.

Will I be allowed to take a CEH or OSCP course?

<<

dialing

Newbie
Newbie

Posts: 1

Joined: Sun Feb 27, 2011 12:07 pm

Post Sun Feb 27, 2011 12:20 pm

Will I be allowed to take a CEH or OSCP course?

I have been reading this forum over the last few weeks and I must say there is a wealth of knowledge provided.  It's great to see how helpful commentators are.

I have a couple of questions regarding certification and, more broadly, about my situation which I suspect is somewhat unusual. 

To summarize: I have been interested in computer security for a number of years.  This interest has manifested itself through reading the occasional article here and there, learning how to use a few tools (for example, nmap, kismet, arpwatch), basic JavaScript (now mostly forgotten), and reading popular “hacking” books by people like Mitnick.  I watch videos from the various “cons” and on Security Tube.  I migrated from Windows to Ubuntu and do my best to understand the system e.g. understanding the /var/log files.  That said, I have never systematically been taught any kind of computer security or indeed any computing whatsoever! 

As such, therefore, the notion of paying a certain number of dollars and being “mentored” appeals.  I have looked at the exceptionally detailed course outlines for the CEH and OSCP and I am enthused by the content. 

However, as mentioned, I am not from any kind of IT background.  The self-described “noobs” in these forums have Computer Science degrees or have worked as sysadmins for two years or something similar.  I have nothing at all like this – only a personal interest in computer security.  My professional academic qualifications are in unrelated disciplines.

I am at a stage in my life where I need to determine my future career.  Otherwise I will just get older  and, while I currently operate in a professional environment (as a PhD student in an unrelated discipline), where I am is not where I want to be.

I am not interested in training purely as a means to an end (a job).  I am interested because training would provide me with new information, new ways of perceiving security, and new experiences.

I perceive two potential problems.

The first is that I will simply not be permitted to take the course.  The EC-Council states:

“Not anyone can be a student — the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies.”

Since I have zero experience in IT and certainly do not work for the type of “legitimate compan[y]” they want, the EC-Council's demand would suggest I have no way to take their training.

I understand the OSCP screen applicants too.

I understand their rationale but it puts neophytes like me who have an interest, but are not formally employed, at a disadvantage.

The EC-Council write that:

“This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.”

I am, indeed, concerned about the “integrity of the network infrastructure” but on a personal rather than professional basis. 

The second concern is whether I have the necessary knowledge (gleaned from experience).  I would take the view that, should I be permitted to take a course, I would learn what was necessary in advance (for example, shell scripting).  Anyhow, I would be less bothered about passing the exam and more focused on learning the information.

To summarize: the attraction of a course is that I would be taught in a co-ordinated form by professionals (obviously supplemented through intensive personal study).  This teaching would hopefully help me to find employment as well as providing me with knowledge which I find personally interesting and which I currently feel I lack. 

I hope that – considering my specific circumstances – people can provide advice.  Many thanks!
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sun Feb 27, 2011 2:02 pm

Re: Will I be allowed to take a CEH or OSCP course?

Hey dialing, welcome to the forums.

Kind of hard to say in your situation regarding the CEH because I haven't taken the course. I'm not positive that you would exactly qualify to take a seat in the class or not, but I do know that the CEH is more recognized than the OSCP certification right now.

Coming from an OffSec background, I wouldn't recommend PWB for the beginner, but I hear their WiFu course is an exception for beginners.

Regarding PWB, the registration process is pretty simple, you submit some personal information, your asked how many years experience you have, and you await an e-mail with links to payment plans/options. I think a couple questions you should be asking yourself before stepping into a course like PWB is, "Do I fit the pre-requisites? Those being listed here. Am I comfortable in a command line environment? Do I have experience breaking into machines (be it my own or clients)?" Of course there's a couple others I could let other OSCPs list.

I think it's a good thing you don't mind the certification - you would join for the knowledge, but - it could be bad in a sense that lets say you enter the course as a beginner, you've gone through the videos and lab guide and now all your left with breaking into systems and pillaging the drives of compromised hosts. This is what can be difficult for folks who haven't broken into a system before. Sure you may have Metasploit by your side but what if you run into a situation where Metasploit is useless?

I don't want it to come off as if you cannot do these things or anything, I'm not trying to sike you out in the course, its just days in the labs are precious and beginners may spend days or even weeks going through the course videos and lab exercises and their lab days will whittle away. Of course you can always purchase more lab days - but they do get costly after awhile!

I think the solution here, would be to possibly look into a course like eLearnSecuritys Penetration Testing - Student or eLearnSecurity's Penetration Testing Pro.

This teaching would hopefully help me to find employment as well as providing me with knowledge which I find personally interesting and which I currently feel I lack.
.

Any route you go I think it's a good step in the right direction. CompTia's certifications are also good to have for entry level positions then maybe you can work your way up.

If you have anymore questions - don't hesitate to ask!

-Kris
Last edited by KrisTeason on Sun Feb 27, 2011 2:07 pm, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

AndyB67

User avatar

Full Member
Full Member

Posts: 100

Joined: Fri Jan 14, 2011 7:13 am

Location: UK

Post Sun Feb 27, 2011 6:02 pm

Re: Will I be allowed to take a CEH or OSCP course?

If you are at the interested amature stage then I recommend the COMPTIA courses as a starter.  These will help broaden your knowledge and give you a better foundation for whats to come
Net+ Sec+ More to come
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Mar 01, 2011 8:10 pm

Re: Will I be allowed to take a CEH or OSCP course?

I would agree with both posts above.

From what you've said, I think you would do fine in a CEH class if you've been playing around with the tools and such for some time. It's meant to be an introductory course (although this is changing slightly with v7). The CEH certification was the first one I ever earned and that was within my first year of working (professionally) in IT. Prior to that I similar experience as yours with dabbling around for a years.

BillV

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software