.

CEH is a scam

<<

w007

Newbie
Newbie

Posts: 6

Joined: Sat Dec 27, 2008 1:25 pm

Post Fri Jan 02, 2009 3:48 am

CEH is a scam

One of my friend who took a CEH class with me pointed out this article to me

http://it.toolbox.com/blogs/securitymon ... ation-9639

Also read all the comments...
What do you guys think ??
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Fri Jan 02, 2009 5:30 am

Re: CEH is a scam

IMHO, whatever mentioned in the specified link / site may be true. However, there are always two sides. I believe what is mentioned is the negative side. And not mentioning the positive side is not something good.

CEH defenitely provides a platform for a newbie to study, learn and test ones knowledge in the security / ethical hacking. The certification has provided entry points to many security professionals. The level of knowledge or the domain covered may differ from certification to certification and no certification assures 100% knowledge.
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Fri Jan 02, 2009 8:14 am

Re: CEH is a scam

I have said this before

http://www.ethicalhacker.net/component/ ... /#msg14033

and again would say that CeH, is nothing more than a entry level Cert. But i would have to say it has marketed itself better than other great Certs (GPEN, OSCP), as CeH on your resume would get you more calls from recuriters than all other combined.

VJ.
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Fri Jan 02, 2009 8:47 am

Re: CEH is a scam

I think it is also important to mention that it depends on the instructor who is teaching the course. A good instructor makes all the difference. However, I opted for the self study mode and I learned a lot during the course of my studies.

The CEH exams has improved within the last years and when I took the CEH v5 exam, I founded it to be of good quality compare to other cert exams I have taken.
Security+, OSCP, CEH
<<

w007

Newbie
Newbie

Posts: 6

Joined: Sat Dec 27, 2008 1:25 pm

Post Fri Jan 02, 2009 1:16 pm

Re: CEH is a scam

There are other entry level certificates too like Security+.
I am an intern in one of the biggest company in the world as a security assessor and NONE of my colleagues(full time professionals) have ever heard of CEH.
IMO I think CEH is just a money making scheme. You guys have heard about all the amount required just to MAINTAIN the certification :-[
<<

hasslehawk

Newbie
Newbie

Posts: 8

Joined: Sat Dec 27, 2008 12:31 am

Location: US

Post Fri Jan 02, 2009 8:31 pm

Re: CEH is a scam

Hello
I a ma newbie to security arena. I am planning to shift from my current programming/developer profile to security. Was planning to go for CEH certification as a starting point, but reading this post confused me.
Can any experienced member clear out this. I read the post mentioned in the link but it was really old. So want to know what value does it add to my resume after getting CEH (I do agree just having certification doesn't make me expert in security, but I need a start).

Thanks
I have no special talents. I am only passionately curious ~ Albert Einstien

MCP, CEH
WIP: Need to decide next step
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Fri Jan 02, 2009 10:05 pm

Re: CEH is a scam

Hasslehawk,

I think you will find most people on this forum will agree that the CEH is an excellent entry level certification.  If you want to get into the IT security field and into penetration testing specifically the CEH is a good place to start.  As long as you realize that while the course is helpful it isn't a one stop shop.  Just because someone gets a CEH doesn't make them an experienced pentester able to run a full pentest all by themselves.  The material is a bit tool heavy (it concentrates on teaching all the different tools that are available) and some of it is a little out dated.

The CEH is great for getting your feet wet and finding out if you would really enjoy doing this type of work.  It gives you a good solid understanding of what kind of work a pentester does.  It tends to stay on the technical side of things though and doesn't get into reporting and procedural stuff very much.

If you are interested in getting into IT Security then by all means take the course/certification.  It is worth the money unless you are already an experienced pentester in which case there isn't much use taking an entry level cert like this.  I hope this helps.  Also if you search through this forum you will find many threads going over the pro's and con's of various security certifications.
CISSP, CEH, GPEN, GCIH, GCFA
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Fri Jan 02, 2009 10:13 pm

Re: CEH is a scam

I just wanted to also add that while I don't really like the EC-Council's new continuing education system that you have to use to keep your CEH up to date it really isn't any worse then the CISSP.  I just wish EC-Council would make all their requirements exactly like ISC2 so I don't have to worry about if this education qualifies for CISSP but not CEH and then trying to make up the difference.  That is kinda a pain but the EC-Council's requirements for upkeep of their certifications are quite fair.
CISSP, CEH, GPEN, GCIH, GCFA
<<

hasslehawk

Newbie
Newbie

Posts: 8

Joined: Sat Dec 27, 2008 12:31 am

Location: US

Post Sat Jan 03, 2009 2:24 am

Re: CEH is a scam

Thanks geekyone  :)
This clears up a lot of trouble I was facing to decide wether to go for CEH or not..
Now I am aiming to get the certification by March (if I can go through the entire courseware ;))
One more query (not sure if this is correct thread or not)
Thanks again .. keep up the good work..
I have no special talents. I am only passionately curious ~ Albert Einstien

