Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: CEH (Certified Ethical Hacker)

  1. #11
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Thanks harry for this useful information!


    But is the CCSP not way too vendor orientated??
    Don't eat yellow snow :rolleyes:

  2. #12
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default

    It should be pointed out that there's more to getting a CISSP than just simply passing the exam.

    For example, you must have 5 years of direct security experiance to even take the exam, much less pass.

    https://www.isc2.org/cgi-bin/content.cgi?category=1187

    For the CEH, it is like cisco certifications where if you take the exam, you get the cert.

  3. #13
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by anubis2k7 View Post
    It should be pointed out that there's more to getting a CISSP than just simply passing the exam.

    For example, you must have 5 years of direct security experience to even take the exam, much less pass.
    You can substitute education for at least one of the years. And it remains unclear how specific you have to be in outlining your experience. For example, I have never had a full time IT job (until now), although I have had several years of jobs that related to specific domains of the CBK. For example:
    CISSP professional experience includes:
    * Work requiring special education or intellectual attainment, usually including a liberal education or college degree.
    * Work requiring habitual memory of a body of knowledge shared with others doing similar work.
    * Management of projects and/or other employees.
    * Supervision of the work of others while working with a minimum of supervision of one's self.
    * Work requiring the exercise of judgment, management decision-making, and discretion.
    * Work requiring the exercise of ethical judgment (as opposed to ethical behavior).
    * Creative writing and oral communication.
    * Teaching, instructing, training and the mentoring of others.
    * Research and development.
    * The specification and selection of controls and mechanisms (i.e. identification and authentication technology) (does not include the mere operation of these controls).
    * Applicable titles such as officer, director, manager, leader, supervisor, analyst, designer, cryptologist, cryptographer, cryptanalyst, architect, engineer, instructor, professor, investigator, consultant, salesman, representative, etc. Title may include programmer. It may include administrator, except where it applies to one who simply operates controls under the authority and supervision of others. Titles with the words "coder" or "operator" are likely excluded.
    I can say quite honestly that I have met *all* of these experience requirements, even specifically relating to IT and CISSP CBK domains, despite not ever having a full-time IT job until now.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  4. #14
    Senior Member DaKahuna's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default

    I think they still require a copy of your resume and that you be endorsed by a CISSP or a senior official in your company.

    The years experience was just increased from two to five. I guess too many people were passing the exam.

  5. #15
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Some guy at work told me about this. Honestly I think it is a waste of time. For some reason I like to live my life and study what I need to study on my own. After getting conned and scammed out of 3,000GBP with 'SkillsTrain' [Cisco CCNA/CCNP] I dont think I will be signing up for anything soon...especially something as worthless as this Ethical BS.

  6. #16
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by The_Denv View Post
    Some guy at work told me about this. Honestly I think it is a waste of time. For some reason I like to live my life and study what I need to study on my own. After getting conned and scammed out of 3,000GBP with 'SkillsTrain' [Cisco CCNA/CCNP] I dont think I will be signing up for anything soon...especially something as worthless as this Ethical BS.
    Just curious, why do you feel you were scammed?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #17
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by streaker69 View Post
    Just curious, why do you feel you were scammed?
    They don't teach you how to "hack the Gibson"

  8. #18
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Angry Angry CEH guy

    Ok, so pardon the soap box BUT...i feel very adament about a few things. First, the ceH is a great cert as in terms of pentesting certs there is it and it alone. CISSP is a general security cert, with a sprinkle of pentest in it. CEH for whats its meant to announce to the world when you are looking for work does what it intends to do. BUT, having taken the test I had a lot more respect for it before taking the test.

    Basically, the test consists of a mishmash of questions that were written by someone who obviously didn't completely understand "security", like there were several questions which were so subjective you had to guess at what the question writers intended but you knew it was completely wrong. Additionally, after taking the test, you can use the internet for it (which lets be honest anyone doing a pentest [or other nefarious less legal deeds] will have) so while googling the hell out of a few questions i realized the test has literally been pulled together by literal word for word rips from honeynet.org and other sites(prime example they had a packet analysis question in which googling some of the packet content returned honeynet.org sample questions, should a packet capture from a test match anything else out there? NO! they basically ripped the shit out of other peoples content!

    Also, having prior experience with the subject matter, i thought for someone new to sec it'd be great, anyone else would just be glad to get a stupid cert so the suit monkeys could say that guy knows his stuff.

    Sorry, i'll get off my soap box but A) CEH is a blatant rip of other peoples content mixed with a mediocre level of understanding of it B) The name of the test is tarded [can you truly invoke ethics into people and by the way the test has zero content associated with ethics and should you do this] C) The test inspired me to start down the path of creating my own new pentest cert (which i even have a snazzy name and everything but its goign to take some time to get rolling, if the muse of inspiration doesn't leave it in a half empty bottle of beer).

    So in short, get the cert just so you can have a semi-respected security cert but dont expect much in terms of content. I wish SANS had come up with CEH, then it would of been the shit.

    Oh anyone interested in assisting with creating a new cert email msg me.

  9. #19
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by streaker69 View Post
    Just curious, why do you feel you were scammed?
    I do not feel as if I was scammed...I was scammed. Here is the link to a forum thread, my post is post number #666.

    http://forums.digitaltrends.com/show...t=9837&page=67

  10. #20
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by The_Denv View Post
    I do not feel as if I was scammed...I was scammed. Here is the link to a forum thread, my post is post number #666.

    http://forums.digitaltrends.com/show...t=9837&page=67
    I think the lesson that you learned there is to listen to you inner voice. If you felt that something was strange, then you should have cut it off right there and not proceeded any further. But hindsight is always 20/20.

    In reply to the guy before you.

    I'd think that any kind of test that claims to be 'Ethical' should have some questions that finds out if the person is ethical or not.

    Maybe something along the lines of the Voight-Kampff Test.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •