This is just my personal opinion, but all certs are the same thing.

A certification is an official way of proving you have studied a subject, and retained the knowledge, allowing you to answer questions and carry out tasks. As a reward you get the certificate to prove this, should anyone want to see it.

Personally (and maybe its because I end up paying for all the courses I do) I am much more concerned with obtaining as much knowledge as I can, and not really to fussed with getting the piece of paper. I have interviewed so many people who have certifications for all sorts, but they dont really seem to know what they are doing, they just dont know how to apply the knowledge they claim to have I guess.

So personally if you have had no issues proving yourself in the past, then just having the knowledge should be enough. However many organisations like people to have the Certs, as it helps with the marketing.

Sorry if this has been of no help, but I dont think there is a right answer, just the one you feel most suitable to your needs.

Note:  I'm somewhat biased in this answer

I think that a cert is just a means to opening up doors that may otherwise be closed to you.  Same as a college degree -- they don't mean that you are an expert in the field, but they're at least an indication that you have the knowledge and capability to learn.  A C|EH doesn't mean you're a hacker....but it is an indication that you can learn the skills needed and gain the experience.

I've found the C|EH to be one of the more technical certs out there for hacking (more decidedly in the "gray" range than others).   For a beginner, it's very tough....one of the harder exams some of the rookies at my office have had to take.   For someone with experience, it's really not so bad (as you surmised).   To me, that's a sign of a good test in that it means the test checks for knowledge that you actually apply.

There's a number of things that I don't like about the exam, but the good outweigh the bad for me.

Certification, in the end, stands as independent verification that you passed a test.  The test criteria and the respectability of the certifying body determine the value of the test to others.

Personally, when I interview someone I don't give a second look at the certifications they have.  I look for experience that proves the assertions the certifications make.  Proving you can apply knowledge that a certification tests is much more difficult than just getting a certification.

I have to applaud the CEPT because it has a practical portion that is unstructured, that forces you to apply your knowledge.  If all certifications had this sort of component fewer people would be certified but certification would be worth a lot more.

That said, in the end I think demonstrable knowledge and skill are much more important than a certification, but then again I'm not working in a big box corporation.  For large organizations, the HR departments will insist on some sort of rubber stamp they can use to weed out candidates.  So if that sort of job is your goal, certifications are great.

Certifications are also good if you're freelance or doing consulting.  Having certifications stand in good stead for references (which are probably better).  However, having lots of certifications will make your client feel more confident about you, and allows them to justify their investment in your services to their superiors.  Like the saying goes, nobody ever got fired for choosing the Gartner pick.

Outside of consulting and big corporations though, in that other murky realm inhabited by your peers, a certification is going to be worth the paper it's printed on.  Other security professionals, especially those who are familiar with certifications, view certifications with quite a bit of skepticism.  Proving to this audience that you know your stuff will require quite a bit more.  In this arena I would say a published article is worth a lot more than a certification.  Working on an open source project, producing white papers, publishing exploits and the like will go a lot farther to prove your credibility than producing a certification that shows you memorized the answers to a hundred multiple choice questions.

Of course, going to a hiring officer at a large company and saying "I published the remote root compromise of servers running foobar 1.2" will probably just get you a blank look.  On the flip side, if you do something like that, someone might just come looking for you with a job offer.  I never heard of anyone trolling the CISSP registrations looking to hire their next rock star though...

One thing to keep in mind on the C|EH is the nature of the exam:  it's  a random draw of questions from an increasingly large pool.

In the exams that I've proctored, I've seen some very bright guys get a rough draw of questions and have a hard time with the exam.   I've also seen some "not so bright" guys (to put it lightly) get an easy draw on questions and coast right on through.

In the last round of proctoring, one guy failed the exam and decided to re-sit it immediately (it's a 4 hour exam).   He passed on the second try, saying that the questions he got on the second round were a LOT easier than the first.

It's all about the draw.

I tend to think of it as: the exam does a decent job of eliminating false positives (you need to know the subject matter to pass)....not so good at eliminating false negatives.

I'll echo Kev's words. The cert got me the interview and it showed that I wanted to get into the field and wasn't afraid to spend my own money to do so. After getting the interview, the rest was up to me. Yes certs have value, but they are just a step in getting the job, the rest is up to you.

Couple things:

1. You may not be working where you just got hired for the rest of your life. In fact, chances are you will not. You should always look at your resume as a work in progress.
2. Your new employer may pay for the training & exam whether that be CEH, CISSP or any other cert. So then why not?

$.02

Don