Hello,

I need some help to decide which cert I should take between CEH/CPTE/CPT/OSCP/eCPPT. I don't consider
myself as a beginner (Bsc computer sience, CISSP, 7 years professional experience). My plan is
self-study and online exam, because of very low budget. I've read some reviews that
for CEH, reading the CEH all-in-one exam guide is enough to pass the exam, so I only will
spend $500 for exam voucher and $100 for the non-refundable fee. Then I saw CPTE by mile2 which according
to some opinions, has better material than CEH. The drawback is market recognition and I have
to buy the material ($550) then more $250 for the exam.
For the CPT by IACRB, I didn't understand if they have an online exam and self-study material.
The OSCP seems to have more advanced material (building exploits, shellcode) and I think I should
take something like CEH first.
The eCPPT seems like in the same line of OSCP but a little some soft. I could be a good option,
but I think it doesn't have the market recognition yet.

That said, I would appreciate some comments.

Best regards.

Hi psimoes79,

Welcome to EthicalHacker.net! I think the OSCP would be the best bang for your buck in all honesty, but it could come off extremely hard depending on your skills relating to pen-testing. I've heard CISSP is more of a management cert, but I'm guessing with 7 years and your Bachelor's under your belt, you've at least toyed with Penetration Testing for awhile. Having taken the course myself, I found it challenging, and I learned a ton. If you want to get some of my background on it before going in, I wrote a review
here which may come in handy.

I've also taken the Pro course at eLearnSecurity at this is a great course also. The certification exam and course as a whole is hands-on, and writing a detailed report is 50% of the examination I believe. What I noticed that I liked more in OSCP over the eCPPT course is that we as an Off-Sec student your handed a lab with over 50 machines with pre-configured vulnerabilities to break into and test your skills. At the time I was going through eCPPT (last year around September or October) this wasn't available. The labs were more based around pulling material down from the course and practicing on your own machine. Both are great courses and if your newer to penetration testing I would say go with eCPPT. If you've been dabbling awhile and like pain, go for OSCP. This is all just from my experience! I would also just like to add in that I believe eLearnSecurity accepts payments, so if your budget is tight, this could be a great route. eLearnSecurity also still appears to have their 5% off the course for EH-NET members which can be redeemed here.

I've heard CPT is a fun course. I actually think we have a couple members who have their CPT certifications that may be able to add on their input to help out. Incase they don't respond, here's a CPT review link below:
http://www.ethicalhacker.net/content/view/368/2/

In regards to CEH and CPTE, I know CEH is more recognized in the industry but I also hear you can walk out of the course certified as a CEH, and not know how to penetrate systems. There are tons of CEHs on this board who could lend their opinions on the course. I asked Mile2 if their CPTE course prepares an individual for CEH and got a solid summarized response of, 'Yes'. It seems like if you take CPTE, you might as well sign up for the CEH exam. Maybe this will help you out http://mile2.com/articles/157-cpte-vs-ceh.html

Companies are of course all for promoting their training over others. It's overall a competitive world and there's tons of great resources out there. Take everything in before deciding! (:

kris

I'll tell you what I just told my friend about eCPPT:

I highly recommend the eCPPT, for the cost it is probably the best entry level web hacking course/certification.   if you want to get into web penetration testing, but don't have much knowledge or experience, take the course.  There are 3 sections to the eCPPT: web, network, and system security.  The system section is all Windows-based, so they'll teach you how to write drivers, rootkits and buffer overflow exploits for Windows, which is pretty cool, but if you're not into Windows, then that probably won't be very useful to you.  The web section, however, is awesome and I highly recommend it, provided you don't really have any web security experience.  If you already know how to perform advanced XSS and SQL Injection exploits, the eCPPT is probably not for you.  Also, the actual final exam for the eCPPT only really tests the section on web security.

Lastly, there is no time limit for when you need to take the eCPPT exam.  I went through all 3 sections in 5 months and then took the exam.

Kris has already linked to my course review of CPT by InfoSec Institute. If you still have any questions, please feel free to ask.


OSCP hasn't much market recognition either. However, it's a very practical course and does a good job in explaining the covered topics. You won't be a pentester after the course, but it does give you some of the foundations you'll need. If you have 7 years professional experience (in security?) as stated, it shouldn't be much of a problem to get through the OSCP course and exam.

Hello psimoes79,

As you observed, one of the big advantages of this forum is that most of the courses you've enquired about have been taken by one of its members, and you can find valuable and detailed feed back about each one.
If you want my answer for your question: shoot for a practical course. Forget about CEH, even if it has the advantage that most of HR knows about, I think that the rest of the courses have already started to show their heads on the market (especially OSCP).

However, choosing which one to take should be first based on your final goal: why do you want/need to take any of these courses? Personal development, job development, shooting for a new carrer?

You know the answer - having the CISSP none of them should be any problem for you, but you should see which one fits best on your desired path.

Hope this helps.

OSCP is becoming more recognized as a good course, but I think that would be dependent on the country you are based. For example if you are in the UK, courses like the TigerScheme training courses are good and you will get an industry recognized qualification, BUT as always money may be a factor when it comes to 'Bootcamp' style courses.

As I have completed my OSCP I found the course to be very enjoyable and very rewarding.
 
Good Luck

No one is going to kick down your door to hire you with an OSCP. I recommend getting an "HR Cert" so that you can get an interview and get in the door. It's likely that after you get into an interview there will be someone who knows and respects the OCSP/E