.

Is CEH really useful?

<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Mon Aug 25, 2008 12:23 am

Is CEH really useful?

I am active in infosec arena for some time now and I beleive that I know all the moves of the game. Recently I just got a book on CEH preparation and I found that the exam is really easy and doesn't cover much material there is. So is CEH really worth it?

I think I can clear it easily within a week, should I do it?
There is no rule, law or tradition that apply universally... including this one.
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Mon Aug 25, 2008 2:25 am

Re: Is CEH really useful?

This is just my personal opinion, but all certs are the same thing.

A certification is an official way of proving you have studied a subject, and retained the knowledge, allowing you to answer questions and carry out tasks. As a reward you get the certificate to prove this, should anyone want to see it.

Personally (and maybe its because I end up paying for all the courses I do) I am much more concerned with obtaining as much knowledge as I can, and not really to fussed with getting the piece of paper. I have interviewed so many people who have certifications for all sorts, but they dont really seem to know what they are doing, they just dont know how to apply the knowledge they claim to have I guess.

So personally if you have had no issues proving yourself in the past, then just having the knowledge should be enough. However many organisations like people to have the Certs, as it helps with the marketing.

Sorry if this has been of no help, but I dont think there is a right answer, just the one you feel most suitable to your needs.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Mon Aug 25, 2008 3:00 am

Re: Is CEH really useful?

Shakuni,

think I'm somewhere in the middle here. The key to any training is, as Dale says, getting as much knowledge as you can. Certifications are secondary. However I still intend to get as many certifications as I can get my hands on.

Having the cert may get you the interview, while lack of knowledge gets you the door. But in some cases lack of the certs means you won't get the interview to prove you know your stuff.

Bottom line is (AFAIK, not C|EH qualified yet) the exam is relatively cheap compared to other certs. If you believe that you already have all the required knowledge making it a simple and quick process for you to gain the cert then I'd recommend going for it.

Granted, you may find that having the cert provides no benefit due to your exhisting experience/skillset, but having it should have a detrimental effect either. Plus it never hurts to flex you little grey-cells every now and then ;)

Just my £0.02...
<<

Simon

User avatar

Newbie
Newbie

Posts: 18

Joined: Tue Aug 19, 2008 7:59 pm

Post Mon Aug 25, 2008 7:00 am

Re: Is CEH really useful?

Note:  I'm somewhat biased in this answer ;)

I think that a cert is just a means to opening up doors that may otherwise be closed to you.  Same as a college degree -- they don't mean that you are an expert in the field, but they're at least an indication that you have the knowledge and capability to learn.  A C|EH doesn't mean you're a hacker....but it is an indication that you can learn the skills needed and gain the experience.

I've found the C|EH to be one of the more technical certs out there for hacking (more decidedly in the "gray" range than others).  For a beginner, it's very tough....one of the harder exams some of the rookies at my office have had to take.  For someone with experience, it's really not so bad (as you surmised).  To me, that's a sign of a good test in that it means the test checks for knowledge that you actually apply.

There's a number of things that I don't like about the exam, but the good outweigh the bad for me.
C|EH, ECSA, C|EI
http://www.halock.com
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Aug 25, 2008 7:15 am

Re: Is CEH really useful?

