RE: Opinion about CEH

["Christian Kopacsi" <ckopacsi () cmhcm org>]

I think the majority of the responses are going to be that the only reason to pursue this certification is the 
excellent training (usually) given my Intense School.  Otherwise know the tools and take the test yourself.

  
Christian Kopacsi 
CISSP ISSPCS Security+ MCSA CCNA 
CEH MCSE CNA Network+ CSSA CCA A+
Community Mental Health for Central Michigan 
Information Systems 
989-837-0728 
ckopacsi (at) cmhcm (dot) org 

"All that is necessary for the triumph of evil is that good men do nothing."     --- Edmund Burke 







-----Original Message-----
From: Christopher Carpenter [mailto:ccarpenter () dswa net]
Sent: Tuesday, October 04, 2005 6:28 PM
To: Jason; Mark; Steven Kalcevich
Cc: alonzo.llamas () montenegroeditores net;
security-basics () lists securityfocus com
Subject: RE: Opinion about CEH


I agree with you, Jason.  Unfortunately, the GIAC training
materials/challenge tests are prohibitively expensive for people who
don't have company sponsorship.

In my opinion:

CISSP - A certification, favorably viewed by HR drones and management,
that is a mile wide and an inch deep.  Mostly a management-oriented
exam, the CISSP does a good job of introducing important topics.  It's
up to the security practitioner to learn more in-depth.  This is a good
first-level certification for a resume.

CEH - A certification that teaches the use of currently available
exploitation tools.  Unfortunately, the CEH focuses too much on the rote
memorization of program switches instead of creative thinking and
application.  That said, it is a good introduction to penetration tools.
Be cautious, as some interviewers tend to balk at the word "hacker" on a
resume.

GCIA, GCIH, etc - When SANS was still requiring a practical, these
certifications were the cream of the crop.  The practical ensured that
the applicant had hands-on experience, thus avoiding paper-MCSE
syndrome.  Unfortunately, the practical requirement has been dropped,
and I expect the quality of GIAC-certified professionals will eventually
decrease in proportion.  That said, if you can get your hands on their
study materials, you'll be in good shape.

Chris

-----Original Message-----
From: Jason [mailto:securitux () gmail com] 
Sent: Monday, October 03, 2005 3:22 PM
To: 'Mark'; 'Steven Kalcevich'
Cc: alonzo.llamas () montenegroeditores net;
security-basics () lists securityfocus com
Subject: RE: Opinion about CEH

The CISSP dazzles the management eyes, for sure, but its not that great.
It
is more of a management type exam, FAR from technical or detail
oriented.
Very different from the CEH or most GIAC certs. I am doing it now and am
not
learning much, that's for sure. When I started in security, I already
knew
what a lock was for :)

Of all the certs in the industry, I prefer the SANS GIAC certs. At least
when they were making you do practicals.

-J 

-----Original Message-----
From: Mark [mailto:elihusmails () gmail com] 
Sent: Friday, September 30, 2005 8:42 PM
To: Steven Kalcevich
Cc: alonzo.llamas () montenegroeditores net;
security-basics () lists securityfocus com
Subject: Re: Opinion about CEH

I would not say that CEH is useless.  I took the CEH last year and
thought
the course was OK.  I think the only reason the course was good was the
instructor.

Now I think that if I was paying for these, I would put it into the
CISSP.
I had a horrible CISSP instructor, but "CISSP" looks better than "CEH".
Most people do not know what CEH even is, and those who do, have little
respect for it.


On 9/30/05, Steven Kalcevich <lists () ciscokid net> wrote:
> CEH certification > Useless
>
>
> Regards,
>
> Steve Kalcevich CISSP
>
> Alonzo Llamas wrote:
>
> > Hello guys.
> >
> > I was just reading about CEH certification (Ethical Hacker) by 
> > ECCouncil, and I' d like to hear opinions about the certification, 
> > contents of the course, etc.
> >
> > I mean, its this really useful, someone here has taken the cert?
> >
> > Thanks in advance.
> >
> >
> > ---------------------------------------------------------------------
> > -
> > Alonzo Llamas



Disclaimer - This email and any files transmitted with it are confidential and contain privileged or copyright 
information.  You must not present this message to another party without gaining permission from the sender.  If you 
are not the intended recipient you must not copy, distribute, or use this email or the information contained in it for 
any purpose other than to notify us.  If you have received this message in error, please notify the sender immediately, 
and delete this email from your system.  We do not guarantee that this material is free from viruses or any other 
defects, although due care has been taken to minimize the risk.