) Post by: nebu10uz on June 11, 2007, 03:01:07 PM Wow I can't believe it. I just thought if you attended at least one seminar or conference it would be enough to maintain your cert. This is just damn to expensive. I was considering studying for the CHFI but I changed my mine. IMO, it's not worth it!! Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on June 11, 2007, 10:35:56 PM Well, after looking at it a little more, I do see a way through it. They do offer 5 points for each webinar. They are putting together 1 webinar/month (and the next is by EH-Net member Dan Hoffman) which would give you 60 points in a year. So, if you attend each webinar (which is what? An hour a month?) you would have your 120points for a 3 year time limit completed in 2 years. So then you could either take a year off, or get a headstart on the next round. And I believe those are free (for now).
Now, I am curious if I have to pay $50/certificate/year and whether that includes the LPT, or if they will still charge $250 or whatever per year for that one. At least according to this outline, we have 3 years between renewals instead of 2 like was originally thought. Title: Re: CEH Recertification (valid for 2 years) Post by: nebu10uz on June 11, 2007, 11:16:24 PM Well, I didn't know EC-Council will be providing webinar each month but looking at their website you're right. Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on June 11, 2007, 11:55:40 PM Well, I didn't know EC-Council will be providing webinar each month but looking at their website you're right. Yeah, I mean.. maybe I'm just trying too hard to find something to ease my mind a little about it, but that doesn't seem too bad. I still don't want to pay $50 per certificate each year. And probably a higher fee/year for the LPT. Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on June 18, 2007, 10:37:09 AM This was posted in the EC-Council portal...
* $50 maintenance fee per certification. * The articles can be similar to that what you read on various security portals/magazines. For example visit www.computerworld.com for more information on how a technical article is written. * 120 points/certification need to be earned * EC-Council will begin its ECE points system effective 1 January 2008. EC-Council certified professionals who earn ECE points from now till 31 December 2007 will be able to register these points in 2008. So.. I'm thinking that as an example if I had 3 EC-Council certifications, I would have to pay $150/year maintenance fees, and would need to accumulate 360 points every 3 years. That's a bit ridiculous. The articles thing is referring to the other way to earn points, by submitting articles to the portal @ 25 points each. Which really could add up quite quickly if you submitted one article a month (300 points for the year) or even every other month (150 points). Title: Re: CEH Recertification (valid for 2 years) Post by: nebu10uz on June 18, 2007, 01:28:10 PM I don't know... this is outrages. I don't think I'll be getting another cert from EC-Council. It's just to expensive. Too bad :( Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on June 18, 2007, 09:08:57 PM I guess we'll just have to sit tight and wait. Let's see how things progress and change as we get closer to the official release date. Here's the post from the EC-Council portal:
Quote Hello Everyone, I am pleased to note that the new ECE points system has generated a lot of interest. On the outset, let me make the intention clear to everyone. The EC-Council Continuing Education Points system is not something that EC-Council as created to make live more difficult for it's members. As EC-Council has become internationally accepted as a world leader in Information Security Certification, it needs to move towards attaining the ANSI/ISO 17024 standards and as such it is imperative that we meet international certification standards. This is not a revenue generating exercise. This is a continuing education exercise. Some of our certified members carry the CEH title. However, they passed the CEH V 1.0 ! Clearly, they could not match the expertise of a properly educated and certified member with CEH V 5! In addition to that, all of the major government agencies that we work with require certification authorities to impose the credits system. Agencies want to know that the certification means something in the longer term....and that the people they hire have the relevant knowledge continuously. The list of criteria posted on the Website is not an exhaustive list. The webinars are free and for the benefits to our certified members.However members must continue to learn....just like the legal, medical and accounting professions. This list will grow. We are communicating with other certification bodies to have an exchange program.That is one of the reason's why the launch date for this is Jan 2008 and not immediately. I have received a lot of commendation from