Thanks harry for this useful information!
But is the CCSP not way too vendor orientated??
Don't eat yellow snow :rolleyes:
It should be pointed out that there's more to getting a CISSP than just simply passing the exam.
For example, you must have 5 years of direct security experiance to even take the exam, much less pass.
https://www.isc2.org/cgi-bin/content.cgi?category=1187
For the CEH, it is like cisco certifications where if you take the exam, you get the cert.
You can substitute education for at least one of the years. And it remains unclear how specific you have to be in outlining your experience. For example, I have never had a full time IT job (until now), although I have had several years of jobs that related to specific domains of the CBK. For example:Originally Posted by anubis2k7
I can say quite honestly that I have met *all* of these experience requirements, even specifically relating to IT and CISSP CBK domains, despite not ever having a full-time IT job until now.CISSP professional experience includes:
* Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
* Work requiring habitual memory of a body of knowledge shared with others doing similar work.
* Management of projects and/or other employees.
* Supervision of the work of others while working with a minimum of supervision of one's self.
* Work requiring the exercise of judgment, management decision-making, and discretion.
* Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
* Creative writing and oral communication.
* Teaching, instructing, training and the mentoring of others.
* Research and development.
* The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
* Applicable titles such as officer, director, manager, leader, supervisor, analyst, designer, cryptologist, cryptographer, cryptanalyst, architect, engineer, instructor, professor, investigator, consultant, salesman, representative, etc. Title may include programmer. It may include administrator, except where it applies to one who simply operates controls under the authority and supervision of others. Titles with the words "coder" or "operator" are likely excluded.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
I think they still require a copy of your resume and that you be endorsed by a CISSP or a senior official in your company.
The years experience was just increased from two to five. I guess too many people were passing the exam.
Some guy at work told me about this. Honestly I think it is a waste of time. For some reason I like to live my life and study what I need to study on my own. After getting conned and scammed out of 3,000GBP with 'SkillsTrain' [Cisco CCNA/CCNP] I dont think I will be signing up for anything soon...especially something as worthless as this Ethical BS.
Just curious, why do you feel you were scammed?
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
They don't teach you how to "hack the Gibson"
Angry CEH guy
Ok, so pardon the soap box BUT...i feel very adament about a few things. First, the ceH is a great cert as in terms of pentesting certs there is it and it alone. CISSP is a general security cert, with a sprinkle of pentest in it. CEH for whats its meant to announce to the world when you are looking for work does what it intends to do. BUT, having taken the test I had a lot more respect for it before taking the test.
Basically, the test consists of a mishmash of questions that were written by someone who obviously didn't completely understand "security", like there were several questions which were so subjective you had to guess at what the question writers intended but you knew it was completely wrong. Additionally, after taking the test, you can use the internet for it (which lets be honest anyone doing a pentest [or other nefarious less legal deeds] will have) so while googling the hell out of a few questions i realized the test has literally been pulled together by literal word for word rips from honeynet.org and other sites(prime example they had a packet analysis question in which googling some of the packet content returned honeynet.org sample questions, should a packet capture from a test match anything else out there? NO! they basically ripped the shit out of other peoples content!
Also, having prior experience with the subject matter, i thought for someone new to sec it'd be great, anyone else would just be glad to get a stupid cert so the suit monkeys could say that guy knows his stuff.
Sorry, i'll get off my soap box but A) CEH is a blatant rip of other peoples content mixed with a mediocre level of understanding of it B) The name of the test is tarded [can you truly invoke ethics into people and by the way the test has zero content associated with ethics and should you do this] C) The test inspired me to start down the path of creating my own new pentest cert (which i even have a snazzy name and everything but its goign to take some time to get rolling, if the muse of inspiration doesn't leave it in a half empty bottle of beer).
So in short, get the cert just so you can have a semi-respected security cert but dont expect much in terms of content. I wish SANS had come up with CEH, then it would of been the shit.
Oh anyone interested in assisting with creating a new cert email msg me.
I do not feel as if I was scammed...I was scammed. Here is the link to a forum thread, my post is post number #666.
http://forums.digitaltrends.com/show...t=9837&page=67
I think the lesson that you learned there is to listen to you inner voice. If you felt that something was strange, then you should have cut it off right there and not proceeded any further. But hindsight is always 20/20.
In reply to the guy before you.
I'd think that any kind of test that claims to be 'Ethical' should have some questions that finds out if the person is ethical or not.
Maybe something along the lines of the Voight-Kampff Test.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Posting Permissions
