Re: advice for CEH certification

[Y.A.S.E <securityenthusiast () gmail com>]

Milind,

This ain't helping is it ? Well a piece of advice. You cannot be a
hacker by taking any course no matter what. Hacking is an art just
like painting and singing. Yes, people can take career training in
dancing, or singing or painting for 10 years and come to realize that
they are simply not wired for it. It is a little milder with
Information Security (i.e. hacking) because of the ease and simplicity
of the knowledge base available out there in the wild.

You are naturally inclined to the topic so there is a flame somewhere
in within you and that is enough for you to get going. Don't waste
(sorry, a bit mellow - spend) money on these courses untile you really
feel a fire in the belly that tells you to do that/.........

Read my friend, Read !. Dive into the belly of this information
mammoth called web and be like a leacher sucking every ounce of
knowledge that comes your way........



On 12/19/06, Simmons, James <jsimmons () eds com> wrote:
>  Someone else said it best earlier. Cert's are to get the interview,
> knowledge, skills, personality gets you the job.  Of course if you
> really want the interview above others, you would actually write up a
> white paper about some of your research. Do what others claim they can
> do, and you will be a leg up on them. Try and doing something so that
> you can give a talk about at a security Con.  It is one thing to try and
> prove that you know something by taking someone else's test, and it is
> money in the bank if you prove by examples that you already do what the
> cert claims to test on.
>
> Of course I am biased in that I don't have any trust in the current IT
> Certifications Industry. <rant> There is no governing body, no single
> source of certs, or accreditation.  The current certification industry
> is "if you can put together a test and hype it up, you can make money."
> You will make more money if you find some sort of employer to partner
> with, that will look for your cert as a condition of hire. </rant>
>
> And just a personal note, if you are actively engaged in promoting the
> CEH cause it is your job, you are biased.  I will trust the CEH
> instructor that claims that it is rubbish over the guy who is trying to
> sell you his services as a CEH instructor.
>
> So I guess my message is, if you want that job that is looking for CEH,
> you would impress them more if you are actually doing the research in
> your off time and writing the papers about it and getting published,
> then if you just take the easy way and get a piece of paper that claims
> that you know at least their minimum.
>
> Regards,
>
> J.A. Simmons V, BAMF
> EDS - Navy Marine Corps Intranet (NMCI)
> Information Assurance Engineer
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Joseph McCray
> Sent: Friday, December 15, 2006 9:30 AM
> To: James Michael Stewart
> Cc: Chris Gates; Eric Reed; 'Shain Singh';
> security-basics () securityfocus com
> Subject: RE: advice for CEH certification
>
> I would agree with James on the subject of the CEH not being the best or
> the worst as I too teach the CEH. I got to look at the CEH v5 materials
> yesterday and yes he is right they are significantly improved.
>
> As far as the subject of what to do for your resume it really boils down
> to figuring out what you want (skill, cert, or both), and how you want
> to go about getting it. You have to 2 basic paths as far as formal
> education for this specific skill set:
>
> Certification Based Training:
> =============================
> CEH (EC-Council)
> CPTS/CPTP (Mile2)
> OPSA/OPST (ISECOM)
>
>
> Skill-Based Training:
> =====================
> Foundstone
> SANS
> BlackHat Workshops
>
>
> There are of course others in both categories just ask Google - but I'm
> sure you get the idea. I like to tell people that have experience in the
> field to do the CISSP first, and use all of the above for your
> continuing education credits required to keep your CISSP. Let's face it,
> certs get you the interview - but skills/experience/personality get you
> the job. I think you need both sides of the house really have the best
> chance at being successful in the field. For people that are new to the
> field I recommend that they go through the laundry list of
> certifications:
>
> Network+
> Linux+
> Security+
> CEH/CHFI or other listed above
> Any of the Skill-Based Training listed above .....then the CISSP
>
>
> Your mileage may vary, but I hope this helps.
>