certified members who are pleased to note that EC-Council has embarked on a crusade to implement the free webinars for the benefit of the security community. This is not meant to be a forum for members to exclusively collect ECE points. This is just one of the methods. Our desire is that members will take this to carry on the process of learning. This process will grow and when members contribute articles , we hope to grow our knowledge base collectively by learning from the experiences of each other. We hope that some of you will also speak in some of the EC-Council Security Summit's that take place all over the world. You will see that the speakers are all vendor neutral and are speaking about the latest and most relevant issues that benefit you. The next speaker is Dan Hoffman (author of Blackjacking). I look forward in seeing you all there. Thank You, Regards, Jay Bavisi President, EC-Council Title: Re: CEH Recertification (valid for 2 years) Post by: LSOChris on June 19, 2007, 10:13:14 PM "This is not a revenue generating exercise. This is a continuing
education exercise. Some of our certified members carry the CEH title. However, they passed the CEH V 1.0 ! Clearly, they could not match the expertise of a properly educated and certified member with CEH V 5!" --------- ok since no one else thru up the BS flag i will. to say that anyone that took their test in the past isnt at the same level .of someone who just took their training is a bold statement. i dont how you can prove or disprove that but i know plenty of old CEH's that i would put my money on against someone who just got out of CEH training any day. while i applaud the move and i think its a move in the right direction to give more legitimacy to the cert, i think that statement is BS. are they saying that the first 4 versions of their cert are crap? that their training was crap? that the first 4 tests are crap? since taking the training is NOT a requirement to sit for the cert (yet) taking and passing the cert shows that you possess the required knowledge. if they want to go that route then just decree that everything less that v5 is null and void and be done with it, take the hit and move on with their new legitimate cert. i think they'll do that with people that refuse to pay every year to keep a CEH certification or if they require a retest for people less than vX. One way or the other they have to address the issue that at first the cert was lifetime and now its not and what to do about that. anyway, should be interesting to see where they go with it. Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on June 23, 2007, 08:43:32 PM Finally some good news has come out regarding the re-certification/education points....
Quote Hello Members, I would like to introduce myself. My name is Hanan Wagie and I am the newly appointed EC-Council's Certification Manager. My main role is to handle any issue related to any of our members' certifications. We are so glad that you are voicing out your concerns. Your objective contribution will help EC-Council to continually enhance its services and satisfy its people. To address these concerns and similar issues, EC-Council has formed a Certification Committee that will post its responses and decisions on the portal within the next few days. Please note that I will keep you posted with the link. Just to share with you a few but critical decisions......We are glad to announce that the Certification Committee has decided that $50 is ECE annual maintenance fees per MEMBER not certification. Moreover, 120 points should be earned every three years by each MEMBER and not each certification! Isn't that great! Your objective contributions will always add value. So please don't hesitate voicing them out. If any member requires advice on his/her specific case, please directly email me at <certmanager@eccouncil.org> Thank you & kind regards Hanan Wagie Certification Manager EC-Council certmanager@eccouncil.org That's definitely much better than $50 and 120 points per certification. Although, I'd imagine that means that for the LPT you probably still have to pay that higher annual fee of $250 (but that'll probably include the $50 for any others hopefully). Title: Re: CEH Recertification (valid for 2 years) Post by: cwc on June 26, 2007, 02:55:21 PM This is absolutley really awful.
I passed my CEH v5 only yesterday and was over the moon, today I feel like I've been ripped off. Why do the CEH <= v4 get away with life certification and we don't. This is a scam and should be reported as such. Chris Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on June 27, 2007, 08:04:33 AM All CEH certificate holders will have to follow the new guidelines. This goes into effect for all CEH'ers Jan. 1, 2008.
Title: Re: CEH Recertification (valid for 2 years) Post by: Oyle on June 27, 2007, 03:48:55 PM This DOES Suck. I passed my CEH in Dec 2004, so I beleive it is version 2.0 or thereabouts.
Whenever I mention the CEH in an interview, or it comes up in an interview's conversation, I usually get a snicker or a chuckle. "CEH?? What's THAT? ha ha ha ha". People have never heard of CEH, and the "Hacker" part usually scares them off. I'm proud of it, I worked hard to pass my exam on the 3rd time. But the CEH has not gotten me inside the door to any blazing hot tech companies here in Cleveland. I've been underemployed and unemployed since I finished my MCSE in Dec. 2001. >:( Now fighting the cancer, I don't care about finding work, I've given up on looking for a job. Despite that I had an interview for a "Network Security Analyst" at NASA Glenn Research last week. $50.00 recert "maintainence fee"??? I still can't afford to buy a flat=screen monitor. I'm still going to proudly proclaim I'm a CEH, but until my situation changes drastically for the better, I don't care. To my knowledge, still the only diff between my version of the CEH and the new version is the last chapter on Pen testing, correct? I once found a website that had posted the ENTIRE CEH ver 2.0 courseware online in Adobe format. Wish I could remember what that site was. This back when I was working with the CEH study group. Maybe if I still have it bookmarked, I can dig it up. They MAY have the new version 5 courseware up by now, that would be kewl. I was asking Don about just posting this stuff to the CEH study group forum to save me oodles of typing, and it was decided I shouldn't, because of copyrights, and everything. So I didn't. Shame on EC-Council. Their customer support has always been lacking, IMHO. They had BETTER at least improve THAT, if we have to jump through all these hoops. >:( Title: Re: CEH Recertification (valid for 2 years) Post by: lelakimipa on July 21, 2007, 11:13:00 AM hi..all ;)
i'm new member in this forum, and i'm so glad to meet all senior hackers in here..... this day i just pass the exam CEH v5, but actually before this day, i've learnt and been trained the CEH v4 modules. i've just shocked when i read the tittle of the exam "CEH v5"... :o i'm concern enough with this topic, but my teacher said there is no validity with this certification... but i don't know which is true. i can understand, there are few senior hackers already took the exam from CEH v1,2,etc... but anyway the important things, we still can communicate and discuss any new security update, though there are many senior members have CEH v1,2,3,etc exam, or CEHv5 like me and other members... but we are still united in this forum... Title: Re: CEH Recertification (valid for 2 years) Post by: jimbob on July 22, 2007, 04:12:12 AM I'm going to stick my neck on the block here and say that I'm all for recertification. For something like CEH to be taken seriously in the industry it should be treated in the same way as other professional certification and affiliations and periodic recertification is not unique to CEH. It's important to demonstrate that your skills are fresh and current when looking for gainful employment.
The devil is in the detail i.e. how often you must recertifiy, the cost and the benefit of doing so. Even if you do not recertify there is no reason why you cannot state that you have passed the qualification at a given date so I don't see this as a loss of value for existing holders. Regards, Jim Title: Re: CEH Recertification (valid for 2 years) Post by: Oyle on July 25, 2007, 11:33:52 AM Even if I WANTED to recertify, there is no place near me to do the exam. The place where I originally passed the exam, does not offer the exam. The school where I did my class has NEVER even offered the exam.
If I want to recertify, I'm looking at LEAST a 2 hour drive. And I don't pass exams on the first time. Then again how different is the new exam from the one that I did back in Dec. 04??? Maybe they could just do an exam with the new questions covering the "new" material we need to know, and they could also (maybe) drop the price of the exam a little? ::) Yeah, Right. Title: Re: CEH Recertification (valid for 2 years) Post by: boney on July 25, 2007, 03:45:16 PM Even if I WANTED to recertify, there is no place near me to do the exam. The place where I originally passed the exam, does not offer the exam. The school where I did my class has NEVER even offered the exam. If I want to recertify, I'm looking at LEAST a 2 hour drive. And I don't pass exams on the first time. Then again how different is the new exam from the one that I did back in Dec. 04??? Maybe they could just do an exam with the new questions covering the "new" material we need to know, and they could also (maybe) drop the price of the exam a little? ::) Yeah, Right. but for CEH certification it covers more the approach and techniques the crackers use. It has nothing to do with the latest cracks (except for the tools). CEH aint need recertification. Title: Re: CEH Recertification (valid for 2 years) Post by: phreak0ut on September 09, 2007, 09:06:53 AM Hi to all the senior hackers here. It is really interesting to see the discussion of the validity of the certificate. I am about to join the course and then take up an exam atleast 6 months later. I'm mainly taking up this course because my grad scores ain't too good, but I know that I'm good at networks. I've been reading stuff about security and tried out few things. That's the reason of taking up this course. I found out that the people who take up their test from Jan 2008 will have a validity of 3 years against 2 years which is currently been given to people who pass the exam. I don't understand this "maintenance fees" of $50 which they are collecting. What are they actually maintaining? ???
It's also tough to decide if this 'recertifying' should be there. There is both +ve and -ve aspects to it. I agree that we should be kept abreast with the latest technologies and stuff, but once you are into security, there is nothing called 'The latest and perfectly stable'. Everything is outdated in a matter of week. 0-days, vulns, etc are all in a matter of day's work. Since we are expected to know what kind of malware, vulns, virus, trojans we are dealing with, we are actually updating ourselves. Why pay and update from EC-Council when we can get these updates from vendors and other security related sites? I'm still a bit dazed after going through all the posts. I think I'll be asking a lot more questions to the ATC the next time I visit before I can take up this course. Title: Re: CEH Recertification (valid for 2 years) Post by: Negrita on September 09, 2007, 03:56:23 PM Everything is outdated in a matter of week. 0-days, vulns, etc are all in a matter of day's work. Since we are expected to know what kind of malware, vulns, virus, trojans we are dealing with, we are actually updating ourselves. hi phreak0ut and welcome. I disagree with this statement. Firstly the malware taught in the CEH is all the old but very well known malware such as SubSeven, NetBus and Back Orifice trojans, and viruses and worms such as Code Red, Nimda, Sasser and Slammer. The point is to teach the principles behind the malware, how they work and what they do. After all trojans will allways open backdoors and worms will always self-replicate, regardless of how they do it. Just this week I dealt with 2 Linux boxes that were exploited with malware that's been known since 2002 (http://www.symantec.com/security_response/writeup.jsp?docid=2004-052312-2729-99). Title: Re: CEH Recertification (valid for 2 years) Post by: Negrita on September 09, 2007, 04:05:39 PM BTW, you might find this post interesting. I got it from here (http://portal.eccouncil.org/forum/forum_posts.asp?TID=331&PN=1&TPN=13). (You have to be a member to register and read that forum).
Quote from: Sanjay Dear Members, I think it is imperative that I say something to represent the official stand of EC-Council on this matter as it has generated a lot of debate and interest. Firstly, this site IS NOT censored. Secondly, the ONLY reason I called DARBY is because he and I have been in communication before over a couple of issues. Since he had a concern, I saw no harm in updating him. Thirdly, I find it shocking that there are allegations that no one from EC-Council is responding. I find it unacceptable. We have over 12,000 members in 60 countries. We have posted a message on this site that the committee is meeting and discussing this thoroughly. The CPE points start in JAN 2008. It is not until 2011 before we “decertify violators! So lets think logically. Assuming some of you decide not to achieve the CPE and instead remain as CEH V 4. In 2011, we are looking at CEH V 11! Do you think you will even stand a chance in the career market without the CPE to render you updated ? I am paying particular interest to a post a few days ago that made some very important comments: I hope to address it here. a) The fee of $50. All major certification corporations charge an administrative fee. ISC 2 and ISACA too have an annual fee. The proposed fee from EC-Council is much lower than others. Having said that , the Certification committee is sensitive to the needs of our members. One of the propositions that we have on the table is to remove the fee altogether. However, if this is the case, then members will not get any physical certificates. Members can then opt to have electronic certificates or physical certificates at a fee. b) The issue of Grandfathering : The whole concept of grandfathering negates the concept of continuing education. I would like to reiterate that the while concept of CPE is not something that EC-Council has dreamt about or made up. This is an INDUSTRY move towards quality. Lets debate this issue a little. How do we verify if a CEH V 2 is up to date with his knowledge? Every profession requires retraining and education. Accountants, Attorney’s and even doctors. Why should our profession be less? Are we saying that Security Professionals are less relevant? Would we not increase our value if we prove to the industry that we are up to date with knowledge in our profession? This is why SANS, ISC2 , ISACA have all adhered to this standard – ANSI 17024 CompTIA will follow next as I have met with their leadership last week , here in the US. We are trying to set standards so that our members can be proud to belong to an organization that is committed to quality. This is a shift in International Certification policy. I thank the Irish JP for pointing out that apparently EC-Council had previously stated that certification is for life (based on versions). As I said above, we do not want to introduce this naturally, but this is the industry standard. When we said the above, it was because that was correct at that time. Today, the ANSI rules are applicable and if we fail to adhere, many of our members will have a lot to loose. Dod8570 mandates ANSI certification. Soon employers will follow suit. Do we want CEH to be an ordinary certification or the crème of the lot? Do we want employers to recognize us as the best in what we do or as yet another certification? Having said that, we are trying to get feedback from our valued members on new policies. That is why we posted this on this portal – UNCENSORED. We want to know what is the feedback so that we can improve our service to our valued members. I am personally going to speak to the senior management of ANSI and will keep you all posted. If grandfathering