dark_north wrote:I am new to this forum. I have been doing security work for the past 3 years. I am interested in either the CEH or CISSP. My real passion is in pen testing, data recovery, intrusion prevention. My question, does anyone have success stories after getting the CEH? Like, it got me in the door at company ABC and now Im really happy with my job. Or, after getting my CEH, I got a great promotion at work and now make over 100k.
any other success stories would be great to hear...to make up my mind which direction to go..
A CISSP will get you considered for positions you otherwise wouldn't, particularly in consulting. However, there's a stigma to it in the pen testing community in that it's a very broad cert, and I've actually heard bandied about in pentest circles "oh, you're getting your CISSP--you looking to move into security management? Hah!"
A CEH is not terribly hard cert to get (at least it wasn't when I got mine about 3 or 4 years ago). I don't have a magic story for you about it. Also, like so many certs, I know some people with a CEH that wouldn't really have the first clue to successfully doing a quality pen test.
CEH does have decent name recognition though, and I do get a remarkable number of recruiter hits because it's on my resume when they have a client that asks for it specifically (though, I'm always a little suspicious of the security credentials of a customer who targets CEH's specifically).
Overall, I'd say that for pen testing, you'd be better served with neither. If you can get OSCP, on the other hand, then you may have somethin. They don't have the name recognition of CEH I don't think, but within the pen testing community, it seems to be a well respected cert that includes a practical.
That said, the CEH isn't worthless--I learned a ton from Infosec Institute's delivery of their ethical hacking and advanced eh courses. I just didn't think the exam quality was good enough to really put much of a halo around having achieved cert on the CEH.