+ Reply to Thread
Results 1 to 22 of 22
  1. Senior Member
    Join Date
    Jan 2007
    Location
    ::1F03:0307
    Posts
    237

    Certifications
    somewhat
    #1

    Default C|EH v6 Security Experts or Monkeys with Tool Exposure

    I edited and reworded this from a previous post. This will seem like some form of rambling, attack on EC-Council's cert, but its just an opinion. An opinion based on factual information and experience not only with EC-Council, but experience in the industry for well over 10 years professionally in security and too many to count in IT. As I wrote this, I thought long and hard about backlash involved in writing this, the naysayers who won't understand it, many thoughts ran through my mind, but I figured I'd take a hard look at the C|EH v6 since many have asked me about it. Without further ado, let's begin.

    Take a common sense, logical view to the C|EH V6 exam. There are now 67 modules associated with the C|EH exam and according to EC-Council, you can take their 5 day course from the hours of 9am - 5pm and pass the exam. The mathematical break down to learn the C|EH if you follow EC-Council: 40 hours to cram 67 modules: 35 minutes per module. Is this realistic? Of course not, yet according to EC-Council's own wording: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Really? Considering there are no pre-requisites, e.g., 1-2 years systems administration, 1-2 years networking experience, an exam taker will have to cram understanding the OSI layer, TCP/IP and networking as a whole in 35 minutes. A miraculous feat in training if you ask me. (http://www.eccouncil.org/Course-Outl...s%20Course.htm)

    This premise of offering so called practical experience is highly disturbing considering that again, EC-Council makes no mention of candidates acquiring or having any kind of experience in any field be it networking, security, systems, nothing is mentioned. Continuing: Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.

    Now I ask myself, how can a student understand the concepts of role based access controls, permissions, domains, LDAP and other technologies in this amount of time, I mean seriously think about this. How can a student learn to optimally "secure a system" when they're basing their experience on pre-configured lab machines. I've taken the C|EH v5 and I can tell you first hand its filled with tools. All flash no cash. This testing methodology EC-Council is offering conveys a false sense of "security" expertise. A candidate should understand the systems they're "hacking" or "securing" for one, they should know the networking involved with that system down to understanding at an RFC level TCP/IP and the OSI layer to truly understand the technicalities of it all. Otherwise, what is the point of the exam, to point out how many different modules a certifying body can place into an exam? How many tools can the exam creators discover, capture screen shots and label someone an expert at 35 minutes worth of knowledge on the TOOL - not the fundamentals.

    The biggest misconception about this entire course is that it will make someone a security expert. While EC-Council may have the best intentions in the creation of the exam, exposing candidates to the different areas of security, the expectations of a candidate truly knowing and understanding even the minimal concepts to pass an exam after again, 35 minutes of teaching on each subject is insane. Snake oil at best. Moving on: Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

    I disagree. There is no way I can think of someone leaving this course becoming "experienced" enough to call themselves a C|EH at its concept. What this course will produce is someone with a wide array of useless knowledge, akin to someone saying "I know TCP/IP like the back of my hands, it consists of packets!" Using pre-defined, often outdated tools does not make someone an experienced security professional let alone a hacker, monkeys can be trained to use tools. Because of the nature of the C|EH's structure, one million tools, 3/4's of them obsolete, I can see more security professionals snickering at the exam and the holders of the C|EH (all versions). A devaluation of the security professional.

    Right now I'm currently in parallel studies on my own leisure for the NSA IAM, CISM and OPST with my seat for the CISM confirmed in December. From all I've read and learned, I value my OSCP more than the C|EH and look forward to the OPST exam. The OPST is more structured and realistic using real world experience coming from the most respected and trusted names in the industry. The creators of the OPST exam hold a lot more clout and credibility in my eyes than those of EC-Council. These are my two cents. Now, I've been in the security industry now for quite some time in fact, I've met some of my peers who would have been in diapers when I got involved in computing professionally. It doesn't take a rocket scientist to cobble together every security tool under the sun, give a base introduction to said tool, ask two questions on that tool, and label someone an expert.

