EH-Net

Hi everyone, First time poster.

I have been working in the information security field for five years now.   I want to know if you guys think CEH is right for me?

Background:
M.S. Information Assurance
CISSP, A+/Net+/Sec+, CCNP, CCDA, MCSE 2000/2003

I plan on taking CISM in june and moving up into management later in my career. 

CEH is really technical but alot of the stuff I have seen or heard of.

Some advantages for me that I can think of:

1.  Help me understand hacking to better defend against attacks
2.  Looks good on my resume
3.  Interesting and fun
4.  Used for internal pen testing on networks

Disadvantages include:

1. Too technical for management type positions
2.  May never use the knowledge or parts of it


I plan on tackling this using self study by purchasing two books and setting up Virtual Machines to test.


Any advice?  Skip this and just do CISA/CISM/CISSP-ISSMP/Compliance?

Do you want to do management stuff in information security or do you want to do penetration testing.

I think that really sums it up. Also once you complete your CEH, I think it really only starts you on a path, it doesn't really mean you can do a complete pen test.

So what do you want to do, INFOSEC management or penetration testing?

Kamicrazy:

Infosecmanagement!   I dont want to be a pen tester.

But I feel as a future information security manager I will need to write policies and procedures and understand generally how hacking is done, and the different types of attacks.

So for example if a security engineer comes to me and says we have several cross site scripting vulnerabilities in our webservers, then I understand what he means.

I think it would make me more marketable and be a better manager.  What do you think?

If this helps...I am 28 and I have a 5-10 years before I get into those senior manager positions.

Why don't you just do the self-study like you already plan on doing to learn the concepts that you're interested in, and then if you feel like taking the exam go ahead and do it? I don't think, at this point, it will give your resume any added significant boost but it will surely complement what you have.

I'd agree with BillV.  While CEH certainly may not be a management credential to hold, if you're truly looking for a better understanding of the concepts, it certainly wouldn't hurt to at LEAST self-study it, even if you don't pursue the certification at the end.  Just studying the materials, if you truly do some Googling, etc, in the process, will lend a lot to your overall awareness and knowledge of the topics covered in the course materials and in day-to-day security 'discussions,' even if you never truly understand the underlying pieces of attacks and penetration tests.

Good luck, and welcome.

I too think that self-study would be enough and depending on how you feel after your studies you may eventually take the exam or not. As you already obtained CISSP and some others, CEH may not be that important anymore for you.

If you want to take training and certification on CEH v6
Please contact Jodo Institute
Jodo Institute is an Accredited Partner of EC-Council

Yes CEH is right for u

Regards,
Amol

MCP,MCSA,MCSE,MCTS,MCTIP,CCNA,CEH

Well, I won't say CEH is certainly help me in my work (btw, I'm doing IT Audit work, so that's why I need to have CISA certification to back me up when dealing with clients and management).

For CEH, I did it for the part where it's interesting to learn tools used by hackers and such way for defensive purposes etc. I'm fortunate that my company send me for 5 days training in EC Council. It doesn't mean doing CEH, you will end up being a Pen Testers, which I'm still learning and I've seen some Pen Testers report, simply I'm out of words! (they're good! )

I know a lot of finance auditors who did CISA, and they passed it, and at the end, they're not doing IT audit work, and for me, that's a waste. The word CISA is just for the sake of "putting it in the name-card and looks good" for them!  :D

CISM / CISSP may upgrade you to a management level dealing with Info Sec. that is you're going to be less techie. Like billv and hayabusa said, it's no harm for you to learn CEH even if you don't take the cert if you feel dont' taking it later. and it's no harm too when it's another + in your resume.

anywa, good luck in your quest. 

I think from what you have said the CEH will compliment what you already have, i must admit i found the course very interesting and very useful.  Although i know some of what was taught it still raised awareness and opened my eyes to new and different techniques used.  I am particularly concerned with online security, forensics and pen testing.  The CEH was useful for all of these, although the course doesn't have a specific area for each one, what it does do is give a very good broad overview and basic footing for other such certs

BTW, CEH won't teach you much about XSS, SQL Injection or anything "deep". Since this certification covers many, many topics, they just can't go deep.

So while you are required to know about XSS and SQL Injection for example, the course won't make you an expert in blind SQL Injection...

So my advise is do it for yourself, not for your resume. CISSP already covers the basic, so you don't need another one. But if your goal would have been PenTesting, It would be entirely different...