The Value of a (Ethical Hacker) Certification

by Bruce Brown | 7 Comments

Ok, I admit it. I have totally slacked off on getting that CEH certification. I’ve had the boot camp, I’ve amassed lots of great books and resources, I’ve even talked to some people who have passed it, but I still haven’t been consistent about studying. For a while I was pretty consistent. I read the Official Study Guide and started working on an Unofficial one.

Why don’t I have that cert yet? I suppose I just don’t feel I have a reason to have it. It would just be for show because I don’t really do pen testing. ’d like to, but in my job, I don’t usually have the opportunity to do it or reason to do it. I’ve already got the CISSP so I don’t need the CEH for some kind of prestige. Many hackers piss on certifications they are not impressed with them and are willing hurt anyone who flashes the credentials. The CISSP trumps most certification. The only real benefit for me getting it is that it would force me to get more familiar with tools like netcat and Snort which I don’t use enough. I am interested in cyber kung fu. Lately, I have been more drawn to the scientific and mathematical side of technology.. the side where the innovation are born, not just mastered. I’ve been sharpening up my math skills and plan on getting into Computer Science, Electrical Engineering or physics.

I haven’t decided whether I want to take the CEH because I want to do something that has more depth. I suppose I could complete the CEH, go through Computer Science and specialize in security/crypto/info assurance and follow in the foot steps of Bruce Schneier and Steve Gibson. In the beginning, certifications were definitely a step up, but I’m in a place now where they are just ornaments, flashy bobbles I could decorate my name with when I need an ego boost. If my wife and kids are giving me lip I can say, “don’t you know I am a CISSP, A+, B, C, D, E, F, G. You MUST respect my awesome test taking ability!”

I’ve said it before, I think certifications can be of great value. If you work for the Department of Defense in IT you pretty much MUST have one (per DoD 8570). Certifications can give you that extra edge against competing employees in the private sector. Problem arise when the IT certifications value is taken out of context. Like the 8570 which makes it mandatory to have a certain certification regardless of your experience and/or degrees. That is a bit much. Not everyone who passes the CISSP can configure a firewall properly. But perhaps thats the reason the DoD wants system specific certification.

7 Comments on The Value of a (Ethical Hacker) Certification

  1. Ethical Hacking
    June 26, 2008 at 2:06 am (10 years ago)

    Getting a certified ethical hacking certificate would definitely help you, depending on how serious you are about the whole thing and where you do your course from. I would suggest you enroll yourself in a reputed institute with good trainers and a track record to match. If nothing, it will surely give you confidence.

  2. Pass CISA
    July 4, 2008 at 11:16 pm (10 years ago)

    I do agree that Ethical Hacking certification is one of the best certification. by this you are helping the society apart from your career.

    Team CISA made Easy Blog
    A blog devoted for CISA preparation.

  3. Ajex
    August 12, 2008 at 8:41 pm (10 years ago)

    I have tried the web address given by Pass CISA which is not related to CISA. Perhaps this is a typing mistake. Through google i searched and actual address is

    This is a useful blog for cisa preparation.I thank for providing such a nice cisa blog address.

    I have also query for CEH. whether a company email address is mandatory for CEH application.


  4. Mac
    August 27, 2008 at 7:00 pm (10 years ago)

    in regards to 8570 most of those running around with CISSPs and other acronyms in their signature line aren’t even configuring firewalls. They are defending the network with paperwork…reams and reams of paperwork! Just this week a slayed a whole stack of paper dragons. Reviewed, organized, and digitized. I’m sure someone somewhere is sleeping very soundly knowing that if any of those users choose to violate the policy, I have a piece of paper and quite a few bytes saying they agreed not to do it.

    August 28, 2008 at 11:00 pm (10 years ago)

    Martin of made a good point to me once. He said that not every body who has a CISSP need to be technical.. some are managers, some are technical on crypto but don’t know anything about port security on a switch some do mostly personnel security.

    I agree with him.

  6. erica
    September 2, 2008 at 9:43 pm (10 years ago)

    Hiya! Updating my sites after 2 years lol. Though I would drop in and say hiya! CISSP will be the next cert I do.. but it might be a while 🙁 Have a feeling I am going to work on Cisco and Voice. w0000t. Anyways… hope things are well for you!

    Erica (GirlGeekette)


Leave a Reply

Your email address will not be published. Required fields are marked *

Comment *