CEH is a scam

Viewing 24 reply threads
  • Author
    Posts
    • #3161
      w007
      Participant

      One of my friend who took a CEH class with me pointed out this article to me

      http://it.toolbox.com/blogs/securitymonkey/run-away-from-the-ceh-certification-9639

      Also read all the comments…
      What do you guys think ??

    • #21129
      morpheus063
      Participant

      IMHO, whatever mentioned in the specified link / site may be true. However, there are always two sides. I believe what is mentioned is the negative side. And not mentioning the positive side is not something good.

      CEH defenitely provides a platform for a newbie to study, learn and test ones knowledge in the security / ethical hacking. The certification has provided entry points to many security professionals. The level of knowledge or the domain covered may differ from certification to certification and no certification assures 100% knowledge.

    • #21130
      vijay2
      Participant

      I have said this before

      http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2971.msg14033/#msg14033

      and again would say that CeH, is nothing more than a entry level Cert. But i would have to say it has marketed itself better than other great Certs (GPEN, OSCP), as CeH on your resume would get you more calls from recuriters than all other combined.

      VJ.

    • #21131
      blackazarro
      Participant

      I think it is also important to mention that it depends on the instructor who is teaching the course. A good instructor makes all the difference. However, I opted for the self study mode and I learned a lot during the course of my studies.

      The CEH exams has improved within the last years and when I took the CEH v5 exam, I founded it to be of good quality compare to other cert exams I have taken.

    • #21132
      w007
      Participant

      There are other entry level certificates too like Security+.
      I am an intern in one of the biggest company in the world as a security assessor and NONE of my colleagues(full time professionals) have ever heard of CEH.
      IMO I think CEH is just a money making scheme. You guys have heard about all the amount required just to MAINTAIN the certification :-[

    • #21133
      hasslehawk
      Participant

      Hello
      I a ma newbie to security arena. I am planning to shift from my current programming/developer profile to security. Was planning to go for CEH certification as a starting point, but reading this post confused me.
      Can any experienced member clear out this. I read the post mentioned in the link but it was really old. So want to know what value does it add to my resume after getting CEH (I do agree just having certification doesn’t make me expert in security, but I need a start).

      Thanks

    • #21134
      geekyone
      Participant

      Hasslehawk,

      I think you will find most people on this forum will agree that the CEH is an excellent entry level certification.  If you want to get into the IT security field and into penetration testing specifically the CEH is a good place to start.  As long as you realize that while the course is helpful it isn’t a one stop shop.  Just because someone gets a CEH doesn’t make them an experienced pentester able to run a full pentest all by themselves.  The material is a bit tool heavy (it concentrates on teaching all the different tools that are available) and some of it is a little out dated.

      The CEH is great for getting your feet wet and finding out if you would really enjoy doing this type of work.  It gives you a good solid understanding of what kind of work a pentester does.  It tends to stay on the technical side of things though and doesn’t get into reporting and procedural stuff very much.

      If you are interested in getting into IT Security then by all means take the course/certification.  It is worth the money unless you are already an experienced pentester in which case there isn’t much use taking an entry level cert like this.  I hope this helps.  Also if you search through this forum you will find many threads going over the pro’s and con’s of various security certifications.

    • #21135
      geekyone
      Participant

      I just wanted to also add that while I don’t really like the EC-Council’s new continuing education system that you have to use to keep your CEH up to date it really isn’t any worse then the CISSP.  I just wish EC-Council would make all their requirements exactly like ISC2 so I don’t have to worry about if this education qualifies for CISSP but not CEH and then trying to make up the difference.  That is kinda a pain but the EC-Council’s requirements for upkeep of their certifications are quite fair.

    • #21136
      hasslehawk
      Participant

      Thanks geekyone  🙂
      This clears up a lot of trouble I was facing to decide wether to go for CEH or not..
      Now I am aiming to get the certification by March (if I can go through the entire courseware ;))
      One more query (not sure if this is correct thread or not)
      Thanks again .. keep up the good work..

    • #21137
      chuck378
      Participant

      I don’t think that CEH is a scam.  Like others have mentioned it’s only an entry level certification and it depends on the Instructor.  I’m a CHFI and my main line of work is Computer Forensics.  I did take the CEH class (version 5.0) and I learned a lot (Besides the Instructor that I had was outstanding) .  I did not take the exam because I rather buy some new hardware for my lab ($250 can go far sometimes especially on a tight budget).  I took the CHFI exam because it was incorporated in the price and I could not opt out of it.  Besides, just because you pass the test does not mean that you can do the job, it only means that you have gained the basic knowledge on the topic (Don’t get me wrong, passing the test is a great accomplishment and anybody who takes it should be proud for passing.  I just find that I could use the $250 for better things). 

      If you want a true Ethical Hacking Class with hands on labs etc… check out OSCP cert.  Now that is challenging.  And for $750 with exam and extended lab access it’s a great value.  Those classes have been full for as far as I remember.

      Also don’t forget another important resource.  The Laura Chappell Master Library.  I purchased it for $999 and it’s worth 10 times as much.

      Just my 2 cents…

      Also, I think that all members would agree with me, passing an exam taking a course is only the beginning.  It’s what you do with it that makes you stand out.  Do your own research and keep up with the technology.  Read, Read and read and do your own testing.  Forums like these are full of knowledge.

