Industry grade certifications matter when working in the Cybersecurity field. You might be an expert or just a beginner looking to enter into Cybersecurity. There are entry-level, intermediate-level and advanced-level certifications available to you depending on your experience in the security field.
For the last two years, I've been an automation programmer in Perl and Python. I've never been professionally involved with the security industry before. Hell, I didn't even know such an industry existed until my final semester in undergrad. It was one of my professors who first got me interested in cryptography and I've been hooked ever since.
Considering that I'm a newbie to the security industry and for a person with my level of experience, the Certified Ethical Hacker (CEH) is a very good entry-level certification to have. The CEH is administered by the EC-Council. They also offer training and other certifications like ECSA (EC-Council Certified Security Analyst) and LSA (Licensed Penetration Tester). The latest version, CEH v10 was first offered sometime in March, 2018.
The latest version of CEH includes separate modules on IoT security, malware analysis and vulnerability assessment. It also introduces the CEH Practical certification (a grueling 6 hour exam!)
The passing marks depend on the type of questions you face in the exam. If you have a difficult paper, the passing mark is lower and vice versa.
To be eligible for attempting the CEH certification, you would have to possess one of the following:
Having never worked in the security industry before, I had to buy the official training materials from EC-Council. I was planning to give the exam from home, so I chose the iWeek platform which cost me $450. In this package, I received:
I started preparing for CEH v10 while I was still working at NetApp, Bangalore. The training materials consisted of:
My exam was on 4th August, 2018. My session was proctored by technicians from the ProctorU organization.
The technician assigned to me was very polite and asked me a few questions to validate my identity. Since my home is not a test center, the technician asked me to point my laptop camera around my workstation to ensure that there were no illegal materials lying around.
Due to a glitch in my network connectivity, it took them almost forty minutes to set up my test environment - which includes activating flash, camera, microphone and remote control. I thought that the exam would be postponed because of technical issues, but thankfully everything was resolved.
I believe that the four-hour time assigned to the exam is way more than needed. I completed my exam in about 1:15 hours. There is also a CEH Assessment sample exam on the EC-Council website which I could complete in 55 minutes. The result of the exam is displayed the moment you submit. I passed! The results are populated in ASPEN around one week after the exam date. The CEH certificate will then be available to you for download and the paper certificate is dispatched to the specified address as well.
Preparing for the CEH exam was very helpful in furthering my theoretical knowledge database. Although the practical knowledge received is minimal, it is important to remember that the CEH is an entry-level certification. After the CEH, I'm much more comfortable in understanding cyber security discussions online and more importantly, I know which tools are helpful in various situations. There is no cybersecurity professional who would say tools are for noobs (and I'm not talking about script kiddies - they are the real noobs).
If you're planning to take the CEH exam, good luck! If not, are you sure? If you're sincere in studying the training materials, it's not a difficult exam to pass. If you have any questions, leave a comment below and I'll get back to you as soon as I can.
For the last two years, I've been an automation programmer in Perl and Python. I've never been professionally involved with the security industry before. Hell, I didn't even know such an industry existed until my final semester in undergrad. It was one of my professors who first got me interested in cryptography and I've been hooked ever since.
Considering that I'm a newbie to the security industry and for a person with my level of experience, the Certified Ethical Hacker (CEH) is a very good entry-level certification to have. The CEH is administered by the EC-Council. They also offer training and other certifications like ECSA (EC-Council Certified Security Analyst) and LSA (Licensed Penetration Tester). The latest version, CEH v10 was first offered sometime in March, 2018.
How does CEH compare to other entry-level certifications?
CEH is, of course not the only entry-level certification out there. CompTIA Security+ is one another entry-level certification that I believe is a must have for entry-level professionals. Both certifications lead to a very good understanding of a variety of topics.
The Security+ certification is for those looking to further their knowledge of Cybersecurity principles and networking protocols. CEH, ideally would be the next target certification for those looking at a career in the penetration testing or incidence response fields.
When I was in college, I used to train in boxing. Being an out-boxer, I preferred to outclass, counter-punch and outpace my opponents. A penetration tester or red team member personality is more of an in-boxer's while my personality is similar to an incidence response or blue-team member. I already have the Security+ certification so CEH was my next target.
How is CEH v10 different from CEH v9?
The latest version of CEH includes separate modules on IoT security, malware analysis and vulnerability assessment. It also introduces the CEH Practical certification (a grueling 6 hour exam!)
Exam Format
The CEH v10 exam format is same as CEH v9.
- Number of questions: 125 (All multiple-choice questions)
- Test duration: 4 hours
- Exam prefix: 312-50
The passing marks depend on the type of questions you face in the exam. If you have a difficult paper, the passing mark is lower and vice versa.
