Getting the CEH certification to join an ethical hacking network

Ask the Expert

Getting the CEH certification to join an ethical hacking network

I'm interested in becoming a Certified Ethical Hacker. Do you consider this to be a worthwhile certification for a growing field? Is there any specific experience I should try to get that might help me along this path?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

It's no secret that I have issues with portions of the security certification industry, in particular with the way that the word "ethics" is thrown around with no apparent thought about the concept. It seems that ethics only comes up when someone is getting certified or when a cert holder gets in trouble; no one actually teaches cert holders about ethics.

As a result, I was particularly intrigued when I first heard about the Certified Ethical Hacker (CEH) certification about a year ago. My research to date has indicated there is little-to-no discussion of what it means to be ethical in the certificate's training materials, and what discussion is there appears to be limited to importance of having permission before performing an assessment. Grantees of the certificate must agree to follow a code of ethics, but the CEH's code doesn't appear to be any better or worse than (ISC)2's or GIAC's, which is to say it's pretty lousy.

That being said, I have reviewed the curriculum of the class. The course outline that I saw covers a broad range of topics that any good security analyst should be familiar with. The question to ask is whether this information is something you can learn on your own or if you prefer the classroom environment.

There are two main reasons to get a certification: first, if you want to work for many government agencies, you need to be certified; and second,, some employers give bonuses for gaining certifications, in which case, by all means, certify away.

If neither of those cases apply, I don't really see the value of most certifications. Savvy hiring managers -- the ones you want to work for -- know that certifications have limited value and instead look for real-world experience and an understanding of how security needs to work in a business environment.

For more information:

This was first published in January 2009