    If anyone ever criticized the CISSP for being a mile wide and an inch deep, I beg them to look at the concept that EC-Council is putting forward. A realistic expectation for someone to take this exam if it truly held its weight would be for the candidate to have at minimum six years experience with a mixture of industry experience, even then with the modules cobbled together, it's not asking for enough. From systems administration, to network administration and design, incidence response roles, programming to truly understand buffer overflows, the pre-requisites could go on and on.

    Sadly I see the C|EH imploding within a few years as did the MCSE when everyone began labeling it the "Must Consult Someone Experienced" certification with everyone under the sun with zero knowledge acquiring this certifcation. At the core, EC-Council's concept seems to offer an unparalled level of expertise, but knowing the structure of the v5 exam, its content, after having taken the exam, I truly don't believe it's worth the paper its printed on, nor will the v6 be. Perhaps test takers care solely about the gimmicky "Got Hacked" t-shirts or the telephone book thick like books, whatever the case is, someone would have to be extremely clueless to expect a C|EH v6 to be an expert. Either that, or C|EH v6'ers will be uber security geniuses worthy of PhD's in information security at the end of a bootcamp.

    Before many get bent out of shape, be honest with yourself, look at a module:


    Module 17: Web Application Vulnerabilities

    Web Application Setup
    Web application Hacking
    Anatomy of an Attack
    Web Application Threats
    Cross-Site Scripting/XSS Flaws
    An Example of XSS
    Countermeasures
    SQL Injection
    Command Injection Flaws
    Countermeasures
    Cookie/Session Poisoning
    Countermeasures
    Parameter/Form Tampering
    Hidden Field at
    Buffer Overflow
    Countermeasures
    Directory Traversal/Forceful Browsing
    Countermeasures
    Cryptographic Interception
    Cookie Snooping
    Authentication Hijacking
    Countermeasures
    Log Tampering
    Error Message Interception
    Attack Obfuscation
    Platform Exploits
    DMZ Protocol Attacks
    Countermeasures
    Security Management Exploits
    Web Services Attacks
    Zero-Day Attacks
    Network Access Attacks
    TCP Fragmentation
    Hacking Tools
    Instant Source
    Wget
    WebSleuth
    BlackWidow
    SiteScope Tool
    WSDigger Tool – Web Services Testing Tool
    CookieDigger Tool
    SSLDigger Tool
    SiteDigger Tool
    WindowBomb
    Burp: Positioning Payloads
    Burp: Configuring Payloads and Content Enumeration
    Burp: Password Guessing
    Burp Proxy
    Burpsuite
    Hacking Tool: cURL
    dotDefender
    Acunetix Web Scanner
    AppScan – Web Application Scanner
    AccessDiver
    Tool: Falcove Web Vulnerability Scanner
    Tool: NetBrute
    Tool: Emsa Web Monitor
    Tool: KeepNI
    Tool: Parosproxy
    Tool: WebScarab
    Tool: Watchfire AppScan
    Tool: WebWatchBot
    Tool: Mapper

    63 concepts, tools, methods and counter-methods in this module. 35 minutes per module as inferred from EC-Council's own wording to learn and understand it all. Seconds to learn every tool, concept, method to make you an "expert." When you finish this course please contact me concerning shares of the Brooklyn Bridge at a deep discount.

    Don't fret though, before one takes the test, EC-Council will verify where they work. Whether or not they will verify someone's duties and experience in the industry, is an altogether different story. A story I seriously find hard to believe. Good luck in attempting to label yourself an expert at anything in the security field by passing this exam. You'd better have a vast amount of experience which surpasses ISC2's requirements for the CISSP to back it up otherwise a C|EH v6 alone will be worthless no matter how much marketing is put behind it.

    C|EH v6 seems akin to someone in medical school studying neurology, coming across a picture of the heart and labeling himself a cardiologist. Not only a cardiologist, but also a neurologist without even finishing up his studies and passing the necessary exams, having the right experience to qualify. Wonder what v7 will be.

