|
Home > Archive > General Discussion > November 2003 > How does CEH Compair to ISECOM Certs?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How does CEH Compair to ISECOM Certs?
|
|
|
|
|
| Good question, unfortunately I have no idea. However being on the job trail recently I have had the chance to discuss various certifications with more than a few employment companies and HR people. The word hacker (even if accompanied with ethical) is something they are not comfortable with. They seem to have the same general opinion that most of the greater public that a hacker is a bad person. Perhaps someday this will change, but until then I will learn the subject matter for my own knowledge purposes, but leave the certifications aside and stick to the Comptia Sec+ and CISSP tracks. | |
| jaygill 2003-09-15, 10:25 am |
| I also have been looking for work in security consulting since I want to leave my current company. Everywhere around here is ISECOM (www.isecom.org) and the OSSTMM (www.osstmm.org). I told one interviewer I had CEH and was practically laughed out the door. They said they don't need someone who can spell nmap- they need someone who knows the OSSTMM. They wanted OPST or OPSA but there's nowhere in Canada now to take it so I may fly to the states for it. Since so many companies are sending out RFPs for pen tests and consultancy that they want OSSTMM tests, you can't get by on CEH. Funny enough, CEH has the balls to refer you to the OSSTMM. ISECOM may be small now but they're growing huge! I mean, even their competitors refer to them as the source and hand out their stuff in the classes. Go OPSA is my advice if you want to be a security consultant. At least in Canada. | |
|
| God, what a bunch of idiots! The CEH is not an end-all. You combine it with a CISSP to show your ability to recognize the other side. What are you supposed to say, "I hacked into things when I was younger so I have a pretty good idea how to harden the system"!?? Educate yourself before you speak. | |
| comblues 2003-11-15, 3:28 pm |
| Hmmm...
Guys
The OSSTMM is simply a methodology that uses no particular tool.
The training for the OSSTMM is a mindset.
If I can open a door 10 different ways.
That may be lesson 1...
Lesson 2 would be something like
How many ways can a mecahnic fix a tire...
Etc.
Basically, the OSSTMM by itself has little to even to with a computer much less hacking.
It is about how to think.
And that is what Hacking is about.
If you simply jump in and start typing - You are either not a hacker or a poor one.
Ever watch Idiana Jones or MacGuiver?
There you have a pair of "Hackers" Why because they look before they leap.
If you do that on my network, you simply will never do it twice.
If any of you out there have ever worked with me - You know I am serious here.
Now the CEH, the CEH takes one into an exploration of the practical usage of tools and their many applications.
Combine the 2 and you have a potent combination.
A guy who knows which tool to use and knows enough to consider how to use it both methodically and thoughtfully.
Now my friends you have the quintessential "UBER-HACKER"
As far as the CISSP and the 10 domains go - I personally have far less respect for this title.
Seems to be more for someone who needs a broad idea of what is to be done - not how or why to do it.
Hmmm...
I do find a sense of respect in what SANS has to offer. At least from the vantage point of content.
The idea that the paper is submitted and the tests are taken on an honor system somewhat bothers me a bit.
That is I can have an associate write my paper and perhaps even "take" my exams...
This scares me a bit.
I like the CEH because you simply have to know how to read output from commands, you have to know what parameters to input, if not you simply will not pass.
Now combine this with a strong lab and we've got the hottest cert in a decade.
Oh well, I digress...
Good luck folks... |
|
|
|
|