is acceptable to ANSI, then it will be to us too. Until then, lets hold our comments. c) No Information? Please note that we had posted the intention for ECC to adhere to ANSI17024 . Many of you do not accept mails from editor@eccouncil.org and as such, it may have been in your spam box. Here is the excerpt of what was sent. EC-Council Continuing Education Program Begins in 2008 Beginning 1 January 2008, EC-Council certified professionals will need to maintain their security certifications. With the introduction of the EC-Council Continuing Education (ECE) Program, EC-Council certified professionals will be required to continuously gain knowledge and re-educate themselves so that they are constantly aware of the latest issues surrounding the security industry. EC-Council certification titles which will be part of the ECE program include: 0. Certified Ethical Hacker 0. Computer Hacking Forensic Investigator 0. Certified Network Defense Architect 0. EC-Council Certified Security Analyst 0. Network Security Administrator 0. EC-Council Certified Secure Programmer EC-Council certified professionals must meet the ECE program requirements or face revocation of their certification title. Individuals whose certification title has been revoked due to non-compliance will need to retake the certification exam to receive the said certification title again. An appeal process is in place for members who intend to oppose a revocation. Members can earn ECE points through various means such as by taking the latest version of a certification’s exam, attending EC- Council events and webinars, and writing information security articles. A more detailed list of ECE points earning activities is available on the EC-Council website. For more information on the ECE program, please visit the ECE webpage. I hope this sheds some light to all of you. Any change is always difficult to accept. However, we are entrusted to protect the certification and the image of the CEH holders worldwide. This is the same process that ISC2 , SANS and even ISACA went through. I hope some of you will take it positively and see what the true intentions are. $50.00 can't even cover the set up and admin costs of the new portal to hold , maintain and track the points of the thousands of the members. I am personally "for" the removal of the fee if that makes the members happier. Nothing is more important that our certified members. Thank You, Regards, Jay Bavisi President, EC-Council jay@eccouncil.org Title: Re: CEH Recertification (valid for 2 years) Post by: LSOChris on September 09, 2007, 07:08:56 PM i'm too lazy to log into the portal and post it but my question back to him would be...
how is the CEH v2 that paid his 50 bucks and watched some web casts an up to date security professional? Title: Re: CEH Recertification (valid for 2 years) Post by: jimbob on September 10, 2007, 04:11:55 AM I think it's important for both EC Council and the cert holders to understand why certifications are important. I personally see a certification as a stamp that the holder has completed their basic training and in obtaining the certification has set their aims on becoming a professional. This is not to say that CEH holders are not professionals, but solely having CEH doesn't a professional make.
The very least I would expect from a graduate if that they have studied the course material, akin to any other student studying for an exam. I wouldn't let a physics graduate operate my nuclear reactor* based solely on their academic qualification. If EC Council want to make this a professional accreditation rather than a vocational qualification then I believe the standards need to be much higher. CEH should be the minimum qualification for acceptance as an associate member, and more credit should be given to those who have passed advanced exams or achieved credit from published material. Jimbob *Note to the IAEA, I don't have any operational or fuelled nuclear reactors. I don't need a visit from Hans Blix, thank you. Title: Re: CEH Recertification (valid for 2 years) Post by: phreak0ut on September 10, 2007, 11:15:21 AM hi phreak0ut and welcome. I disagree with this statement. Firstly the malware taught in the CEH is all the old but very well known malware such as SubSeven, NetBus and Back Orifice trojans, and viruses and worms such as Code Red, Nimda, Sasser and Slammer. The point is to teach the principles behind the malware, how they work and what they do. After all trojans will allways open backdoors and worms will always self-replicate, regardless of how they do it. Just this week I dealt with 2 Linux boxes that were exploited with malware that's been known since 2002 (http://www.symantec.com/security_response/writeup.jsp?docid=2004-052312-2729-99). Hi Negrita, thanks for the welcome :) Don't you think that though CEH is updating constantly and the cert meant for people who know about malware, the malwares which you had mentioned above(being the famous ones) should be known by every security guy? The basic principles of a trojan, virus and a worm should be known right? ::) I'm surprised that you could still find linux boxes exploited. Were they updated? I think this is gonna be an interesting discussion :D Title: Re: CEH Recertification (valid for 2 years) Post by: Negrita on September 10, 2007, 03:42:26 PM Well not everyone knows all aspects of security which is one reason they teach you the basics. The "how they do it" part i mentioned above will always change and that's the reason for updating and keeping abreast of the latest technologies. Another reason is that there are new technologies out now that weren't around when the first versions of the exam came out such as USB drives or blue tooth.