    J. Oquendo
    SGFA, SGFE, C|EH, CHFI, OSCP
    joquendo at e-fensive dot net
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member darkerosxx's Avatar
    Join Date
    Dec 2007
    Posts
    1,222

    Certifications
    A+; CCDA; CCNA; C|EH; ITIL v3F; MCTS: WS08 Network / SBS08; RHCE; RHCSA in RHOS; RHCVA; Server+; VCP5-DCV
    #2
    Nice post.

    I don't see the course making anyone a security expert any more than a CCNA course makes someone a networking expert. It's all marketing jazz, imo. Having said that, I think there is a significant difference between teaching someone hacking technology/theory fundamentals in a week and teaching someone networking fundamentals in a week. Both are near impossible, but one will give you just enough knowledge to possibly go to jail and ruin your life.

    I think the class should have some kind of experience requirement, even if it's only 6 months, in an IT or Security related role. This kind of information is not for a person just starting out and I don't think anyone could argue that anyone just starting out would or even should be able to pass the exam to be called a Certified Ethical Hacker.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Sep 2006
    Location
    San Francisco Bay Area
    Posts
    2,003

    Certifications
    CCNP, CCNA:Voice/Sec, MCSE: Sec, VCP and some other random ones
    #3
    Wow, that was a long post.

    I personally believe all boot camps are scams.

    I must argue though the MCSE is still in demand. Monster.com can prove that to you. I can't say the same for the CEH. I don't know if any parallels should be drawn.

    I completely agree that an inexperienced person should not even bother.

    Like most things, you get what you put into it. If someone uses the certification outlines as a guidelines for their entry level career there is a lot to be gained.

    It does seem Ec-Council is out of touch with the industry. What companies/colleges/governments are affiliated with them?
    Reply With Quote Quote  

  5. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Location
    Melbourne, Australia
    Posts
    1,985

    Certifications
    B.Sc, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #4
    very brilliant sexion


    actually the same goes for most of the certificates. collecting certificates doesn't make you an expert, it just devalue the certificates you have unless you have both the knowledge and expertise.

    certificate will never make an expert. I'll never call my self certified microsoft engineer unless and until im confident enough to carry out all the tasks that a systems engineer should do. Including troubleshooting.l
    ‎"After the earth dies, some 5 billion years from now, after it’s burned to a crisp, or even swallowed by the Sun, there will be other worlds and stars and galaxies coming into being — and they will know nothing of a place once called Earth." - Carl Sagan.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2007
    Posts
    12,320
    #5
    Quote Originally Posted by Daniel333
    Wow, that was a long post.
    You should check out his other post, which has since been made a sticky: http://techexams.net/forums/viewtopic.php?t=38485

    (Sexion, you might want to consider re-posting this new one in that one, so we can have everything in one place. Or maybe ask Johan to merge the threads or something)

    Quote Originally Posted by Daniel333
    I personally believe all boot camps are scams.
    This isn't a boot camp, it's a REQUIRED course. Which, in my opinion, makes it even worse.

    Quote Originally Posted by Daniel333
    I must argue though the MCSE is still in demand. Monster.com can prove that to you. I can't say the same for the CEH. I don't know if any parallels should be drawn.
    He's not saying that it's not in demand, just that it isn't as prestigious as it used to be, due to the influx of paper MCSEs. MS has done a lot to restore the certs credibility, and is looking at doing even more in the future (i.e. lab-based exams. Astorrs recently did a beta one).

    "Must Consult Someone Experienced" seriously made me laugh though...
    Reply With Quote Quote  

  7. Senior Member darkerosxx's Avatar
    Join Date
    Dec 2007
    Posts
    1,222

    Certifications
    A+; CCDA; CCNA; C|EH; ITIL v3F; MCTS: WS08 Network / SBS08; RHCE; RHCSA in RHOS; RHCVA; Server+; VCP5-DCV
    #6
    You mentioned it's required and I didn't know that, so I looked it up!

    It's required unless you have two years of security experience:

    Eligibility Requirements

    To be eligible for appearing in the CEH certification examination, you must:

    1. Have attended training for the CEH course at any of the accredited training centers. Should you choose to defer taking the examination after your training, and would like to opt for another location; you can apply for the same at a later date at any ATC of your choice by submitting your certificate of attendance to EC-Council.
    2. If you have opted for self-study and not attended training, you must have at least two years of information security related experience.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Mar 2007
    Posts
    12,320
    #7
    Yea, sorry. You can get it waived. I was just speaking from that perspective since I doubt many people would take it if they didn't have to.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jan 2007
    Location
    ::1F03:0307
    Posts
    237

    Certifications
    somewhat
    #8
    Quote Originally Posted by darkerosxx
    It's required unless you have two years of security experience:
    When I did my bootcamps, we had people who had zero - absolutely NO experience w/security even IT as a whole taking the bootcamps followed by the exam. Waiver? Bootcamp provider... In my entire class, there were about 10 of us... Solely ONE person had a little experience because he was a CCE and he didn't care about the C|EH he was there for the CHFI. After the class we spoke and he stated his disappointment for the CHFI.

    I'm not knocking the cert believe it or not - neither the C|EH or CHFI, what I'm trying to convey is, take out of it what you will and can, but since one intends on taking it, take it for the right reasons. Take it to learn something. The bootcamps weren't my choice, I had the CISA, CISM, OSCP, CISSP all lined up. ISC2 threw me into hiatus momentarily, CISA conflicted with the OSCP so I swapped it over @ Vigilar for the CISM. NSA IAM is pending me getting off my rear and scheduling it. My purposes for getting the exam, currently I have a process being patented concerning penetration testing. My company is paying for the patents and the certs, so they're hoping to throw me into a kind of CISO role - of which I don't care for. They'd like to be able to state: "Uber certified and patent holding xxxxx presents!" When they release my product.

    I seriously hope I don't discourage someone, security can be fun depending on what you enjoy doing. I personally enjoy penetration testing, networking and network forensics(analysis). I have no problem doing other tasks as I've done them anyway including CISO level audits, policy design and infrastructure management. I've also have to play the CISA role and audit our IT system - and no I don't mean a security assessment, I mean a full blown audit, financials, policy reviews, ACL reviews, etc., etc... Security can be fun, for these particular certs, especially the C|EH v6, take your time and learn things the right way. Learn as much as you can, DO NOT solely rely on a bootcamp.

    On a brighter note, I discussed this same exact post with Clement Dupuis from Professional Security Testers, CCCure, etc., who's tremendously talented, teaches the course and he offered up some interesting counterpoints many will want to read.

    http://www.professionalsecurityteste...-topic-10.html

    My two cents remain... Learn as much as you can for your own sake - for the sake of being what you're projecting yourself to be by acquiring certain certs - a security expert.

    More ramblings (I do this a lot)
    1) Don't do these courses for the sake of whoring a cert. - Not only will you devalue the talents of others (guilty by certification association), in the long run you will look idiotic NOT knowing what you're supposedly certified in.
    2) Don't rely solely on bootcamps - Learn as much as you can on your own, understand common core terms and protocols. In the long run it will help you big time.
    3) Take everything with a grain of salt, my original post, my attitude towards this cert, someone else's response to my ramblings... Read between all lines period.
    4) Don't believe everything you read - including "requirements"...
    5) Make sure when ordering a Black Eye from Starbucks - they don't jerk you a shot of expresso. A lot of caffeine goes a long way when pulling all nighter study sessions under the influence of Front 242, KMFDM, Funker Vogt and Assemblage23[/b]
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Mar 2007
    Posts
    12,320
    #9
    Quote Originally Posted by sexion8
    On a brighter note, I discussed this same exact post with Clement Dupuis from Professional Security Testers, CCCure, etc., who's tremendously talented, teaches the course and he offered up some interesting counterpoints many will want to read.

    http://www.professionalsecurityteste...-topic-10.html
    Thanks for being level-headed about everything and sharing alternate viewpoints with us. That's an interesting read.

    Quote Originally Posted by sexion8
    5) Make sure when ordering a Black Eye from Starbucks - they don't jerk you a shot of expresso. A lot of caffeine goes a long way when pulling all nighter study sessions under the influence of Front 242, KMFDM, Funker Vogt and Assemblage23
    I think that's the most important piece of advice you've shared so far

    I haven't heard anyone mentioned KMFDM for quite awhile. I'll have to check those others out.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Jan 2007
    Location
    ::1F03:0307
    Posts
    237

    Certifications
    somewhat
    #10
    [quote="dynamik"]
    Quote Originally Posted by sexion8
    I haven't heard anyone mentioned KMFDM for quite awhile. I'll have to check those others out.
    When I took the OSCP exam, I made a 60 hour playlist of industrial music which started with KMF's "Professional Killer" track... The list contains (still have it saved): Assemblage23, KMFDM, God Module, Azoic, Imperative Reaction, Interface, Juno Reactor, Mind.In.A.Box, Negative Format, November Process, Parallel Project, Psyclon Nine, Run Level Zero, Seize, Suicide Commando, Tactical Sekt, System Syn, VNV Nation, Velvet Acid Christ, XP8, Bach, Mozart, DJ Tiesto, Kanye West How's that for variety... I have about 3-4 songs each but the majority of tracks are grinding 120+ BPM's industrial, noisy, grinding dark tracks.

    I took the exam at my office, turned out the lights, with an Altec Lansing system playing at full volume on a Sunday 1PM, I was support to start at 10am but have my timing skewed. I spent about 13 hours straight on the exam, went home, turned on my stereo there, remote desktop'd in to work and finished it up from there. I slept for less than 2 hours as I was upset I had one more machine left. Having one machine untouched sort of ticked me off right until the last few minutes, of which 60 minutes before the exam expiry I had to write my LEO on what I did, why, how, etc. The OSCP was definitely a fun exam and I wish more certification bodies had realistic labs like it.
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Jul 2008
    Posts
    26

    Certifications
    CCENT, CCNA, BCMSN
    #11
    can you give me/us some information or links for the oscp, i searched the forum for it, but there is not really much to any information.

    seems to be interesting if there is a task you need so much time for
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Jan 2007
    Location
    ::1F03:0307
    Posts
    237

    Certifications
    somewhat
    #12
    Quote Originally Posted by bashtie
    can you give me/us some information or links for the oscp, i searched the forum for it, but there is not really much to any information.

    seems to be interesting if there is a task you need so much time for

    http://www.offensive-security.com/do...e-security.pdf (Class Information on page 4 describes the cert challenge to obtain the OSCP)
    http://www.offensive-security.com/faq.php#lnk8 (FAQ: C|EH vs OSCP (a))
    http://tinyurl.com/xyberpix (review)
    http://www.google.com/search?q=oscp+...3Alinkedin.com (OSCP on LinkedIn)

    (a) Take note: A cert is a cert is a cert. The C|EH is vastly different from the OSCP. C|EH is based on tools. What tool performs what. Knowing what a tool does it different from actually using it in the real world. The OSCP exam focuses on specific tools with real experiences using them. Again: Grain of salt... They both will give you what you get out of them.
    Reply With Quote Quote  

  14. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Location
    Melbourne, Australia
    Posts
    1,985

    Certifications
    B.Sc, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #13
    Sexion

    Thank you for all your posts and replies, I read all of them and I'm going to follow your advice(s) because they ALL made sense to me. I hope forum moderators will make them sticky posts because they're invaluable. Thanks.
    ‎"After the earth dies, some 5 billion years from now, after it’s burned to a crisp, or even swallowed by the Sun, there will be other worlds and stars and galaxies coming into being — and they will know nothing of a place once called Earth." - Carl Sagan.
    Reply With Quote Quote  

  15. Junior Member
    Join Date
    Oct 2008
    Location
    Sacramento, CA
    Posts
    13

    Certifications
    Network+, CCNA, Security+, C|EH
    #14
    I've also earned the C|EH v.5 certification and can almost come to the same conclusions. However, if you check their website they do claim that the C|EH falls somewhere between the CCNA and the CISSP. They provide a chart of where they believe the C|EH skill sets fall here: http://www.eccouncil.org/certification.htm

    In all fairness they do not assume any Joe off the street can take this class and pass this certification. They're assuming you are at the level of knowledge of a CCNA/MCSE.

    The C|EH is considered after somebody may be Network+/Security+/A+ certified and then earning the ECcounsils ENSA.

    http://www.eccouncil.org/documents/E...0Path%20v2.pdf

    It assumes one already has a working knolwedge of the OSI layers and so on. The original post may be accurate with many points but on the idea that EC-Council intends on grabbing any Joe off the street to make them a security pro is false.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Jan 2007
    Location
    ::1F03:0307
    Posts
    237

    Certifications
    somewhat
    #15
    in·tend
    1. To have in mind; plan:
    al·low
    1. To let do or happen; permit:
    Nowhere did I state EC Council plans on non skilled people taking the exam. Do they allow it. Yes. Two distinct differences
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Jul 2008
    Posts
    219

    Certifications
    Computer Science BSc, CCNA Security, CCNA, MCP, CEH, Network+
    #16
    Most of the guys I did the course with were disappointed. I don't know if our instructor or the course is the blame, but I don't feel like I got much out of it.
    Reply With Quote Quote  

  18. Senior Member iowatech's Avatar
    Join Date
    Mar 2007
    Location
    Iowa
    Posts
    122

    Certifications
    !!+
    #17
    The course I took from Spindustry Training was pretty much bullshit. And that training center is very good and has always had great quality courses. I almost walked (wish I would have) on the second day after realizing that it was just tool after tool after tool after tool with zero depth in anything. And none of the demos worked at all. I couldn't believe how useless the course was.

    -end of rant-
    Reply With Quote Quote  

  19. Coffee anyone? rossonieri#1's Avatar
    Join Date
    Jun 2003
    Posts
    800

    Certifications
    a few...
    #18
    sexion,

    you brought up some valid points here to be consider - although i prefer your point to be in general not specifically CEH exam, but also other cert as well. and, i think a respectable cert like CEH (and perhaps the other cert as well) has been specifically designed so not everyone can join the band. The other certification nowadays is also getting harder & harder even though its only written exam = for example the MS windows MCSA 2000 to 2003 upgrade exam 292 (i've failed this twice myself) - its a beast that no one can pass it easyly. they pretty much require more & more both the theory & hands-on experience.

    here are some points that i like :
    time - study - experience
    Now I ask myself, how can a student understand the concepts of role based access controls, permissions, domains, LDAP and other technologies in this amount of time, I mean seriously think about this
    well like i said previously, certification itself is both theory & experiences. by learning certification curriculum in the good way (read the book & doing labs) will also benefits who learned it - eventhough they might not take the exam.

    for example : i like MS and cisco curriculum because they thought me from the bottom up - from zero. like you said learn the basic acl, to more advanced context etc. those things are not 1 night reading.

    and, the way you break down the time needed for any study : 63 modules and so forth - it convinces me that you are really a pro. so i do like to add you as my friend

    cheers!!!
    Reply With Quote Quote  

  20. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    724
    #19
    In my opinion the CEH is not suppose to make you a expert. Not sure what person would believe this either. I started looking into the CEH purely for some knowledge on penetration testing and have enjoyed the things i have learned so far.

    Enjoyed the post though
    Last edited by ULWiz; 01-29-2009 at 01:10 PM.
    Reply With Quote Quote  

  21. Coffee anyone? rossonieri#1's Avatar
    Join Date
    Jun 2003
    Posts
    800

    Certifications
    a few...
    #20
    hi ulwiz,

    In my opinion the CEH is not suppose to make you a expert.
    yup - agreed. any cert alone hardly makes a person an expert,
    but - an expert or master (on their subject) will 65% obtain the cert far easier (the rest is about knowing the exam material).
    an expert or a master is what people saying about a knowledgable/know-how person on certain task (not that person alone).

    cheers

    ps : would you be my friend, ulwiz?
    Reply With Quote Quote  

  22. Mobo Wizard ULWiz's Avatar
    Join Date
    Feb 2008
    Location
    Florence NJ
    Posts
    724
    #21
    Of course i need friends myself
    Reply With Quote Quote  

  23. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    2,843

    Certifications
    BS-CST EMT-B MPSC Security+
    #22
    I'd say that most places consider the CEH to be entry-level.
    WIP:
    Securitytube Python Scripting Expert
    MS in Applied Computer Science - DSU - Applying
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks