I get asked this from people in IT I know. One guy recently told me all the CEH program does is teach you script kiddie stuff. This is my answer to that and helps me sell the idea of a pen test. Yes, the CEH involves a lot of ready made programs that a lot of script kiddies use. BUT, thats what 90% of the daily attacks to your network involves. If someone hacked into your network and owned you using stuff like that, well thats what you should be embarrased about and hopefully will not be a resume generator. If some uber, leet, one of kind hacker gets in, well thats bad also, but will not hurt your rep as badly. So please dont let your network be exposed by script kiddie stuff! Once we know that aspect is secure, we can move on to even more complex hacks.