Hi guys,

just now joined this group and want to put forward a query.

I've got 7+ years of exp in dev (VC++, Win32, COM/DCOM, ... all windows stuff) and am pretty good in it (well, not that good). I want to change my field from dev to security; my interest lies here and I see my future into Network Sec / Forensics.

I started preparing for CEH exam but only yesterday noticed on their website that 2 years of exp is required in security. That really seems to be tough luck to me.

So, what do you guys suggest: how do I proceed with my plans to move to security.

Please advise. thanks in advance.
k

Hi awesec,

thanks for your comments.

But the point is my dev exp has nothing to do with security or hacking. I haven't even worked on web dev. all my exp is in stand alone or client-server apps. But I do have basic understanding of common protocols.
So, as per your suggestion, I'll go ahead and apply for the exam and see how they respond. (I'm really keeping my fingers crossed).

"I would like to mention that you won't be an ethical hacker at all, just because you passed the CEH exam. Though it is a good start in order to get your feet wet. Wink"
I completely agree with you. Neither reading books nor passing certification exams will help in becoming a hacker. I think it comes only with exp. But this exam is very important for me as I need something to show in my resume related to security to get a job in this field.

This forum is great. really very informative; I'm going through all the threads related to CEH. Will ping you guys again in case I've more queries.

Thanks,
k

Instead of going straight for the CEH, maybe you should start with a general security certification like Security + by CompTIA.  You will learn a lot of the basics required for understanding CEH.

Once you have your Sec+ you can write up an experience waiver to EC-Council to see if you can waive the experience.

Hi kumar, and welcome.

In addition to the aforementioned thoughts, how is your background with 'Object oriented' languages like Ruby and Python?  If you've got even a decent background in C++, and as Ketchup noted, you understand memory and such, you'd likely be able to pick up on the other languages pretty easily, and Ruby and Python are very heavily utilized in many of the tools and exploit development projects (CANVAS, CoreImpact, Metasploit, etc.)  Granted, the object oriented side of them is different than C++, but the concepts are easily understood, and I'm sure you could quickly adapt.

Assuming you could pick them up fairly easily, you could really go far on the exploit end of the security spectrum, but even if you don't, the understanding you've gained as a programmer will help you to know what types of things you can be looking for, and you'll better understand, at least, what exploits are doing under the hood, giving you an advantage over many of the 'script-kiddie' types that both attack systems (unethically,) as well as quite a few who are looking to get into the proactive side of security (ethically.)

As far as the security knowledge / experience requirements for CEH, I'd agree, that you could work on something like Sec+, etc, or you could even do some co-op work with existing companies, directly assisting or developing security offerings, to begin getting that time in.  Either way, from my experiences with other folks who needed to meet the requirements (I met mine, prior to even reviewing the course, so I haven't personally had to consider alternate options,) I know EC-Council has been pretty reasonable, provided the experience you have in IT and programming is documented and verifiable, and you can show you're working towards direct activity in security.

Good luck, and if you do approach them, let us know how they respond.  It's always nice to get feedback that we can give to others, who are in the same types of situations.