I’ve been approached about doing a book on the EC-Council Certified Ethical Hacker (CEH) certification and I’ve been going back and forth on it.
If you have any opinions you can share on the CEH certification, I’d love to hear from you. You can leave a comment on this page.
Some questions that come to mind are:
- If you have the certification, have you found it valuable to you?
- Have you considered it, but decided against it?
- Do you see it as a worthy certification to pursue?
- Do you see other similar certifications as more valuable?
- What path do you see as most valuable to someone pursuing a job in IT security?
Looking around, it seems to have a lot in common with Security+, but is more technical. Someone might pursue it after the Security+ with the goal of increasing their forensics skills. It will also help people build skills related to vulnerability and penetration testing and set them up to move into a job requiring these skills.
In contrast, many people often pursue the CISSP certification after the Security+. It is much broader than the Security+ cert and often sets up individuals to move into managerial positions, or at least positions of greater authority and responsibility. People often pursue the SSCP certification first as a stepping stone to the CISSP certification.
Of course there other paths, such as the CompTIA CASP certification, which can now be used instead of CISSP for some DoD positions.
I also see that the CEH exam is a little pricey and you’re penalized monetarily if you self-study for it. Specifically, it costs $500 to take the exam and if you take it without attending one of their courses, you must pay an additional $100. I don’t see any justification for this on the EC-Council site, so I get the impression they are very interested in ensuring people attend their courses. And, their study materials cost $850. I realize people can take and pass the exam by self-studying and without paying $850 for EC-Council’s study materials, and I know many people do so. I just don’t understand the monetary penalty for self studying.