Certified Ethical Hacker - C|EH

Re: Certified Ethical Hacker - C|EH

That's just plain old fashioned blackmail. The stories you've been told likely came from Hollywood originally. You're young. Work your way up the chain, take your licks and learn from it. A career isn't what you see on TV where the only people in the field are in their early 20's screaming something about dynamite going boom every 10 minutes, you've got time.

Re: Certified Ethical Hacker - C|EH

Look at what happened to Adrian Lamo, also known as the Homeless Hacker. He went around finding vulnerabilities in networks and websites and told the owners about them. He wasn't doing it for money, he was just doing it for security awareness in general to no benefit of his own. Some businesses were probably both surprised and happy that they told him, and he moved onto another network. Eventually he ran into a business that wasn't pleased at what he did and pressed charges. I believe he served some time but I don't remember exactly. Anyone know a bit more of the details?

Geohot had a bunch of legal problems with Sony before he went to work for Facebook as well.

Re: Certified Ethical Hacker - C|EH

I think passion for a particular position can be reflected in an individuals desire to go out and get "certified", I agree though, just having a certification won't get you through an interview with me.

It will get your resume considered and forwarded to me by HR, and it will influence the way I interview you, if you say you have an MCSE, CCNA, NCDA, CEH, etc etc expect me to question you on those specific technologies, failure to answer those questions in a phone screen or in person interview will always result in me recommending you not be hired.

In short, in my opinion certs are a good thing, but not the only thing.

Of course my opinion is colored by the fact that I have alphabet soup after my name :D

I think shitcanning a persons resume because they *have* a particular certification is just plain stupid (no offense) because to me holding certifications illustrates a desire to learn and understand technology and manufacturer best practices.

Re: Certified Ethical Hacker - C|EH

DjDamyard,

I think it's clear from the answers in this post that there are as many different views on what is wanted/needed to be hired as there are different types of people applying for the same job.

Bottom line, work hard to be the best you can, always keep educating yourself in your field of interest, keep an open mind and learn from others willing to share knowledge and experience and don't be an A$$.

Earn your good reputation from hard work and showing your competency, not "grandstanding" by trying to show a company's vulnerabilities just so they will hire you. If you are hired for that "grandstanding", lookout when they fire you after with a "What have you done for me lately".

Best of Luck, I hope you find what you're looking for in a career.

Re: Certified Ethical Hacker - C|EH

Good point. I don't actually shitcan because they have the cert. I shitcan them because they are proud of having a shitty cert (the CEH specifically). If they were worth a shit they'd have realized that cert isn't, and wouldn't have included it on their resume.

Thanks for helping me get this out correctly.

Re: Certified Ethical Hacker - C|EH


So how do you really feel about the CEH cert?

Re: Certified Ethical Hacker - C|EH

I will chime in on this thread. Chris and Noid are pretty much close to the bone on this. And I humbly have a pointer or two to add, if I may.

If you are not passionate about your craft, it will show. And I don't want to work with people who are not passionate about their craft. I don't want to work FOR people who are not pleased about my passion for my craft, nor have minimal knowledge of my craft. And you will run across those types of people in your career sojourn.

My experience has been that security or networking certifications on one's CV are buzz words that may get you an interview. After that, you are on your own personal experience and knowledge.

Unfortunately, I have become very disillusioned with many of the security certification associations and the organizations that pander to them. Any certification (save some advanced Cisco certs where you do a "practical") only really demonstrates that you know how to study to come up with the "right" answer. It doesn't demonstrate that that you actually have two brain cells to rub together to come up with a real-world, real client solution. Nor have the experience to do so. I humbly suggest if one is able, to save the certs until after one has determined the course of one's career.

Find a mentor. Find a mentor. Find a mentor. I cannot stress this too much. I have been incredibly blessed by the mentoring I have received from some of the people I have met here and others not here. Seek a mentor. You may find one or several for a season or for life, but find a mentor.

I may be pilloried for this comment, but here goes: Formal education at an advanced level does indeed demonstrate that one has the moxie to see a thing through. However, I would add that with OpenUniversity and other bastions of free learning available to people, a college degree may or may not be in one's best interest due to the costs regarding finances, time, stress and frustration.

It's amusing to point out that I have asked a non-college grad who had a passion for mathematics but no degree to diagram a complex mathematical formula to resounding success. And have asked a college graduate in mathematics to diagram the same formula, only to meet with confusion and not so much success. And here we go back to point one. :-) The former was successful because of their passion for their subject. The latter was not because it was part of their proscribed coursework to get a degree -- Not passion.

