I’ve been approached about doing a book on the EC-Council Certified Ethical Hacker (CEH) certification and I’ve been going back and forth on it.
If you have any opinions you can share on the CEH certification, I’d love to hear from you. You can leave a comment on this page.
Some questions that come to mind are:
- If you have the certification, have you found it valuable to you?
- Have you considered it, but decided against it?
- Do you see it as a worthy certification to pursue?
- Do you see other similar certifications as more valuable?
- What path do you see as most valuable to someone pursuing a job in IT security?
Looking around, it seems to have a lot in common with Security+, but is more technical. Someone might pursue it after the Security+ with the goal of increasing their forensics skills. It will also help people build skills related to vulnerability and penetration testing and set them up to move into a job requiring these skills.
In contrast, many people often pursue the CISSP certification after the Security+. It is much broader than the Security+ cert and often sets up individuals to move into managerial positions, or at least positions of greater authority and responsibility. People often pursue the SSCP certification first as a stepping stone to the CISSP certification.
Of course there other paths, such as the CompTIA CASP certification, which can now be used instead of CISSP for some DoD positions.
I also see that the CEH exam is a little pricey and you’re penalized monetarily if you self-study for it. Specifically, it costs $500 to take the exam and if you take it without attending one of their courses, you must pay an additional $100. I don’t see any justification for this on the EC-Council site, so I get the impression they are very interested in ensuring people attend their courses. And, their study materials cost $850. I realize people can take and pass the exam by self-studying and without paying $850 for EC-Council’s study materials, and I know many people do so. I just don’t understand the monetary penalty for self studying.
I really loved your Security + guide. I am preparing for the CEH exam now. There’s a very good CEH prep book by Matt Walker that would be a very strong competitor. Trying to combine Security + and CEH in one book would be a disaster. CEH focuses heavily on tools and its objectives seem to get updated every year. Security + objectives evolve much more slowly. Combining the 2 exams in 1 book would make the book very expensive and confuse less experienced test preppers.
Anything is better than the EC Council’s official books. I have the v7 set with the slideshows and software. The EC Council books are printed out slideshows (pretty color paper)with software tools mentioned in the body and listed at the end of every chapter. There’s no attempt to really identify which tools are best for a task.
If you can cut through the tool clutter of CEH and leverage your reputation as an outstanding Security + author, write a CEH book for your fans. Otherwise move on to ITIL Foundations, a Cloud Security Alliance cert, or more of the other somewhat neglected certs that you use your authorial touch.
Great feedback Kate. Thanks. Good luck with the CEH exam.
I purchased your SYO-301 study guide and your online study package and they where a huge help, I passed the security+ exam on March 28th with an 841 score. I really think you would find a high demand for books helping with certs that satisfy a DoD 8570 level 3 requirement. I personally will be going that route as I prefer the more technical, I would really like to see a study guide for a CEH oriented cert and I think there are many others that will need to meet that DoD 8570 requirement being the next step up from Security+ which meets the level 2. Thanks for all your help!
Congratulations on the pass Ray.
Thanks for the suggestion.
After reading your comment I noticed that CEH is in each of the Computer Network Defense Service Provider (CNDSP) categories, which I hadn’t noticed before. (http://iase.disa.mil/eta/iawip/content_pages/iabaseline.html)
Good luck with your next adventure.
If there was way for you to combine both the CEH and the Security + into one master guide, I would totally buy it! But if the only option is to create a separate book, you just have to weigh all the other projects you have going on.
Good day Darril,
In order to challenge the exam you must apply to have your past experience recognized.
Then you get a NUMBER that allow you to book you exam with VUE or Prometric.
Best regards
Clement
Thanks Clement. I didn’t get your point right away, but I see what you mean. The $100 isn’t a penalty, but instead to pay for someone to evaluate past experience.
Have you seen them refuse anyone?
I’m thinking with the books I’ve written and my public profile, I wouldn’t have any problem getting approved, but I may be wrong.
I have three of your books (SSCP, Security+, and A+), and though writing a book is a daunting task, I think you should totally do it.
Thanks Wai. I appreciate your input. – Darril