Is the CEH Really worth it?
There have been lots of argument on whether the CEH is worth it or it is a waste of money, time and resources. Well, it depends on what you are trying to achieve and your approach to it. Let’s head straight to the point.
If you do it as a proper course or training, and follow through on practical labs, you should be fine beyond just theoretical. Some individuals are really good at studying exam dumps, and are able to pass the exam with just this. However, passing the exam does not necessarily mean you have all the skills or knowledge needed. Speaking from personal experience, I went for a proper and intensive training boot camp on ethical hacking and security measures which also prepared me for the CEH exam without having to do ‘too much’ more study because I got the understanding, I did not cram some dumps just to pass the test.
I can tell you that with proper dedication to the concepts and content presented in the CEH, you will be equipped with a ‘beyond-reasonable’ level of skillets to start off as an ethical hacker or penetration tester. That is, if you’re not skipping bits but paying attention to the details and you are not just studying the materials to pass the exam. If you are doing the CEH to land a role as an ethical hacker or penetration tester, you would need to study and go more in-depth technically than someone who is getting the certification to support their CISA, CISM or CISSP for a managerial or ISMS audit role.
It would be fair to say the CEH is a good starting point for a career in pen-testing/offensive security but not because it is easy, or too basic but because it gives a good understanding of security concepts. They do not assume you know everything, hence taking you from basic to slightly advanced, it introduces you to tools and methods for ethical hacking.
If there is one thing emphasised a lot in the CEH, it is “Ethics”. It is not just about breaking into systems and machines but also about following due process, having and signing necessary documentations after receiving appropriate permission(s) etc. In addition, from my own experience, understanding the concepts of the CEH properly made it easier for me to grasp concepts in the CISSP. I had less to do because I had not just the theoretical but practical understanding of many concepts discussed in the CISSP. For example, I did not just know kinds of threats and attacks but also how to launch some of them (for ethical security testing purposes of course), so I know how they behave, I know what layer they can operate, I know what could make them successful which makes me be in a better position to also apply or recommend countermeasures. The CISSP for example would tell you what social engineering is, types of social engineering, what each type is capable of, but the CEH would take you a step further into how it can be done, techniques to use, tools to use and finding the weak link to exploit. So in some cases, a CEH might actually be in better position to secure systems than a CISSP.
However, in all honesty, the CEH cannot be compared to the OSCP (Offensive Security Certified Professional). The OSCP cannot be passed just by studying dumps. The Offensive security exams are a real test of knowledge and application of concepts. The exams are practical with a lot of pressure. The OSCP is a 24-hour exam for you to compromise as many systems as possible. The reputation of the CEH and OSCP in the market is still a bit debatable as to which is more in demand because this varies based on sector, location, sometimes Company preference.
This note was intended to help those who might be in a dilemma; “should I write the CEH or not”, or if the CEH is indeed a waste of time and money. The CEH and OSCP might not be on the same level of technicality, but saying the CEH is a waste of money or waste of time is not true. It all boils down to the individual, the motive for getting the certificate and how they got the certificate. Was it just by skimming through dumps (past questions), or studying the textbooks just to cover the key points in the syllabus to pass the exam but not practicing what they’re studying? Is their intention of writing the CEH to land a penetration testing or ethical hacker role? Or it is needed just to support some other certifications perhaps for managerial IT Security positions or audit roles?
Conclusion
Your motive or plans would determine how much effort you need to put in personally to study, practically apply what you’re studying and the depth you need to go. If your motive for writing the CEH is to land an ethical hacking or pen-testing role, you could take my route and go for an intensive training with a certified instructor which gives you room to ask questions right away should anything not be clear. You can buy online courses on the same but for online courses, you would need more discipline because they are mostly done at your own pace and time; there is no one pushing you. However, if your purpose of considering the CEH is just to support your existing certs or to land non-technical or non-pentesting roles, then it might be okay to just understand the concepts from studying the materials. But then, you cannot compare yourself with the other person who committed to the tasks, and applications of concepts.
I should add, that the CEH is a good supporting certification for the CISSP.
Hi. My name is Roman from “Inovit” animation studio.
Our studio creates professional 2D animation explainer videos about services/products that help to answer questions that your prospects or clients might have, such as How it works? What for? What are the main benefits etc.
Some examples of our work (portfolio) – https://www.youtube.com/inovit ?
Please, let me know if you are interested in our services and I will send you more information. Or we can simply set up a short phone call.
Contact us.
website – https://inovitvideo.com/
phone – (888) 274 8845
e-mail – rz@inovitvideo.com