EC- Council’s Certified Ethical Hacker
, currently version 9, is one of the most in demand certificate out there. People mostly have a varying viewpoint on how good is CEH and if anyone should do it at all. But in any case it does not change the fact that the certification is valued around the world and is also one of the most popular ones.I graduated in July 2016 – Bachelor of Technology, in Computer Science and after a lot of thinking I came to conclusion that I needed it for career advancement so I went for it.Training was 5 days long and after taking another 15 days to prepare I passed my exam on 26th August 2016 and here is a comprehensive guide to anyone who is preparing for it or even thinking about it.NOTE
– before we get started, I want to emphasize
on the fact that a certification does not guarantee that you know more than a person without one. What it definitely does is, make you stand out of the crowd because even to prove your worth to the interviewer, you need to make it to the seat across the interviewer.Who should go for it?
I found there are mostly two types of people who go for CEH.
- People currently doing job - want to come into the cyber security domain / become a trainer / looking for a better pay grade.
- Students who want to stand out of the crowd and have a better credibility when it comes to job interviews.
CEH is not an advanced certification or a highly practical one and no one will ask you to break into a system in a given time.What will be required of you is that you are conceptually sound. And for this reason you should have some background in information security. By that I mean, you should be familiar with the basics.In my case, I had computer networks, information security & cyber laws and digital forensics
as information security related subjects in college and I really dug deep into them which gave me an edge.Before enrolling it is highly advisable that you gather as much theoretical knowledge as possible.There are multiple CEH books available but I strongly suggest that you read the certification study guide by Sean-Philip Oriyano, the book is as simple as it can possibly be and if, after doing your part, this guide doesn’t makes sense to you, you need to stop right there. This book is right from the very basics and you really need to invest time in this before going for CEH. Not to mention that it is immensely helpful from exam perspective.Another option is to check out the Network+
and Security+ courses
from Comptia. They are very extensive and most probably will give you the foundation you need.Additionally lot of good resources can be found on Cybrary itself, a big shoutout to the Cybrary team for that. TRAINING
I had knowledge of all the concepts of CEH before enrolling and I just wanted to do more and more practical and to hell with theory. And this is where I was wrong.The name and cost of the certification may give you a wrong idea. The main thing is THEORY
.You need to keep in mind that CEH is only a starting point, a basic certification and opens up doors for multiple domains, technical and a bit less technical.And for this reason theory is of utmost importance. You will be asked questions on tools, ethics, management and even a bit on morals (I know right?).In the training you are expected to learn about multiple concepts but not necessarily go deep into them. One can say it’s horizontal learning instead of vertical.The courseware will have 3 books – a lab guide and 2 course books which are nothing but a collection of screenshots, better to download the E-book from ASPEN portal and read from that. The lab guide though I found it pretty useful if you are serious about practical and want to do on your own. Keep in mind that in the training, for one topic, it’s not possible for instructor to use all tools for demo, you will learn to use a popular one and rest you can do on your own via lab guide.Training is of 40 hours, so it’s quite fast paced, precisely why I wrote the PRE-REQUISITE section.So in a nutshell, in 40 hours you will learn theoretical concepts and will be given demo of some of the most popular tools used for each topic. PREPARATION
Starting from the exam guide itself, you need to know everything that’s in there.Coming to the courseware, well like I said before, the two books aren’t much use but the lab guide is certainly very good for practice purpose and make sure you know about as much tools as possible given in the lab guide.Once you enroll yourself, an account will need to be created on the ASPEN portal and from there you can download the softcopy of the books which surprisingly have more content than the hard copies.This will cover up all the theoretical content there is in the syllabus.BUT
This isn’t your regular academic exam and hence you will have questions that are not covered in syllabus, therefore gain as much knowledge of the information security domain as possible.For example, in my exam, I had questions from subnetting and Access control lists which is CCNA territory. Lucky for me, I got myself CCNA certified last year and was able to nail those questions. Then there were a few on digital forensics and biometrics which I had read in my college time so that wasn’t a problem either.So again, the point being this isn’t a test of your syllabus, information security is a wide domain and you need to know as much as you can.The easiest way to do so, apart from reading what’s happening in the world, is to practice as much as you can.I used skillset, for practice questions, and they were quite helpful. No need to go for paid plan, the free one is more than good enough. THE EXAM
You get 4 hours for 125 questions which include questions based on tools, scenarios, deduction, commands etc. all multiple choice with no negative marking.If you were thorough with the courseware and exam guide you should be able to answer anywhere between 85-90 % questions. Rest depends in your background knowledge – stuff that isn’t in the syllabus.For example, in the course you are introduced to metasploit. It is just an introduction, but in my exam I received a question which I was able to answer because I had previous experience with metasploit. A newbie stands no chance here.Lastly, CEH is not tough but can be a bit tricky. You need good understanding of the information security domain and this is why it is better to take your time and know what you are getting into. CONCLUSION
So I sincerely hope by now, you have a pretty good idea of CEH. Before going for it, I had a plethora of doubts but hardly anyone to answer them, therefore I genuinely welcome any doubts that you might have.twitter - @kartikpanwar_07