In December 2010, I was chosen as the recipient of the Global Knowledge monthly giveaway for the Certified Ethical Hacker (CEH) v7 course. Finally, in February 2012, I completed the CEH exam. It took some time to reach completion, but I am definitely enriched for the experience.
The following explains my experience and personal reaction to the pursuit each step of the way.
Global Knowledge – CEH 5-day class
I have heard it said that the success of this class depends highly on the instructor. The instructor for the class did an extremely good job of teaching and bringing real experiences into the classroom. He rarely read from the slides verbatim, instead he told stories and presented the content through its application. I appreciated this style of teaching very much. (I will not reveal his name because I don’t think he’d want me to.)
The class was very appropriate, intended to teach hacking concepts with some hands-on labs that were well designed and beneficial. Thinking back on the training class, I remember some of the labs we did, the tools we used, and even some of the instructor anecdotes, which actually says more for the class than any review can. If I can remember these things from 6 months ago, it was clearly memorable.
Global Knowledge did a good job with the class, but now after taking the exam, I would have a hard time saying the class prepared me well for it. Granted, it wasn’t supposed to be a boot camp, but what I mean is the class probably went too deep for the type of content that was on the exam. That said, I would imagine it was taught exactly the way EC-Council wanted it taught, so I can still say it was worth attending.
- One student per computer (very important for me, I learn WAY better individually than in a group)
- Projector used the whiteboard rather than a normal projector screen, which allowed the instructor to write notes “on” the slides
- Good discount on hotel
- Nice view from break room
- Excellent snacks (hey, this shows professionalism!)
- Class breaks were staggered to avoid interfering with other classes
- Staying late not allowed
- Some demos took too long when they didn’t work right away, causing time constraints
- Mediocre giveaways
I don’t have much to say about the official courseware. I did peruse it just before taking the exam to make sure the topics I studied were relevant to the actual material, but otherwise I didn’t pick it up much after the class.
A few things to note about the included courseware package:
- Books much less cumbersome than previous versions
- Books in color – Still powerpoint slides, but they were well designed, no explanatory text
- Laptop bag is functional but not top-notch, more a nice piece of swag
- Shirt was only available in XL, 2 sizes too big for me
Exam Prep Book – CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker
When I prepare for a certification exam, I spend a lot of time reading. I wasn’t able to find any exam prep book for CEH v7 until this one came out, so that was my selling point – it was the first one I found. I am happy to report that I enjoyed the book very much.
After receiving the book, I leafed through it and then checked out the CD to see what was included. To my surprise, there was a PDF copy of the book on the CD!! I immediately copied the PDF files to my Kindle in preparation for reading the entire book digitally.
(Brief note on Kindle textbooks: Reading textbooks on Kindle is a tricky thing. Sometimes graphs and pictures don’t show up correctly. It is also hard to skip through large chucks of text at a time and find something you’re looking for. I tend to read cover to cover, so this method is OK for me, as long as I have the physical book present for reference. I would not recommend getting a Kindle book unless you know it was actually formatted for Kindle. Some publishers convert and quickly proofread, but this is not good enough as many intricacies unique to digital formats are not understood well and are missed. It is also important to note that some of these intricacies are mitigated by using iPad instead of Kindle; I have both and I prefer reading on Kindle in spite of the limitations.)
At first glance, I noticed the book was only 11 chapters, and the topics were in a slightly different order than the official courseware. For example, Cryptography was presented in chapter 2, while in the official courseware it was covered in Module 18. This is not good or bad, the flow of the book was appropriate and complete. It was just an interesting thing to note when I first picked up the book.
I read the book cover to cover, and after doing it that way it felt like that was how it was supposed to be read. Throughout the book, the author’s consistent use of geek humor and real world examples made the reading smooth and easy, despite being jam packed with technical details. Especially toward the end, when I found myself feeling fatigued from reading, the author would throw in phrases like “keep going, you’re almost done!” that conveyed a personal, one-to-one atmosphere. I admire this kind of writing as it shows connection with the audience.
Things I liked:
- Good use of humor
- Appropriate examples
- Intended to be read cover to cover
- Easy to read
- Current events are discussed
- PDF version included
Things I didn’t like:
- Focus on both exam and real life career (help me through the exam please, if I wanted career advice I wouldn’t look in an exam-prep book)
- Use of “she” instead of “he” is distracting to me – this goes for the official courseware too. Not to be politically insensitive, but the VAST majority of the industry is male so please use the masculine pronoun when needed, or just use “he/she” if you care enough to be inclusive.
- Adobe Reader 7.07 on the CD?? ‘Nuff said.
LearnKey MasterExam Practice Test
This practice test was included with the textbook. After taking the exam, I realize the practice tests and content included in the book was actually very good. Typically when I purchase an exam-prep book I have little confidence in the practice questions included since they are based on the book information and not necessarily matching with the actual exam. In this case, I was pleasantly surprised. The areas I struggled with on the practice test were matched with the exam objectives, and after putting in some extra studying I understood the topics quite well. Related questions on the exam were therefore quite straightforward. This speaks very well to the quality of the book and the applicability of the practice test.
The test is done, phwew! I passed comfortably, though not perfectly. This exam was the longest exam I have taken in my career, and I have taken quite a few. Now that it is done, I can say I was a bit underwhelmed by the experience.
Leading up to the exam, I had very high expectations at the difficulty and comprehensive breadth of CEH, but the test was considerably conceptual and only mildly deep in certain areas. A strong background in TCP/IP and decent test-taking ability would be enough to get through the exam without much trouble. That said, not everyone has the TCP/IP background, and if I didn’t have substantial networking experience I would have had to commit MUCH more brain power into figuring out what each exam question was really asking.
I don’t mean to knock the exam too badly. EC-Council did a good job putting together an associate-level course for security-minded individuals. I now feel more knowledgeable on security topics and how hackers can map out a network without much effort, but I certainly do not feel any more prepared to perform penetration testing as a career. If EC-Council wanted to go that route, I would suggest putting together a practical of some sort, a lab exam, to be performed post-CEH.
This feels like a milestone, like the “must have” certification in the security world. This may or may not be true; it really depends on personal goals. For beginners, the credential seems unattainable, but it can be done. After taking the class, reading the book and taking the exam, I can see why. Take the class, pay attention, do a little extra work practicing and it should be no trouble at all.
One more thing to note, most of the information presented during my course of study was already familiar to me by reading and participating in the forums of The Ethical Hacker Network, so participation on the forums is extremely helpful for long-term career progression.
I want to send my special thanks to Don and the regulars at The Ethical Hacker Network. Achieving CEH was a goal of mine ever since I first heard it existed several years ago, and being granted the training was an amazing opportunity.
CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH