Hi SS,
My first certification was the CEH and it served as a great introduction to the field of penetration testing. The material was just enough to get me started. The exercises/labs looking back at them now were pretty basic So the 'exploits' were against a windows 2000 box and if I remember correctly the exploit was the good old rpc_dcom. Point is it was nothing fancy, but at the end of the course it got me thinking about security. So everything I did from that point on was done with security in mind.

The OSCP on the other hand was a different beast. This course took it to an entire new level. So, I remember 'reading' about buffer overflows in the CEH. Well I actually did it in the OSCP. A lot of the topics covered in the CEH came to life in the OSCP. Sql injection that I had read about in the CEH, I actually got the chance to do it on several occasions. Another is example is metasploit. During the CEH, someone in the class used msf to pwn the windows 2000 server. And let me tell you I was blown away by it. Fast forward to the OSCP and I was not only using the msf but I was actually editing some of the exploits. Really getting into the guts. And where as in the CEH I could identify exploits that were say in the C programming language, in the OSCP I was editing the code.

The OSCP is also ALL YOU. No lecturers to run to. Nobody to hold your hand and spoon feed you. It can be REALLY frustrating at times. Google and the oscp irc channel become your best friend. The exam is also another thing. You have 24hrs to pwn a set of boxes that you are seeing for the first time. No multiple choice exam. So the OSCP will take your skills to the next level.

So now that you have all this 'raw' skill it now needs to be refined. Enter the Sans GPEN. This course covers the business side of things. So it takes you through setting everything up on the business side. Things like rules of engagement, various laws, establishing scope etc are covered. Really important stuff. And it also further explains some of the concepts learned in the OSCP. Rainbow tables comes to mind.

So having said ALL that you could run with the CEH and then make your way up to the OSCP.

My .02

I wouldn't recommend OSCP for a beginner even if it was the first certification I opted for. What made me feel comfortable with taking the course is I've been using BackTrack For 3 years. This may be the first time anyone's seen me suggest this but since the CEH is something you plan on going for, I'd say consider that first. It has more popularity and the negative if any is that it's very tool / theory based. People taking the course can walk out of the class with the certification and not prove that they know how to hack.

If your looking to go a cheaper route and want to get your hands dirty for a cheap price, Learn Security Online has a beginners course called "So You Wanna Be A Pentester". For $300 and access to the LSO lab environment to test your skills, this one's a steal.

Heorot.NET's Shodan Certified Penetration Tester (1DCPT) course is currently discounted (and I think it's only going to be discounted for another 2 or 3 days) could be another option. The course is affordable and comes with the book chrisj recommended, "Professional Penetration Testing".

I'm currently going through eLearnSecurity Online's Training Course thanks to Don and I definitely see it as an option for a beginner too. Jason has reviewed the course here and has coined it, 'The CEH Killer'.

Goodluck and welcome to the forums.

Kris

I'll keep it short and sweet,,,  xxxKrisxxx and Dark_Knight echoed my sentiments, and experiences, almost exactly.  Start with the CEH, or even the Professional Penetration Testing book, by Wilhelm, then see how you're feeling, from there.

Good luck, and keep us informed as you move forward.  We're here to discuss and help!

Good, just focus in one area.

I will, thanks.