      I think that I spoke to much….
      Take Care,
      chuck378

    • #21138
      jason
      Participant

      The CEH, like most any other cert, has a full range of holders from idiot to genius. As several others have mentioned, this is an entry level cert that is marketed very well. The article mentioned is now three years old and the state of the cert has changed quite a bit in that time. You can praise or damn most anything.

    • #21139
      Michael J. Conway
      Participant

      Getting my CEH got me my current job. It was a great entry into the security world. Does that mean you can turn me loose on someone’s network? No, but I do have the basic knowledge for building on. As with any cert, there are two sides to the coin. Weigh your options and go for the cert you want. Where I work, every one in this office has the CEH and there are quite a few others thrown in for good measure.

    • #21140
      BillV
      Participant

      I haven’t read through all the posts here (yet) or the comments on the linked page, but look at the date (5/31/2006) in that posting.

      None of the stuff in the original rant on that link holds true any longer.. I’ll try and counter each…

      1) Their US office is in New Mexico, they had a temporary address in NY while they were moving headquarters.

      2) The university has been opened, they are licensed and they are not far away from earning accreditation (there’s a thread in the forums here about this somewhere else – search it).

      3) I’m a member, I’m involved. I know others are as well. Not sure what he’s complaining about on this one.

      4) CNDA was created because US gov’t positions specifically (allegedly) complained about having ‘Hacker’ in an official certification. I don’t know the full story behind this one, but that’s the reason that has been given.

      5) ECSA/LPT training is combined. You receive all those things listed and you receive advanced training comparable to the SANS GPEN course (and then some).

      6) There are plenty of other certifications that EC-Council offers.

      BillV

    • #21141
      BillV
      Participant

      @w007 wrote:

      There are other entry level certificates too like Security+.
      I am an intern in one of the biggest company in the world as a security assessor and NONE of my colleagues(full time professionals) have ever heard of CEH.
      IMO I think CEH is just a money making scheme. You guys have heard about all the amount required just to MAINTAIN the certification :-[

      That is very hard to believe. Attend a security conference or a monthly ISSA meeting and ask members there if they have at least heard of the CEH. I’d be incredibly surprised if they say no.

      How old are your colleagues? People that are (and have been) set in their ways and are comfortable where they are at don’t typically pay as much attention to new certifications. I’d expect that they haven’t heard of OSCP or GPEN either.

    • #21142
      jason
      Participant

      @BillV wrote:

      That is very hard to believe. Attend a security conference or a monthly ISSA meeting and ask members there if they have at least heard of the CEH. I’d be incredibly surprised if they say no.

      I find that a bit hard to swallow as well. Look around at a few security publications, conferences, etc… and see what letters folks have stuck on the end of their name. I think you’ll see CEH crop up rather alot.

    • #21143
      w007
      Participant

      Hmm could be ….  You guys could be right … just wanted your opinions

    • #21144
      jason
      Participant

      Opinions are something that we have plenty of around here  ;D

    • #21145
      BillV
      Participant

      Ha! Hopefully our opinions were insightful if nothing else… plus, most of us are CEH holders ourselves 😉

    • #21146
      w007
      Participant

      @BillV wrote:

      Ha! Hopefully our opinions were insightful if nothing else… plus, most of us are CEH holders ourselves 😉

      Ohh now I see why is the website being criticized so much  ;D

    • #21147
      jason
      Participant

      That and they’re not presenting a particularly balanced or accurate case.

    • #21148
      Anonymous
      Participant

      i agree on what someone said, it always depends on your instructor. story would change of course if you are already wide awake on the field. but for beginners, a good study plan and a good instructor will make them good.

      as for the scam thingy? hmmm only a few would invest on this course if this is just a scam. what do you think?

    • #21149
      Kev
      Participant

      As BillV posted, many of us have gone down the CEH path.  I am sure that the idea behind the CEH was also to make money, but what cert doesnt?  The question to ask is if it does a responsible job at what it is intended to do.  Anyone that I have known personally that has gone through the CEH process has never called it a scam.  Yes, we might criticize it and feel there is room to improve it, but never felt like it was a scam. 

    • #21150
      partek
      Participant

      Personally I found the CEH to be a decent certification. My only real complaints are the heavy focus on Windows, and the poor editing of the printed content. I feel that I learned a lot though.

    • #21151
      CMonkeyDO
      Participant

      I definitely agree with the emphasis on the instructor, though it’s probably out of your control.  I sat through the v5 class and had a great experience.  I recently attended the v6 class with a different instructor and my experience was horrible.  The first instructor kept the class engaged and added personal experience stories and thoughts as well as “capture the flag games”.  The second instructor read the slides with “little play time”.  Either way if your just getting into the security space it’s your own fault if you don’t learn alot (with or without the certification).

    • #21152
      Lestat
      Participant

      I taught myself how to do penetration tests but only had a GSNA certification which didn’t advertise my pen test skills.

      Once the CEH went behind my name it started getting me jobs right and left as many other companies in my market area do not have any certified people doing their pen testing.

      Whether InfoSec has a building someplace or no place is a moot point when it comes to what the CEH (entry level though it may be) on your business cards and engagement letters can do for you.

Viewing 24 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?