Hi everyone, First time poster.

I have been working in the information security field for five years now.   I want to know if you guys think CEH is right for me?

Background:
M.S. Information Assurance
CISSP, A+/Net+/Sec+, CCNP, CCDA, MCSE 2000/2003

I plan on taking CISM in june and moving up into management later in my career. 

CEH is really technical but alot of the stuff I have seen or heard of.

Some advantages for me that I can think of:

1.  Help me understand hacking to better defend against attacks
2.  Looks good on my resume
3.  Interesting and fun
4.  Used for internal pen testing on networks

Disadvantages include:

1. Too technical for management type positions
2.  May never use the knowledge or parts of it


I plan on tackling this using self study by purchasing two books and setting up Virtual Machines to test.


Any advice?  Skip this and just do CISA/CISM/CISSP-ISSMP/Compliance?

Kamicrazy:

Infosecmanagement!   I dont want to be a pen tester.

But I feel as a future information security manager I will need to write policies and procedures and understand generally how hacking is done, and the different types of attacks.

So for example if a security engineer comes to me and says we have several cross site scripting vulnerabilities in our webservers, then I understand what he means.

I think it would make me more marketable and be a better manager.  What do you think?

If this helps...I am 28 and I have a 5-10 years before I get into those senior manager positions.

I'd agree with BillV.  While CEH certainly may not be a management credential to hold, if you're truly looking for a better understanding of the concepts, it certainly wouldn't hurt to at LEAST self-study it, even if you don't pursue the certification at the end.  Just studying the materials, if you truly do some Googling, etc, in the process, will lend a lot to your overall awareness and knowledge of the topics covered in the course materials and in day-to-day security 'discussions,' even if you never truly understand the underlying pieces of attacks and penetration tests.

Good luck, and welcome.

If you want to take training and certification on CEH v6
Please contact Jodo Institute
Jodo Institute is an Accredited Partner of EC-Council

Well, I won't say CEH is certainly help me in my work (btw, I'm doing IT Audit work, so that's why I need to have CISA certification to back me up when dealing with clients and management).

For CEH, I did it for the part where it's interesting to learn tools used by hackers and such way for defensive purposes etc. I'm fortunate that my company send me for 5 days training in EC Council. It doesn't mean doing CEH, you will end up being a Pen Testers, which I'm still learning and I've seen some Pen Testers report, simply I'm out of words! (they're good! )

I know a lot of finance auditors who did CISA, and they passed it, and at the end, they're not doing IT audit work, and for me, that's a waste. The word CISA is just for the sake of "putting it in the name-card and looks good" for them! 

CISM / CISSP may upgrade you to a management level dealing with Info Sec. that is you're going to be less techie. Like billv and hayabusa said, it's no harm for you to learn CEH even if you don't take the cert if you feel dont' taking it later. and it's no harm too when it's another + in your resume.

anywa, good luck in your quest. 

BTW, CEH won't teach you much about XSS, SQL Injection or anything "deep". Since this certification covers many, many topics, they just can't go deep.

So while you are required to know about XSS and SQL Injection for example, the course won't make you an expert in blind SQL Injection...

So my advise is do it for yourself, not for your resume. CISSP already covers the basic, so you don't need another one. But if your goal would have been PenTesting, It would be entirely different...