MCP, CEH
WIP: Need to decide next step
<<

chuck378

Newbie
Newbie

Posts: 5

Joined: Tue Sep 23, 2008 11:18 am

Post Sat Jan 03, 2009 11:47 am

Re: CEH is a scam

I don't think that CEH is a scam.  Like others have mentioned it's only an entry level certification and it depends on the Instructor.  I'm a CHFI and my main line of work is Computer Forensics.  I did take the CEH class (version 5.0) and I learned a lot (Besides the Instructor that I had was outstanding) .  I did not take the exam because I rather buy some new hardware for my lab ($250 can go far sometimes especially on a tight budget).  I took the CHFI exam because it was incorporated in the price and I could not opt out of it.  Besides, just because you pass the test does not mean that you can do the job, it only means that you have gained the basic knowledge on the topic (Don't get me wrong, passing the test is a great accomplishment and anybody who takes it should be proud for passing.  I just find that I could use the $250 for better things). 

If you want a true Ethical Hacking Class with hands on labs etc... check out OSCP cert.  Now that is challenging.  And for $750 with exam and extended lab access it's a great value.  Those classes have been full for as far as I remember.

Also don't forget another important resource.  The Laura Chappell Master Library.  I purchased it for $999 and it's worth 10 times as much.

Just my 2 cents...

Also, I think that all members would agree with me, passing an exam taking a course is only the beginning.  It's what you do with it that makes you stand out.  Do your own research and keep up with the technology.  Read, Read and read and do your own testing.  Forums like these are full of knowledge.

I think that I spoke to much....
Take Care,
chuck378
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Jan 04, 2009 12:25 pm

Re: CEH is a scam

The CEH, like most any other cert, has a full range of holders from idiot to genius. As several others have mentioned, this is an entry level cert that is marketed very well. The article mentioned is now three years old and the state of the cert has changed quite a bit in that time. You can praise or damn most anything.
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Mon Jan 05, 2009 8:38 am

Re: CEH is a scam

Getting my CEH got me my current job. It was a great entry into the security world. Does that mean you can turn me loose on someone's network? No, but I do have the basic knowledge for building on. As with any cert, there are two sides to the coin. Weigh your options and go for the cert you want. Where I work, every one in this office has the CEH and there are quite a few others thrown in for good measure.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Jan 05, 2009 10:56 am

Re: CEH is a scam

I haven't read through all the posts here (yet) or the comments on the linked page, but look at the date (5/31/2006) in that posting.

None of the stuff in the original rant on that link holds true any longer.. I'll try and counter each...

1) Their US office is in New Mexico, they had a temporary address in NY while they were moving headquarters.

2) The university has been opened, they are licensed and they are not far away from earning accreditation (there's a thread in the forums here about this somewhere else - search it).

3) I'm a member, I'm involved. I know others are as well. Not sure what he's complaining about on this one.

4) CNDA was created because US gov't positions specifically (allegedly) complained about having 'Hacker' in an official certification. I don't know the full story behind this one, but that's the reason that has been given.

5) ECSA/LPT training is combined. You receive all those things listed and you receive advanced training comparable to the SANS GPEN course (and then some).

6) There are plenty of other certifications that EC-Council offers.


BillV
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Jan 05, 2009 11:00 am

Re: CEH is a scam

w007 wrote:There are other entry level certificates too like Security+.
I am an intern in one of the biggest company in the world as a security assessor and NONE of my colleagues(full time professionals) have ever heard of CEH.
IMO I think CEH is just a money making scheme. You guys have heard about all the amount required just to MAINTAIN the certification :-[


That is very hard to believe. Attend a security conference or a monthly ISSA meeting and ask members there if they have at least heard of the CEH. I'd be incredibly surprised if they say no.

How old are your colleagues? People that are (and have been) set in their ways and are comfortable where they are at don't typically pay as much attention to new certifications. I'd expect that they haven't heard of OSCP or GPEN either.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Mon Jan 05, 2009 12:07 pm

Re: CEH is a scam

BillV wrote:That is very hard to believe. Attend a security conference or a monthly ISSA meeting and ask members there if they have at least heard of the CEH. I'd be incredibly surprised if they say no.


I find that a bit hard to swallow as well. Look around at a few security publications, conferences, etc... and see what letters folks have stuck on the end of their name. I think you'll see CEH crop up rather alot.
Next

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software