Hi everyone,

Just passed my CEH today, and am looking at doing the CHFI next.  I'd like to have CEH + CHFI + OSCP in the next 12 - 18 months.

Does anyone have any feedback on the CHFI course?

Anyone done the OSCP?  I've heard that it's nuts - in a really good way.

Wow.  That was unhelpful.

"Hi mate, you're looking for an updated opinion circa 2011 - use google or the forum search to look for old opinions that may not be up to date or relevant".

Seeing as I was after a range of up to date opinions and not a simple how to, your post isn't really much use.

So wait...  You want to be in IT security, but take offense to people telling you to search an IT security-related forum?  When OSCP tells you to 'try harder', you'll be in for a rude wake-up.  Not trying to be mean, so don't take it that way, please.  But a fast search here WOULD have yielded you pretty current results.  So rather than immediately going on the offensive, I'd highly suggest you check ego at the door, and learn from this.  BillV's reply was short and to the point.  Spend some time here, and you'll learn he IS here to help, as are many of us, who might well have given you the same advice. 

It'd be different if you first looked, then asked.

Anyway, welcome, and I hope you feel more positive about future experience and research, here.

Thank you for the welcome, and your response.

I did look first, and then asked.  In hindsight, the problem was most definitely my fault and I think lies in my question and how it was worded.

My actual question should have been:

"Do people think there is much point in doing the CHFI if I have CEH and plan to get OSCP?"

While I could find peoples experiences in doing CEH, CHFI, and OSCP individually, and some threads about CEH and OSCP, i couldn't really find a definitive answer as to whether or not the CHFI would be worth my time (and my works money) if I planned on jumping in to the OSCP anyway.

I get that the CHFI is more the other side of the coin, but I figure the OSCP will leave me thinking in a different way about IT security and some of the stuff in CHFI will be intuitive just from all the work that goes into OSCP.  Maybe I'm wrong.  Who knows.

In regards to this:


I don't take it as rude at all and understand your point.  The above quote is the nice version of how I get treated by my mentor/s at work every day, so I'm not particularly concerned about that side of OSCP.  Hearing "Shut up.  Work it out yourself" from your boss most of the time prepares you a little for that sort of thing.


No, not offense. I didn't mean to be offensive either.  I just meant to be straight to the point.  The thing that irked me was my perception of the tone in the message. 

I read it as "You're annoying me and I couldn't even be bothered wasting my time with a hello.  Sod off and go use the search function instead of wasting our time"
Like I said, my perception of tone.  Forums (and emails) can get that way sometimes.  I'll take it as my fault.


Not quite sure what you mean.  My self importance is not wrapped up in this.  As I have outlined above, there was some errors in my perception of the original response, and the initial question i asked.  It's not relevant to bring my sense of self esteem into question or map out my psyche based on two forum responses.


Thanks. I have had a browse through prior to this thread being started your blog and read that particular post once or twice.  It's a good review of OSCP, but doesn't answer the question (that I didn't ask properly).


Thanks BillV.  My Apologies

It was more like "We get asked this question almost daily, you're sure to find the answer in a thread that already exists. Myself, and others, have already answered the same, or very similar, questions and my response most likely remains the same."


Had that been the initial question my response would have varied, and went more like this...

You would be better off to go to the OSCP first before going to the CHFI. It's been a little bit of time since you did the CEH course (Sept. '10) but you've certainly been studying the objectives and material to prepare for the exam you've just taken and passed. While that information and material is fresh in your head, and you have the 'attacker' mindset, it would probably be in your interest to pursue the OSCP before the CHFI as they focus on two different areas. EC-Council, and probably most people, recommend CEH before CHFI because you should know the attack vectors before doing the forensics side. In short, the CHFI is not really going to help you with OSCP as it doesn't directly align with the subject matter but the CEH is a good lead into it.

As for a point in doing CHFI at all, that's up to you and what you want to do with your time/money/career.

Cool. Enjoy and good luck with OSCP. It's a fun course with an extensive lab that you're sure to have a good time with.