Friends Don’t Let Friends CEH

Just say “no”
  1. It was one of the first pentest certs on the scene.
  2. It was offered up by a US company making it eligible for US .mil and .gov contracts.
  3. As a result of #1 and #2 it found its way into the “thou shalt have some sort of certification for this federal government job, so go down to Pearson Vue and take a point and click multiple choice test” list.

“Okay, so what programs do you recommend?”

Well, it’s January 2018, and the gold standard still is the OSCP (Offensive Security Certified Professional). It’s Offensive Security’s flagship and for good reason. You have to actually DO penetration testing, not just read about it and spit out answers. It takes tenacity above all else — an OSCP holder shows the world that s/he “tried harder” and literally “suffered” through some abonimably-yet-intentionally vulnerable systems, exploited them, and escalated privileges. The hard work aspect may actually overshadow the technical learning, but both are top notch. I always admire the engineering behind their labs — it takes a ton of planning to keep so many vulnerable systems running, but keep their exploit chains a secret so students actually learn for themselves.

What is your purpose in pursing a penetration testing certification?

Is it to break into the field of penetration testing for the first time? If so, I think you’ll find good pentest teams and managers look for evidence of your capability and talent — how you answer technical scenario questions is much, much more valuable than the alphabet soup you used to pad your size 16 font resume to take up a whole page. If you’re in this boat and on your own dime, take one of the well vetted upstart training programs, and focus on learning, not passing the exam. Go above and beyond. Do every lab. Research on the web and take your knowledge beyond what the curriculum would.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store