Hey T_bone,

It really depends... Ill try and outline the pros and cons of each below:

CEH:

+ The CEH name has more recognizably right now as the GPEN is still relatively new. HR screening personnel know what a CEH is, some might not have heard of the GPEN.

- Anyone who is a real security person i know laughs about the CEH cert based on its old format. It used to be a half hazard, loosely jointed, outdated tools test. The new versions of the test are greatly improved but unfortunately it left a bad taste in some peoples mouths.

- CEH is a non-hands on test.

GPEN:

+ Hands on test. Recently SANS added some practical/hands-on portions back into their tests. Which is good in my opinion.

+ GPEN is a more technical and in depth test. Anyone who knows about SANS/GIAC knows the test curriculum and program are the best right now for a Penetration Testing specific course.

- Still relatively new and might not be recognized by HR handlers.

Hope that helps.

Hi,

I'm currently both CEH & GPEN (as well as GCIH) and currently progressing towards Check Team Leader so feel that I might have quite a good perspective on this

CEH is a bit of a joke really - I only took it because I had some training funding which paid for the exam. I did a bit of self study and used the various practice exams and questions scattered across the net. The actual exam took me about 30 minutes point'n'click. People tend to view it as giving you a lot of info on viruses and snort and not much else. However it is very widely recognised and everyone in HR (or an OCR programme) knows it.

GPEN was a great course, it sounds like your thinking of just doing the exam challenge without the course - not something I would recommend!! Although the SANS exams are open book as you know from your GCIH, you still need the books to give you the info! I created an index of my notes and this was totally invaluable in passing - I would have still passed having done the course, a week of revision and 2 practice exams, but it would have been more difficult.

It may be worth looking at the Tiger website http://www.tigerscheme.org/ as they have a tiered approach which would allow you to progress through to CTL. The last comment I'd make is that you cant actually be Check/CREST/Tiger unless your working for a company  which is tied to those organisations, so most people get so far on their own then their company puts them through Check equivalence after relevant experience.

Regards,

Rob

Thanks for the reply grinderman, that is indeed helpful

So realistically i should probably go for the CEH as it is the cheaper option to add an extra cert to my CV which i hope will work in my favour.  I have checked out the Tigerscheme and the Qualified course and exam is £1590 plus VAT so once again very expensive.

I think at the moment i am just looking for the cheaper and easier way of getting a foundation to enter the security arena, what qualifications did you guys have when you first started off? Or did you just get a break?

Jason, would you go with GPEN or OSCP if you had to chose?

See this is so frustrating because  my first choice would be to do the GPEN, but would have to do it without attending the course as it is expensive (unless i manage to get the facilitator role as i did with GCIH again, but feel it was a lucky break).  I believe that if i could afford the materials that SANS offer as Self study (which i believe includes books and audio) that would be fine or actually just the books i believe would be sufficient, but this is still too expensive!

I have to admit i am not getting a lot of love for CEH so far and to be honest am not surprised cause its not really the option i wanted to take either...

Decisions.................

I just wish i won the lotto right now 

I can only speak about CEH as I have done the course, will soon go for the exam and recently had a job interview where I was able to bring it up as well.
I thought that it was only little known by the interviewer, probably because it is more known in the USA - however, it helped to demonstrate that I am interested in security and do more than 'necessary'.

The exam itself (without any course) seems to be quite cheap compared to some of the other certs, therefore I would go for it, if money is short but you want something to do.

I have made a decision to do the CEH now and hopefully fingers crossed will be accepted to be a facilitator at the same SANS conference I did last year!

Thanks for your input guys, i am sure this will not be the last question i ask