> --
> Joe McCray
> Toll Free:  1-866-892-2132
> Email:      joe () learnsecurityonline com
> Web:        https://www.learnsecurityonline.com
>
>
> Learn Security Online, Inc.
>
> * Security Games        * Simulators
> * Challenge Servers     * Courses
> * Hacking Competitions  * Hacklab Access
>
>
> On Thu, 2006-12-14 at 15:30 -0600, James Michael Stewart wrote:
> > I am a CEH instructor. I can't say that CEH is the best certification
> or
> > course in the market, but it is neither worthless nor the worst course
> > available for the topic. Previous versions of the course had many
> serious
> > deficiencies. I've started teaching the newly released and revised CEH
> 5.0
> > courseware which is significantly better than 4.1. This version still
> has
> > room for improvement. CEH is not a skills course. It is an
> introduction and
> > overview of the concepts of hacking for the purposes of security
> assessment.
> > I do think it is much better and more informative than many of the MOC
> > courses, mainly due to its flexibility and lack of rigid structure.
> >
> > As with any course and certification, it is as valuable as you make
> it. If
> > you are only in it to pass the exam and get another credential on your
> > resume, it is fairly poor. I doubt CEH would get you a job or
> promotion over
> > another person without the credential. However, if you are interested
> in the
> > topic and not already well-versed in the materials and tools, CEH is a
> great
> > introduction.
> >
> > The CEH class is roughly 1/2 lecture and 1/2 lab work. Functioning in
> a 1-2
> > hour lecture/presentation/class discussion, followed by lab time. The
> > courseware books are huge, over 2600 pages. Designed to be used as
> > post-class references. There are 7 CDs of tools, well over 2,000
> individual
> > tools. Plus a bootable BackTrack 1.0 CD (yeah 2.0 has just come
> out...)
> > There is more than enough material to fill an entire week, plus much
> more
> > content for students to investigate, research, and learn on their own.
> The
> > value of the class is based on the presentation skills of the
> instructor as
> > well as the participation and comradery of the students.
> >
> > The CEH exam has been updated to reflect the improved content in the
> > courseware. However, the CEH 4.1 exam is still available until June
> 2007.
> >
> > CEH is not for everyone, especially those who already know the basics
> of
> > hacking and who can use both Windows and Linux tools/utilities. A
> Foundstone
> > or SANS course would be most appropriate for those with moderate
> security
> > testing experience.
> >
> > James Michael Stewart
> > michael () impactonline com
> > IMPACT Online - www.impactonline.com
> > Austin, TX 78749
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On
> > Behalf Of Shain Singh
> > Sent: Thursday, December 14, 2006 1:22 AM
> > To: security-basics () securityfocus com
> > Subject: RE: advice for CEH certification
> >
> > Cort Boecking wrote:
> > >
> > > What's wrong with CEH?
> >
> > This is the last time it was discussed. Not sure if people's opinions
> have
> > changed.
> >
> > http://www.securityfocus.com/archive/105/412138/30/0/threaded
> >
> > nothing wrong with a certification that makes your 1337 ;)
> >
> >
> > --
> > Shaineel Singh
> > MakePeace Media LTD
> >
> > http://mpm.org.au/shsingh
> > pgp id:  0xA9D8D351
> > fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C
> >
> > This message was written entirely with recycled electrons.
> >
> >
> >
> ------------------------------------------------------------------------
> ---
> > This list is sponsored by: ByteCrusher
> >
> > Detect Malicious Web Content and Exploits in Real-Time.
> > Anti-Virus engines can't detect unknown or new threats.
> > LinkScanner can. Web surfing just became a whole lot safer.
> >
> >
> http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetec
> t
> >
> ------------------------------------------------------------------------
> ---
> >
> >
> >
> ------------------------------------------------------------------------
> ---
> > This list is sponsored by: ByteCrusher
> >
> > Detect Malicious Web Content and Exploits in Real-Time.
> > Anti-Virus engines can't detect unknown or new threats.
> > LinkScanner can. Web surfing just became a whole lot safer.
> >
> >
> http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetec
> t
> >
> ------------------------------------------------------------------------
> ---


--
y.a.s.e
Hack a rock, there is a new kid on the block.