EH-Net

I'm posting the same discussion post I posted on TechRepublic (curious of you guys' responses):

http://techrepublic.com.com/5208-1009-0.html?forumID=102&threadID=324293&tag=results;CR56

I want to discuss the value of EC-Council's Certified Ethical Hacker (CEH) certification. Is this credential worthy/unworthy? What makes it so?

I'd love to hear from those who have obtained the cert and whether or not it has helped advance one's career. I also want to hear from those who think it's a waste of time.

All opinions welcome :) Thanks!

Welcome to the forums JLynch.

Your topic of discussion seems to be a popular one lately.  Take a look at this discussion we had just a few weeks ago.

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4926.0/

To me, I think that the CEH cert definitely has value.  It's just a matter of setting expectations. 

Thanks, Ketchup.  That is helpful.

I got my CEH because I was bored and waiting for approval on my SANS SEC504/GCIH.  It has helped my career, but it could have also been my CISSP or GCIH last year as well.. but I got a solid promotion without requiring a degree.  Needless to say it is difficult to get a promotion without out, but I was able to clearly show that I am working well above my previous level.

The real way the cert helped me was technically.  It gave me a huge understanding of the pen testing/hacker methodology and the tools used and how to defend them.

It definitely has not hurt me.

IMHO whether it helps or not with our current employer really just depends on your current employer.  I do believe it is widely recognized with HR departments, and will make you stand out more in the initial stages of hiring.
As far as the knowledge gained, if you're just starting out I think it lies a good foundation, if you've been doing this for awhile, well, review is never a bad thing.

I think this is probably true of most certifications, but I think it depends on where you are in your career, what your experience is and where your interests are at.

As a real-world example, I earned my CEH while at my first IT job as a helpdesk technician. I always had an interest in security and had been messing around with tools for a while. Once I earned the certification it showed my boss that I really had an interest and I started receiving security-related tasks. I was eventually promoted to network admin and my participation and involvement in security continued to grow.

As you'll find pretty often, most people will refer to it as an introductory course. There's no limit to what you can do with what you learn. I usually tell people they'll get out of it what they put into it. If you're just getting into the arena, it's a great start. If you really have the interest and desire, you'll take it to the next level on your own.

Cool.  I actually have the exam scheduled for Friday.  I work as a system administrator currently; however, I'm interested in information security.  The certification will be nice to have, but just learning the material is satisfying my hunger. 

Thanks for sharing!  Love this site by the way.  JL

I totally agree to the opinion that an official certification on ethical hacking surely gives the IT professionals a push in their career. It is simply because, network security is one of the biggest concerns that any business can have.A minute's carelessness can cause  a huge loss of database and online resources . It is a must that every non conventional business house  should be equipped to deal with hacking threats. How ever, it is important to to train professionals by an authorized and authentic body; so that , the entire ethical hackers community is organized  to ensure network security.  EC council has been the best institute teaching professionals how to protect and advance their security measures.Hats off to the good job !! keep going  :)

CEH can certainly help your career and general understanding of security. It is a good way to start out if you haven't done anything before and should supply you with the basics you need.

Good luck JLynch, let us know how it went. ;)

How did it go?

Postponed until Tuesday...I wanted one more weekend to prepare  :) I'll let you guys know.

Hello every one

as this become the old topic but as an CEH provider I cant be silent.

As an individual you guys know better whats the value of this certificate.
But as an CEH (Training) provider we know the market demand.
Yes CEH is the entry level certification in network security but it doesnt mean that it will not help to expert professional.
This is the certification which help professionals in each level.

Hey guys,

I myself just successfully passed the C|EH exam yesterday!  ;D

But my question is: many people says that C|EH is "the first step" or a "good start". But what is the next step?

I guess it depends where you want to go. I myself am a web application architect and after 10 years developing java webapps, I started to realize more and more that 98% or web developers don't have a clue about security (and this is sooooo true!). But my goal is to switch to PenTesting in a few years and I study every night to reach my goal.

So, other than a lot of work, what would be the next cert/course for someone who wants to pursuit his career as a:

1) PenTester (GPEN?)
2) CISO (CISSP?)
3) Web App security tester (GWAPT)
4) Other

Thanks and great site!

In general, if you have the resources to take any of / all of the courses, then I think your beginning list is pretty good.  There are many courses you could take, to followup for each specialization, but overall, the biggest reason to say CEH is just the start is that there are YEARS of experience and hands-on learning, which you'll continue for a lifetime, in the security realm.  It never ends (which is good, as it keeps your brain going!)

Specific to your list, though, depending upon which path you want to take, another good one to add to the Pentesting would be OSCP.  To add to the CISO one - you could insert CISA and CISM.  Other category:  too many to list, depending on whether you want to study disassembly / programming securely, wireless, etc.

It's a life long process, and I'm sure we could offer more hints, ideas and suggestions, should you come to a decision of which avenue you'd like to pursue, next, for yourself.

Good luck, and keep us posted.

I am glad you are saying this, because OSCP was the next one for me!

Like everyone who have commented, CEH is a beginning level security cert which is heavily focused on tools used by hackers and one should understand how these tools are used and what are the defensive measures against it. It certainly add value to my credentials as I might not be a penetration tester, it's better to know more things to help you in your future job (i.e probably getting by HR).  ;D

also depending on what you wanna do in your next career, the different certs will definitely get you there....provided you have enough working experiences in that area / specialization for example:

CISA - IT/IS Auditor / Manager
CISM - Info Sect Officer / Manager
CISSP - Info Sect Officer / Manager

passing the cert is one thing, applying for the cert with enough experience is another story.  ;D

Hello everyone. I just passed my C|EH and about to acquire my LPT. My next move is to get my C|HFI in the next month or so.

I think my C|EH is valuable ONLY if I know what I am doing. The Cert is great but if I cant apply it... its worthless.

Now i am in search for a job.