EH-Net members,

Recently EC-Council held a webinar for certain attendees to discuss what's happened in 2010 and what's projected for 2011. I've been told I can share this information so here are a few highlights...

- EC-Council has passed SANS/GIAC in the number of certified professionals worldwide (I wasn't given specific permission to share numbers and since EC-Council doesn't share these, neither will I here).

- Within a year of launching their academic course books they have formed 200 international partnerships

- Hacker Halted (US) saw a 116% increase in course attendees and will be back in Miami (October) for 2011.

- I don't have the date but they will be launching CAST - Center for Advanced Security Training - courses this year. These will be advanced technical trainings in areas where they have certifications (CEH,ECSA/LPT,CHFI) and some others. The instructors for these courses MUST be practitioners in the field and meet other requirements. There are no plans to have certifications for these courses at this time, they will be advanced technical trainings only.

- Takedown Con will be launched in May in Dallas, Texas. Unlike Hacker Halted, this conference will be much more technical in its discussions. They plan to roll this out to other areas as well (www.takedowncon.com).

- EC-Council donated $1M to the UN last year to have distributed as needed for training. This year another $1M is being donated to academia.

- A new tool helping in lab setup for classes has been developed called iLabs. This is a virtual hosted system by EC-Council that allows instructors to quickly get classrooms ready. Students will each have access to a handful of systems. All licensing is being handled by EC-Council and will no longer be a responsibility of the training center.

- Along with iLabs will come a client/server app called Frankenstein. The utility looks similar to an FTP client. It allows students to connect to EC-Council and download updated tools. If a tool is installed and an updated version is available Frankenstein will prompt you to install the newer version.

- And, of course, there's CEH v7. This is going to include completely rebuilt courseware. To start, all of those boring looking slides have been removed. You will no longer see pages with slides with a box of text and a heading with more text below the slide. The text has been removed. The slides are now very graphical (example attached) - and they look good (and I hear they're trying to get the courseware in color rather than black/white). What about the tools? Yes, tools are still included but the courseware will only be discussing the top tools in each category. You won't have slide after slide of tools you'll never use. They'll still be included on the discs for self-study. The exam will be updated and, again this is speculation, I believe the objectives will be updated as well. They have spent more money producing this CEH version than any version in the past and they are taking it very seriously. Why do I believe the objectives will be updated? I sat in as a CEH SME during Hacker Halted with a representative from Prometric and other security professionals. We were tasked with developing question topics/categories - and new questions are being written from these so I can only guess that these will be the new objectives. You should not be seeing weird questions or questions that come from portions of the courseware not in the objectives.

What else could make CEH v7 great? How about getting a free seat in the initial roll-out? On March 14, 25 training centers worldwide will be conducting the first CEH v7 courses. EC-Council will be giving away 125 seats for these classes. Attendees will also receive a commemorative limited edition, metal, certificate of attendance. Global roll-out will be the following week, March 21.

:-)

BillV

@BillV

Thanks for the information on CEHv7!

I'm curious how one would get in on one of those 125 free seats? Will there be a lottery? Or maybe the attendees will be handpicked?

Thanks again!

I've avoided CEH in the past based on poor feedback from colleagues, but I may have to look into it again after they implement these changes. It's always been on my radar because so many jobs ask for it, but I've always made excuses to postpone because I didn't feel like memorizing the names of every tool on the planet for the exam. Sounds good. Thanks for the info BillV!

I can't wait to see what's new in the CEHv7 exam (I mean which new topics).

Also, if the course will now focus on one or to tools per category, I wonder if the exam will be the same. I found the CEH exam difficult to study because while it is good that they keep it up to date, the materials can't follow (outside courses).

Very interesting news...

As far as them passing up SANS, I am not surprised that has happened. I wonder though, that the C|EH is LESS valuable because of the plethora of folks picking up the cert. I wonder if it will become so ubiquitous that it will lose some of its elusiveness (similar to CISSP, IMO).  That could have an additional effect of raising the bar for entry level infosec pros trying to cut their teeth because now it because the candidate pool will grow significantly.  Just my opinion.
CEH 7, I guess I will pick it up although that money is looking like it may be better spent on a new server or books or saving it. I don’t know. I won’t say I am in a rush to get a new job but I am always looking to beef up my resume/knowledge. I think that the CEH cert should be coupled with something like the elearnsecurity course to make you a “real” CEH. When I say real, I mean not a paper tiger.  Again just my opinion.
At any rate it looks like the CEH folks are making a killing, I just hope new material will be out by July when I am ready to take the exam.
 

@knwminus: I agree with both points - that too many holders may lower the value and that a practical would be a good thing. While the CEH is still meant to be an introductory/intermediate level certification, I would like to see the follow-on LPT have a practical.

It's good that we have SANS, ISC2, EC-Council, Offensive-Security, eLearnSecurity, etc to offer us a broad variety of products. It is also obvious that everytime they release a new version of their course, it is improved and updated.


I personnaly think that EC-Council should either release their numbers or just don't talk about it. Offensive-Security don't talk about it either and it is good that way. To me, it's all out or all in. Otherwise, it looks a bit lame...

But if EC-Council has more CEH (which is certainly the vast majority of their certified professionals), good for them! They have found a good market. I am happy to be a CEH myself because people know about it now. Like CISSP, sometime, it's better to have a cert with many, many people has compare to say, GSE that people dont really know (I mean, HR people). GSE is a killer cert to have, but CEH may open more doors...

Thanks for the info BillV, keep us posted!

I am with you knwminus.

Also, I have recently seen a job poster asking for a network pentester. They were looking for someone with... CISSP! Good employers would know what they are looking for, but that"s mainly true for someone who is looking at hirering.

But for a small company who don't have a clue about security but want someone to check if their infrastructure is secure, they don't know what to look for. They may have heard of CISSP or CEH, but they wouldn't know what OSCP or OSCE is. Sad but true...

So to me, the value is in having multiple certs. Some common ones (CISSP, CCNA and now CEH) and some quality ones (OSCP, OSCE, GPEN). But I mean CISSP, CCNA and CEH are not quality ones, but they are more entry level. That's why many people have them...