Having been sold a C|EH boot camp on the basis that I would be learning the theory & skills to become a Penetration Tester at considerable cost to myself (~$4,500) I am now somewhat bemused
As it turns out I was taught 20-something modules of the v6 course's 67 modules because that is what is in the exam and was expected to learn the rest myself. When I do study the rest of the modules they are filled with as many obsolete tools as they is obsolete/irrelevant information.
I now basically have to shell out more money on something like an OSCP to get any validity. C|EH is cool to tell you friends about but of limited commercial value.
The general opinion, in our traditionally British way which, was backed up by my fellow Czech and American delegates:
a) That EC-Council jumped on the back of the 911 band-wagon and are only interested in making money.
b) The guys on the E|CSA course said you could pass it with C|EH knowledge. So why run the course ? The LPT is a license to print money with $500 for no additional input other than another certificate.
c) The fact that there was potentially offensive pornographic material on the v6 DVD was totally unacceptable!
The relatively newly introduced and well hidden requirement to maintain your certification by, one way or the other, lining the EC-Councils pockets doesn't help. This is exacerbated by the fact that by the time I have actually learnt enough to become an 'Ethical Hacker' I would no longer be certified as one.
If you want 'security professionals' how about providing real-world relevant information that will actually help you protect your companies/clients data and reputation?
I am under no illusion that any certification will lead you into a job and, furthermore, understand that I need to go out and learn the techniques and information to be an Ethical Hacker and stay relevant. So other than a certificate and a car sticker what did I get for my money?
I still would not be able to get a job as a Pen Tester?
I still have little direction as to what I need to do to become a Pen. Tester other than become a genuine hacker, apply for some jobs and hope for the best?
Shouldn't training be about the dissemination of information and the de-mistifying of the Hacker myth?
Is there another body who I should have spent my limited time and $$s on? If so, how do people like the EC-Council survive and shouldn't people within the industry take a stand to ensure that they either improve or disappear? If not, shouldn't places such as this or SANS be instrumental in instigating such a body/training?
Rant & Moan over
p.s. I hope Don doesn't censor me as it is simply an honest opinion/observation.
MCSE:Security, CCNA, C|EH