I think that this cert is is meant to get your started in the pen testing world.  I don't believe that after you pass the exam you are necessarily ready to become a "hacker."  Still, I think it has a good foundation and the rest is up to you. 
~~~~~~~~~~~~~~
Ketchup
<<

mad_irish

User avatar

Newbie
Newbie

Posts: 17

Joined: Thu Aug 14, 2008 7:45 am

Post Mon Aug 25, 2008 7:57 am

Re: Is CEH really useful?

Certification, in the end, stands as independent verification that you passed a test.  The test criteria and the respectability of the certifying body determine the value of the test to others.

Personally, when I interview someone I don't give a second look at the certifications they have.  I look for experience that proves the assertions the certifications make.  Proving you can apply knowledge that a certification tests is much more difficult than just getting a certification.

I have to applaud the CEPT because it has a practical portion that is unstructured, that forces you to apply your knowledge.  If all certifications had this sort of component fewer people would be certified but certification would be worth a lot more.

That said, in the end I think demonstrable knowledge and skill are much more important than a certification, but then again I'm not working in a big box corporation.  For large organizations, the HR departments will insist on some sort of rubber stamp they can use to weed out candidates.  So if that sort of job is your goal, certifications are great.

Certifications are also good if you're freelance or doing consulting.  Having certifications stand in good stead for references (which are probably better).  However, having lots of certifications will make your client feel more confident about you, and allows them to justify their investment in your services to their superiors.  Like the saying goes, nobody ever got fired for choosing the Gartner pick.

Outside of consulting and big corporations though, in that other murky realm inhabited by your peers, a certification is going to be worth the paper it's printed on.  Other security professionals, especially those who are familiar with certifications, view certifications with quite a bit of skepticism.  Proving to this audience that you know your stuff will require quite a bit more.  In this arena I would say a published article is worth a lot more than a certification.  Working on an open source project, producing white papers, publishing exploits and the like will go a lot farther to prove your credibility than producing a certification that shows you memorized the answers to a hundred multiple choice questions.

Of course, going to a hiring officer at a large company and saying "I published the remote root compromise of servers running foobar 1.2" will probably just get you a blank look.  On the flip side, if you do something like that, someone might just come looking for you with a job offer.  I never heard of anyone trolling the CISSP registrations looking to hire their next rock star though...
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Aug 25, 2008 9:32 am

Re: Is CEH really useful?

In its current form, I do not believe the CEH provides any value. I studied for a week and passed it easily. My complaints about it, are that it is too much focused on tools and options of said tools. Knowing that a tool exists and how to use it, is nothing special IMHO. I wouldn't call the CEH a pen testing cert either. Its more like hacking tools 101.
<<

Simon

User avatar

Newbie
Newbie

Posts: 18

Joined: Tue Aug 19, 2008 7:59 pm

Post Mon Aug 25, 2008 9:37 am

Re: Is CEH really useful?

One thing to keep in mind on the C|EH is the nature of the exam:  it's  a random draw of questions from an increasingly large pool.

In the exams that I've proctored, I've seen some very bright guys get a rough draw of questions and have a hard time with the exam.  I've also seen some "not so bright" guys (to put it lightly) get an easy draw on questions and coast right on through.

In the last round of proctoring, one guy failed the exam and decided to re-sit it immediately (it's a 4 hour exam).  He passed on the second try, saying that the questions he got on the second round were a LOT easier than the first.

It's all about the draw.

I tend to think of it as: the exam does a decent job of eliminating false positives (you need to know the subject matter to pass)....not so good at eliminating false negatives.
C|EH, ECSA, C|EI
http://www.halock.com
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Mon Aug 25, 2008 1:50 pm

Re: Is CEH really useful?

Is the CEH useful?  Yes and no. I believe it depends on how you present it and yourself. Is nmap useful? Same answer. It depends on how you apply it. In one persons hands it can be useless and in another it can be a good tool. The CEH is not like having a Havard degree where most people will just automatically assume you have your act together.  But if you know how to sell yourself and present it in a certain way, it can open some doors.  All in all I would say having it is a plus as I would say with any certification. Just don't expect the world to coming breaking down your doors because you have it. 
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Mon Aug 25, 2008 2:43 pm

Re: Is CEH really useful?

I'll echo Kev's words. The cert got me the interview and it showed that I wanted to get into the field and wasn't afraid to spend my own money to do so. After getting the interview, the rest was up to me. Yes certs have value, but they are just a step in getting the job, the rest is up to you.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Mon Aug 25, 2008 11:25 pm

Re: Is CEH really useful?

Thanks a lot guys.

One more question,
If certs are only good for HR filtering then I don't need it cause I am already in(just because of my skill). So should I get it now?

@mad_irish, this one was great!
I never heard of anyone trolling the CISSP registrations looking to hire their next rock star though...
There is no rule, law or tradition that apply universally... including this one.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Aug 26, 2008 9:52 am

Re: Is CEH really useful?

Couple things:

1. You may not be working where you just got hired for the rest of your life. In fact, chances are you will not. You should always look at your resume as a work in progress.
2. Your new employer may pay for the training & exam whether that be CEH, CISSP or any other cert. So then why not?

$.02

Don
CISSP, MCSE, CSTA, Security+ SME
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Tue Aug 26, 2008 1:44 pm

Re: Is CEH really useful?

If there is someone else paying, and there isnt to much of a catch, and you have the time and they support you, its probably worth a shot.

With all things though, its easier if you actually want to do it.

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software