EH-Net

B"H

Hi all,

I am in a bind and could really use your advice.

I teach repair and networking not far from my house. I got A+/N+/CCNA.
I have experience with Windows machines, end stations and Server 08'.

My boss said he wants me to teach CEH in as little as 6 weeks from now.

I have no background in security. Also, my students like hands-on, and I hear CEH is more theoretical.

I looked at OSWP - looks SO cool and SO hands-on, but I know zero linux :-(

What do I do? I work almost constantly and have just some study time...

Please guys, this is my job and family...I need some way to know some aspect(s) of security well, and in a way I can offer student's hands-on. (Class is Monday-Thursday from 5pm to 9pm).

Thank you very much for all your help

PS. My dream was CCIE R&S. By Divine providence, my boss got into Windows 7 and Sever 2008, so, so did I. If I can get through these (plus "security"), I'd like to return to CCNP switching.

OSWP is a really great course and I would recommend it to anyone wanting a certification with IT/Wireless Security

You should be able to start the course and pass the exam within 6 weeks (I did mine in 8 but I was taking my tmie) and if you really push it, probably about 2-3 weeks

If you going to take that, get a copy of BackTrack Linux before hand (free and open source) and get an Alfa Network AWUS036H USB WiFi adapter and a Linksys WRT54GL wireless router and sign up for the course

I would recommend gettinga copy of VMware Player or Workstation then you shouldn't have any hardware issues as you can attatch the USB adapter to the virtual machine etc and break into various wireless networks that you have to set up as part of the exercises for the course

Good Luck :)

~TheXero

OSWP is about wireless and it is a little bit dated too. I will not recommended it to you.

If you really have to teach CEH... well in this case you have to learn CEH. There is plenty of books available, and a lot of documentation on the internet. You'll not be an expert in 6 weeks but you'll know more than your students.

You don't have to teach them how to write buffer overflows. Start with basic stuff: port scanning (nmap), vulnerability identification (nessus), remote password attacks (hydra) and you'll be good to cover the hands on part.

Look for the Grendel's book - Professional Penetration Testing, and it will be of a great help to create/operate your lab. You have all the details on how to create the lab, you have the virtual machines to use as targets and all the theory and the practice for an introductory course in pentest. I am sure that your students (even yourself) will love to play with the tools. You can even join hackingdojo and you'll find even more information.

Read at least once the CEH course, and put more accent on the domains you master (networking, windows...).

Good Luck!

@Chassidic1 - please understand this is not intended as a negative response.  However, if you've not, previously, been trained in Penetration Testing or other related CEH-style material, I'd personally feel as if you're doing students (and your company's reputation, by way of success / failure / REAL learning) a disservice.  Not as if many certification programs and bootcamps don't do the same, however, if I were in your shoes (or your boss's, for that matter,) and this is truly an offering you'd like to be able to give, I'd want to distinguish my training from that of the everyday bootcamp vendor, and 6 weeks to brush up on an area, you're not already well-versed in, simply isn't going to be of benefit to you, your company, or your students.

Now, I'm all for getting more people trained and involved in IT Security-related fields, and I applaud you for your desire to grow that area.  Just that, personally, I've found way more benefit, learning experience, and REAL knowledge transfer / share, from instructors who really KNOW the material and / or have 'been there.'  I did a lot of research before taking my CEH bootcamp, and I'm glad I did, as the instructor we had was top notch.  His personal experiences, references to real-world activities he'd done, and open discussions, even after class hours, really solidified the experience for me.

So again, I'm glad you're looking to grow the IT Security field, as well as to increase your training offerings, in general.  I just think that 6 weeks is nowhere near enough time to just 'develop' a training program, as I'm sure others on the forum would agree.

Regardless, good luck in your endeavors, and welcome aboard!

I agree totally with hayabusa. The field of knowledge is such that 6 weeks just isn't enough time to become proficient enough to lead a class.

However, there are free resources out there that you can utilize. One such resource is Sam Browne's classes. The curriculum and most of the materials are freely available on the web. Check them out here:

http://samsclass.info/

This site also contains a wealth of knowledge and a number of security professionals that have years of experience willing to help you out.

Good luck whatever you decide to do moving forward.

B"H

Firstly, thank you all for investing time in helping me; I appreciate it.

Second, I agree with the reality that 6 weeks (on OFF time between work) is insufficient prep time. At the same time, ultimately, the decision is my boss's. In his "defense", these students are absolute beginners to networking (mostly telecom people).

I do not need to be at "instructor" level in the normal sense that you and I in the IT world use the term. Rather, I need to know enough to provide a nice introduction to the subject with as much hands-on as possible. 

For that reason, at this time, I think the poster who suggested CEH and that Pen testing book is right on. Hopefully that material will provide me and the people I am working with (for just a few weeks!) a nice introduction and hands-on.

In the future, I would definitely be open to OSWP. The sole reason I am not going for that this second is because it requires knowledge of Linux, and I don't have knowledge of Linux OS yet.

Thank you all again, and I am still open to any ideas. 

I'm confused. You said that your boss wants you to instruct CEH but you said you only need to give an introduction to the subject.

Are you teaching this internally? Do you work for a training provider? Are you an EC-Council ATP? And is anyone there even an EC-Council CEI? Has this class been marketed as a CEH class?

It sounds to me like you're setting yourself up for legal trouble with EC-Council.

<nods head in agreement>

Agreed, the material is copyrighted, and legally you could not provided it to a company after purchasing the materials. If you certify, there could be more complications.

It sounds likeyour boss needs to be informed of the RISK he is taking. The legal issues noted previously, and another:

Training entry level personnel in CEH is not a great idea. Its not even an okay idea. CEH is considered to be entry-mid level material. I would suggest finding out what the company is trying to accomplish.

If they need security awareness, have them look into having a Security+ or Security|5 class brought on site.

If they need to set up a network security team, they need to spend the money to competently train that team. Not just CEH, but experienced security professionals.

In the end you need to also think about yourself. What happens when you teach this class, and one of these individuals does something stupid, you are liable. The company can easily separate itself, Ec-Council absolves itself in its documentation... try explaining that to the next employer...

Be careful of the words you use. I think you may have meant to say that you need to teach an intro class on the basics of ethical hacking and not the specific credential known as CEH (Certififed Ethical Hacker) owned by a company named EC-Council. 2 very different things.

Which do you truly mean?

Don