If you are going to study, study something that jazzes you off the walls, the ceiling, has you up at all hours and makes you fall in bed with a huge grin on your face. You spend more than half of your life at your craft, you know?

Yes, yes, yes: keep learning, keep growing, keep giving of your time, your talent, your passion wherever you can find a place to give it, to gain practical experience, will definitely show up well: on a resume, in a face-to-face interview, and most especially in a life well lived.

I apologize for the length of this and respectfully leave the podium.

Regards,

Valkyrie
__________________________________________________
sapere aude

Re: Certified Ethical Hacker - C|EH

Thanks for the awesome feedback.

It really means a lot that you guys have taken time out of your schedule to give your opinions.

I think what I get from all the answers is that it's about showing that I am committed and passionate about hacking/penetration testing/learning. I am also coming to the conclusion based on all your responses that it takes time to work ones way into the job which they aim for, and it's best to start anywhere, as long as that "foot is in the door" that can give me the chance to work my way up to my desired job through showing passion and commitment. I also get that it's not about having the paperwork saying I can do this and can do that, but it's about putting it into action, which I completely understand as if I learn something on paper, I may be faced with the same problem but presented differently if it is on screen or wherever and not have a clue what to do.

So yeah, I really appreciate the feedback I have received in this thread and I will continue to do what I am doing and showing will to learn new things and expand my knowledge to what is needed to be in my ideal job.

Thanks again to everyone who answered! It really was a great help!

Re: Certified Ethical Hacker - C|EH

Wow, I learned a lot from reading this post and would like to say thank you for your great insight everyone.

Re: Certified Ethical Hacker - C|EH

I'm a little late to this thread, but figured I'd give some advice. I've done interviews of prospective network engineers/NOC analysts and I've taught certification courses (Cisco and Microsoft) at small and large technical schools.

CEH is pretty low on the totem pole... especially if you don't have experience/education to back it up. I'd have more respect for someone with A+, Network+, etc certs.

A big red flag for me is a person who is certed up the ying-yang, but doesn't have technical experience. Some schools (cough LAN-WAN Professionals) will get you certified and fudge the resume by putting you down as a Network Consultant for 1-2 years.

One guy with a CCNP walked into our office and asked if we were hiring for network engineers. I gave him a little interview since he had the balls to find us. I always ask why they want to get into IT. I'm looking for enthusiasm, ability to adapt, troubleshooting skills and most of all someone who isn't in it just for the money. This guy couldn't telnet into a router. Seriously, WTF.

Another question I ask people is if they have built their own computer. If they have, I ask

1. What parts
2. Where did you buy everything from
3. How long did it take
4. What areas gave you problems
5. What are some things you learned while building the pc

You can tell if the candidate is a true geek if he starts talking about gpus, quad-core processors, watercooling, etc... For me, it's a HUGE red flag if someone has never built a computer.

If the candidate brings a laptop to the interview... I ask them about it. CPU, OS, ram, hard drive, favorite apps, favorite websites. It's pretty amazing how many people don't know shit about laptop they are carrying around.

As an instructor, I found the best students were the ones who didn't need to be there. People who know how to work their computers, find answers on Google, know basic shortcuts. I get so many students that don't know how to do basic tasks. For Cisco classes, the A+ and Network+ were prerequisites, but these days salespeople will let anyone in. These folks slow the entire class down because they've never worked command line or telnet.

I could go on and on, but it would raise my blood pressure :) Damn I should be a reddit IAMA - Microsoft/Cisco instructor.

Re: Certified Ethical Hacker - C|EH


I agree with what a lot of the people on here have said.

That being said, it's not just about your "technical skills" or "experience". You need to network.

Noid did touch on it, when he said :
It's not just pen-testing or IT... Whatever industry you want to work in/with/for you need to create a strong network of contacts. Hopefully you'll have fostered that network enough that at some point, when you are looking for a position they will actively help you. Hell, just getting your resume into the right persons hands is a big win. It's not JUST about WHAT you know [though (in most cases) you do need to have the skills to get/keep the job), it's also about WHO you know.

You may also want to pickup a copy of (InfoSec Career Hacking) http://www.amazon.com/dp/1597490113/ as two of the authors have already replied to you in this thread.