.

CEH w/o taking the course

<<

bamed

Newbie
Newbie

Posts: 48

Joined: Thu Mar 19, 2009 7:05 pm

Location: Joplin, MO

Post Wed Jan 13, 2010 1:16 pm

CEH w/o taking the course

I'm looking at obtaining my CEH.  I've already got my OSCP.  I noticed on the EC-Council it says:
"If you have opted for self-study and not attended training, you must have at least two years of information security related experience."

Anybody know what counts as "security related experience."
I've been a sysadmin for 6+ years.  My job includes some security aspects such as managing the firewall, IDS, etc.  Would this count, or do I need more specific experience?
chown -R bamed ./base
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Wed Jan 13, 2010 1:42 pm

Re: CEH w/o taking the course

You just need to submit a form (http://www.eccouncil.org/portals/0/docu ... n-Form.pdf) from your manager type person outlining your experience.  I had the requisite time, but I just outlined my duties and other certifications I had obtained.  Just be honest and see what happens.  I think having OSCP should be enough.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Jan 13, 2010 2:09 pm

Re: CEH w/o taking the course

I too would say that it counts - just write what you have done so far and see how things will go. As far as I know EC-Council is very accommodating, so there shouldn't be any problems.
<<

sandcrawler

User avatar

Newbie
Newbie

Posts: 14

Joined: Wed Jan 13, 2010 3:45 pm

Post Wed Jan 13, 2010 4:09 pm

Re: CEH w/o taking the course

I just got my CEH a couple weeks ago and I was in much the same situation as you...  My experience came from a small municipal government agency which I haven't worked at for a couple of years.  While I was there (8 years) I became primarily responsible for all aspects of security.  That included firewalls, IDS, antivirus, countermeasures and a small bit of forensic work, etc.  I just detailed this in brief and prefilled the form for my old supervisor.  She signed it and I faxed it to EC-Council.  If I remember correctly they responded in less than 8 hours with the code I needed to register for my exam.

With that said, the content of the test was NOT what I expected.  I used resources I had here at work to read a couple of the study guides available via books24x7.  It seems the books more or less skimmed over the content enough to say..  "This is what you need to know..." but it was apparent from the depth of the questions that you really HAD to know more than what the book taught.  I even googled one of the apps mentioned in the test because I was sure I hadn't read about it in either guide and still to this day don't know what the right answer is.  Granted, I didn't spend a lot of time looking for the answer because I'm sure it exists but I didn't feel like it was relevant enough to pursue at this point in time.

Good luck!
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Jan 13, 2010 4:56 pm

Re: CEH w/o taking the course

sandcrawler, were you able to pass the exam because of your working experience as you wrote that the guides were not sufficient or deep-enough? Just curious, as I am using CEH Prep Guide and CEH Official Certified Ethical Hacker Review Guide as well (beside others) and will probably take the exam within February.
<<

bamed

Newbie
Newbie

Posts: 48

Joined: Thu Mar 19, 2009 7:05 pm

Location: Joplin, MO

Post Wed Jan 13, 2010 11:04 pm

Re: CEH w/o taking the course

OK, my supervisor will have paperwork filled out by the end of the week.

Now answer me how well the knowledge gained passing the OSCP will help when taking the CEH?
chown -R bamed ./base
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Jan 14, 2010 8:36 am

Re: CEH w/o taking the course

It'll help that you have some experience with the process and many of the tools. The OSCP focuses on BackTrack though and the CEH is more of  general overall view of ethical hacking. You'll need to become familiar with some of the laws, the phases of an attack and various terms used. Typically it's recommended to go the opposite route, CEH -> OSCP, but I'm sure you'll be fine. Your experience will be fine.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Thu Jan 14, 2010 9:40 am

Re: CEH w/o taking the course

awesec wrote:sandcrawler, were you able to pass the exam because of your working experience as you wrote that the guides were not sufficient or deep-enough? Just curious, as I am using CEH Prep Guide and CEH Official Certified Ethical Hacker Review Guide as well (beside others) and will probably take the exam within February.


I passed reading those two books and also setting up a lab of three computers.  Some of the tools I worked with live were Wireshark, NMAP, Snort, Cain and Able.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

sandcrawler

User avatar

Newbie
Newbie

Posts: 14

Joined: Wed Jan 13, 2010 3:45 pm

Post Thu Jan 21, 2010 3:03 pm

Re: CEH w/o taking the course

awesec,

For me it had more to do with experience, logic and some common sense than the books.  That made it more difficult as I've been doing systems management instead of infosec the past three years.  The books helped some with terminology and process but the V6 tests have a lot of new stuff even compared to what was in those books. 

Everyone will have a different experience with the test, I'm sure.  I expected a lot more questions based on tools like nmap and snort with which I'm familiar and I found more questions on the test based around windows group policies to which I know very little.  As a matter of fact I don't remember a single snort or nmap question.

If I had to do it all over I'd do a better job of looking at what each module expected me to know and studying more on the modules I felt weak at.
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Sat Jan 23, 2010 5:08 pm

Re: CEH w/o taking the course

Hi

I really wanted to do the CEH exam after self study but as said a letter of recommendation is required from my employer.  I am currently a contractor and to be honest didn't really want my employers to know i have an interest in security in case it has an adverse affect but cannot do it without this letter.  Do you know whether ECcouncil actually contact my employers in regards to the letter for more detail?  I am thinking of asking my manager for a recommendation letter but without going into any detail

Cheers
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Jan 24, 2010 3:20 am

Re: CEH w/o taking the course

I don't think that they contact each employers as this would be very time consuming, though I am not sure.

I would just try it and see what happens.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Jan 24, 2010 1:50 pm

Re: CEH w/o taking the course

If you're a contractor, aren't you your own employer?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sun Jan 24, 2010 7:07 pm

Re: CEH w/o taking the course

Don

Depends on who the contract was written. The place I work at now, I started as a contractor. I was a 1099, but a contract house dealt with finding the job and doing the billing (for their cut of course).

Shady, but when you're desperate for a job, then you take what you can get.
OSWP, Sec+

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software