Penetration Testing mailing list archives
Re: Pentest exams
From: Pedro Drimel <pedrodrimel () gmail com>
Date: Fri, 9 Oct 2009 09:36:45 -0300
I heard that EC-Council training and certification are more tool oriented than concepts and people who took it didn't tell me good things, I think we can't compare with SANS (most of people who took SANS training like it a lot)... Then, I wouldn't go for an EC-Council class, also I didn't want to consider myself an ethical hacker, prior to define myself as an ethical hacker, I need to be a hacker, right? and in my humble opinion, most of the security professionals (including myself) are years and years of skills behind real hackers. So (IMHO), why do people get CEH? Management like this! (even tough most of them don't know what the course/certification stand for). I highly recommend Offensive Security course, that guys are real hackers and the way the course challenge you, there's no way to finish without getting pentest skills. Regards, Pedro. 2009/10/7 Robert Portvliet <robert.portvliet () gmail com>:
Taking the course from EC-Council allows you to circumvent the 2 years of experience requirement. A big advantage to taking the SANS courses as opposed to just challenging the exam is that the exams are open book, so you're going to kind of want access to the SANS course materials. I'd love to take Security 560, but 3k is a heck of nut to crack right now... On Tue, Oct 6, 2009 at 12:09 PM, Eric Kollmann <xnih13 () gmail com> wrote:I can't speak specifically about either of the ones you originally asked about, but comparing the CEH (EC-Council) vs the GCIH (SANS), from a learning perspective, the SANS course was hands down better on what I learned at the end of it. I learned stuff in the EC-Council course, but not nearly to the extent I did from the SANS one. As for the question if SANS courses are worth the cost, depends on what you want to do in the long run. At least with the GIAC tests, if you just want the cert, you can challenge it and don't have to take the course. To get the VCP, from VMware, you have to actually take their class. I believe that was the same thing with EC-Council and the CEH, though that may have changed in the past 2 or 3 years since I did that course. The VCP cost me as much as the GCIH, which I did take the course on. The GPEN I just challenged. Anyway, according to this article a recent IT Trends Survey has GIAC holding 3 of the top 10 most demanded certs out there: http://www.govinfosecurity.com/articles.php?art_id=1807&pg=1 This one has 5 of the 10 being the most valued: http://www.govinfosecurity.com/articles.php?art_id=1782&pg=1 Ultimately the certs just get you through the door. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Pentest exams Stephen Mullins (Oct 05)
- Re: Pentest exams Curt Shaffer (Oct 05)
- Re: Pentest exams Stephen Mullins (Oct 05)
- Re: Pentest exams Tony Turner (Oct 06)
- Message not available
- Re: Pentest exams Eric Kollmann (Oct 06)
- Re: Pentest exams Paul Deasy (Oct 06)
- Re: Pentest exams Robert Portvliet (Oct 09)
- Re: Pentest exams Pedro Drimel (Oct 13)
- Re: Pentest exams Kevin L. Shaw, CISSP, GCIH (Oct 13)
- Re: Pentest exams Stephen Mullins (Oct 05)
- Re: Pentest exams Curt Shaffer (Oct 05)