Prerequisites
To be eligible for attempting the CEH certification, you would have to possess one of the following:
- Official training from EC-Council, either through an accredited training center, iWeek platform, or at an approved academic institution.
- Two years of work experience in the information security domain
Purchasing the Training Materials
Having never worked in the security industry before, I had to buy the official training materials from EC-Council. I was planning to give the exam from home, so I chose the iWeek platform which cost me $450. In this package, I received:
- ASPEN e-courseware access code
- This is the EC-Council administered site (www.aspen.eccouncil.org) where you can download the training materials. They require specialized software and an internet connection to view.
- ASPEN training evaluation
- After the 5-day training from an EC-Council certified instructor, you would need to fill up a survey evaluating your experience on ASPEN.
- ECC ProctorU exam voucher
- This is the exam voucher which is valid for one year. You would require this on the exam day (www.eccexam.com).
- CEH v10 iLabs code
- iLabs is a virtual platform (www.eccouncil.learnondemand.net) for applying the knowledge you gained from the training sessions on practical scenarios.
Exam Preparation
I started preparing for CEH v10 while I was still working at NetApp, Bangalore. The training materials consisted of:
- Twenty modules.
- iLabs.
Office work regularly took up more than 10 hours of my day. It was quite difficult to maintain a daily schedule of studying the training materials because of fatigue. Weekends, however presented a good window for studying.
I was able to complete one round of reading through the training material in 2 months. As I read through the modules, I maintained a text file which contained the most relevant points from that chapter. After the first round, my plan was to just read through the text file instead of scouring through the training materials again. This turned out to be a good idea because 100-slide PPT files were reduced to 5-10 pages.
The iLabs section is not very useful for the exam itself. However, it is a very good resource to get a basic practical understanding of what you're learning from the training materials.
I was able to complete one round of reading through the training material in 2 months. As I read through the modules, I maintained a text file which contained the most relevant points from that chapter. After the first round, my plan was to just read through the text file instead of scouring through the training materials again. This turned out to be a good idea because 100-slide PPT files were reduced to 5-10 pages.
The iLabs section is not very useful for the exam itself. However, it is a very good resource to get a basic practical understanding of what you're learning from the training materials.
Exam Day
My exam was on 4th August, 2018. My session was proctored by technicians from the ProctorU organization.
The technician assigned to me was very polite and asked me a few questions to validate my identity. Since my home is not a test center, the technician asked me to point my laptop camera around my workstation to ensure that there were no illegal materials lying around.
Due to a glitch in my network connectivity, it took them almost forty minutes to set up my test environment - which includes activating flash, camera, microphone and remote control. I thought that the exam would be postponed because of technical issues, but thankfully everything was resolved.
I believe that the four-hour time assigned to the exam is way more than needed. I completed my exam in about 1:15 hours. There is also a CEH Assessment sample exam on the EC-Council website which I could complete in 55 minutes. The result of the exam is displayed the moment you submit. I passed! The results are populated in ASPEN around one week after the exam date. The CEH certificate will then be available to you for download and the paper certificate is dispatched to the specified address as well.
Exam Tips
Here are some tips which I believe would be useful to those who are planning to attempt the CEH exam:
- Attempt the CEH assessment exam. I found 3-4 questions on the CEH exam which were picked as is from the assessment exam.
- Attempt sample exams (you have an option to tweak the number of questions) from www.ceh.cagy.org. I found the sample questions very helpful and there were a few questions on the CEH exam which were picked up from here. Also, note that CEH v10 is the new version and the questions on www.ceh.cagy.org are from CEH v9 and/or CEH v8.
- Make reliable notes when reading through the training materials. This would be very helpful when revising a few days prior to the exam.
- Memorize the well-known port numbers and also port numbers that popular malwares use.
- Memorize the tool names. It is very important for a cybersecurity professional to know which tools to use when faced with a situation (especially DDoS). You cannot always start from the ground up, and by the time you are ready the cyber criminal will be long gone.
- The CEH provides a massive amount of theoretical knowledge. Ensure that you understand them enough to apply in a practical scenario.
Exam Takeaway
Preparing for the CEH exam was very helpful in furthering my theoretical knowledge database. Although the practical knowledge received is minimal, it is important to remember that the CEH is an entry-level certification. After the CEH, I'm much more comfortable in understanding cyber security discussions online and more importantly, I know which tools are helpful in various situations. There is no cybersecurity professional who would say tools are for noobs (and I'm not talking about script kiddies - they are the real noobs).
If you're planning to take the CEH exam, good luck! If not, are you sure? If you're sincere in studying the training materials, it's not a difficult exam to pass. If you have any questions, leave a comment below and I'll get back to you as soon as I can.
No comments:
Post a Comment