I agree that it's important to keep up to date, and I appreciate EC-Councils efforts to force the certified community to keep abreast of what's happening. I don't think the maintenance fee is going to make a difference to the standard of the course material or the level of the exam. If EC-Council wants or needs more money they should raise the charges of the present cert exams instead of taking it out of the pockets of members that are already certified. Also I think it most unfair on the part of EC-Council to promise life time certification, and then to turn around and say that the cert will only be valid for 3 years with no grandfathering of those who spent time and money to get the certs. On that thread I linked to above there were people that posted saying that the life time certification was a major factor in them choosing to get the CEH as oppsed to other certs that require recertification, and now EC-Council has let them down. Finally I'd rather not discuss the finer details of how my customers boxes got cracked. Just FYI theses were 2 separate boxes from 2 separate customers in totally different parts of the world, exploited by the same cracker (or cracker group). The software running was the latest up to date. Title: Re: CEH Recertification (valid for 2 years) Post by: phreak0ut on September 11, 2007, 06:38:49 AM Finally I'd rather not discuss the finer details of how my customers boxes got cracked. Just FYI theses were 2 separate boxes from 2 separate customers in totally different parts of the world, exploited by the same cracker (or cracker group). The software running was the latest up to date. I'm kinda getting the things which you really want to tell. Can't we all oppose the $50 fee?? I think if everyone did that, they might pull it out. Well, I'm surprised this cracking is doing stuff which ain't supposed to be done. I hope you catch them. All the best. Title: Re: CEH Recertification (valid for 2 years) Post by: EmanoN on September 13, 2007, 01:34:42 PM This is just more evidence of the fraud the Ec-council has committed on the IT world. Their certification process is expensive and has little value as far as proving someone’s ability to hack. You can pass their examine with a “brain dump” and most people that pass still cant hack their way out of a paper bag. There are those that think this certification is doing more harm than good to the IT community. If you feel a company should trust the average newly certified CEH to test and certify a critical network is safe and rely on that, that’s dangerous to say the least. Hey, but that’s ok because Hackers love that and in the meantime the EC-council gets rich duping the unsuspecting.
Title: Re: CEH Recertification (valid for 2 years) Post by: jackveneno on February 20, 2009, 02:26:15 PM It has been a while since this post been updated and wanted to see if most of you were able to get your cert renewed and if the process was changed for the best or is it still the same?
After the initial post when they finally provided us with the ECE delta page I was able to get most of my points in and renewed till 2011, hopefully they haven’t made drastic changes that I am out of the loop on since I try to go into the forums and can’t find any new information on this. Thank you Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on February 21, 2009, 08:30:13 AM It has been a while since this post been updated and wanted to see if most of you were able to get your cert renewed and if the process was changed for the best or is it still the same? After the initial post when they finally provided us with the ECE delta page I was able to get most of my points in and renewed till 2011, hopefully they haven’t made drastic changes that I am out of the loop on since I try to go into the forums and can’t find any new information on this. Thank you It's mostly the same right now. There will be some changes to the guidelines coming soon (hopefully within a month). I'll be making a post here once they are finalized, so keep a look out for it. BillV Title: Re: CEH Recertification (valid for 2 years) Post by: Krizzc on March 04, 2009, 06:09:39 PM When I did my C|EH last month we found info suggesting it was valid for 3 years and made no more mention of maintenance fees ???
Who checks the certs on a CV anyway? Is your certificate dated ??? Title: Re: CEH Recertification (valid for 2 years) Post by: BillV on March 04, 2009, 06:52:10 PM 3 years is correct, and there are no maintenance fees.
The version number would date your EC-Council certification. Some employers will check into the validity of your certification if you have it listed on a CV/resume. BillV
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |