RE: advice for CEH certification

["James Michael Stewart" <michael () impactonline com>]

I am a CEH instructor. I can't say that CEH is the best certification or
course in the market, but it is neither worthless nor the worst course
available for the topic. Previous versions of the course had many serious
deficiencies. I've started teaching the newly released and revised CEH 5.0
courseware which is significantly better than 4.1. This version still has
room for improvement. CEH is not a skills course. It is an introduction and
overview of the concepts of hacking for the purposes of security assessment.
I do think it is much better and more informative than many of the MOC
courses, mainly due to its flexibility and lack of rigid structure. 

As with any course and certification, it is as valuable as you make it. If
you are only in it to pass the exam and get another credential on your
resume, it is fairly poor. I doubt CEH would get you a job or promotion over
another person without the credential. However, if you are interested in the
topic and not already well-versed in the materials and tools, CEH is a great
introduction.

The CEH class is roughly 1/2 lecture and 1/2 lab work. Functioning in a 1-2
hour lecture/presentation/class discussion, followed by lab time. The
courseware books are huge, over 2600 pages. Designed to be used as
post-class references. There are 7 CDs of tools, well over 2,000 individual
tools. Plus a bootable BackTrack 1.0 CD (yeah 2.0 has just come out...)
There is more than enough material to fill an entire week, plus much more
content for students to investigate, research, and learn on their own. The
value of the class is based on the presentation skills of the instructor as
well as the participation and comradery of the students.

The CEH exam has been updated to reflect the improved content in the
courseware. However, the CEH 4.1 exam is still available until June 2007.

CEH is not for everyone, especially those who already know the basics of
hacking and who can use both Windows and Linux tools/utilities. A Foundstone
or SANS course would be most appropriate for those with moderate security
testing experience. 

James Michael Stewart
michael () impactonline com
IMPACT Online - www.impactonline.com
Austin, TX 78749

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Shain Singh
Sent: Thursday, December 14, 2006 1:22 AM
To: security-basics () securityfocus com
Subject: RE: advice for CEH certification

Cort Boecking wrote:
> What's wrong with CEH? 

This is the last time it was discussed. Not sure if people's opinions have
changed.

http://www.securityfocus.com/archive/105/412138/30/0/threaded

nothing wrong with a certification that makes your 1337 ;)


--
Shaineel Singh
MakePeace Media LTD
 
http://mpm.org.au/shsingh
pgp id:  0xA9D8D351
fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C
 
This message was written entirely with recycled electrons.


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------