Ready to Start Your Career?


authors profile image
January 1, 2016
Which one is more highly valued? I would love some feedback from people in the field. I'm currently studying for my CEH and I will be grabbing OSCP soon enough Hi! I'm a Sr. IT Recruiter & MS Cybersecurity student. It really depends on how the employer/hiring manager views certifications. In a recent study, cybersecurity professionals agreed that the CISSP certification has the most value: All other certifications were a dice roll. I advise completing these certifications for educational purposes, especially if you are in the midst of a career change. Learn python, and consider a career training program like HackEd: Invest in yourself first and foremost, and it will show in the interview. Well if you're goal is to become a pen tester, I would go for the OSCP. The CEH will grab the attention of government agencies and some HR folks, but for true security folks, OSCP holds more credibility. From what I have seen, the CEH exam is tackles pen testing from a 10,000ft view, covering all topics of pen testing an inch deep and a mile wide. In my opinion, the CEH gets you familiar with all the tools of the trade, but doesn't get too deep in application. The OSCP and other certifications from Offensive Security are very hands-on and you'll have to prove your knowledge in application. So to me and from what I have seen from other security guys is academic (CEH) vs. application (OSCP). That being said, like it was said above, it depends on the view of the employer/hiring manager. The CEH is more commonly known, and has "Hacker" in the title, non-technical people tend to know about it, but its a damn multiple choice test help by a company that has had their site hacked numerous times recently, and also audits the people who do really well, insinuating that they must have cheated, and therefore wont award you the certification unless you pay extra money to go through a legal rigmarole. The OSCP is well known amongst actual pen testers, and is held in a higher regard, as the only way to earn that certification is by actually performing all the phases of a penetration test, to include the report at the end. Realistically, it comes down to what your end goal is, and which would benefit you more in the short term. Personally, I gave up working towards the CEH and went for the OSCP instead. thank you all for educating me, wonderful contributions. I have held the CEH certification but tossed it as it truly does not prove whether you are actually capable to perform a penetration test or not. OSCP is a practical exam and is said to be quite hard, so if you pass that, then you have proven both to yourself and others that you have pentesting skills. great guys good valued information for some one going towards that direction.THANKS CEH is the High School Diploma of pentesting and the OSCP is like a Master's Degree. how much the course fee in ($) effect will come if you comparing these two course For OSCP youll be spending about $1200 for 90 days lab use and Exam. Most people endup using more and take the exam multiple times. CEH you really don't NEED to take a class if you have the relevant experience. As mentioned, OSCP is the one that proves the skills as Pentester. Currently not a lot of people on HR are familiar with it, but if you go for pen-testing jobs, definitely PMs that are tech savvy they know the value for OSCP. At the same time depending of your market you will need others. Currently I have CEH and is a eye catcher, CISSP is a must, but those two with OSCP you are lock in, for many jobs with the Government. The one certification is for talking about stuff, the other is for DOING stuff. IMO, OSCP is more valueable as the way it conducted the exam and you learn to build your way thinking as hacker / pentester, as you need to write report on how the exploit bee performed and what is the step to seal the loophole. Whereas CEH is just more like introducing you to hacking concept and the tool usage for each step of hacking activity. Sadly, OSCP dont have enough marketing and is not that well known. CEH is under ECCOUNCIL, they spend much on marketting and getting buy in even for US DOD. but after have taken those certification you really know how to do things or it's still for a didactic level ?? There is also EC Council ECSA (Security Analyst) and LPT (Licensed Penetration Tester). For ECSA you will have to pass Challenges by hacking into Lab environment y a "capture the flag" kind of thing. Then present a report. After you pass the Challenges and the report is approved, then you receive a written exam voucher. CEH its better, and its most requested in a new job opportunity The big issue here is where you are going to work and what you want to do. CEH would be good if you want to learn terms and also learn about hacking in general. Learning this stuff does not make you a pen-tester. I have my CEH and I had no real idea what I was doing. I have since taken the OSCP and it is a crazy course. It teaches you practical skills and the exam is no joke. You can't use a brain dump or just go into it knowing you will pass. Hacking is a mindset and therefore you need to be able to adjust on the fly. If you can do this and you did your work in the labs then you will be fine. Short answer is: CEH for government work (DoD status) and OSCP to really learn what you are doing on a red team. If it's for strictly learning and improving pentesting skills then OSCP is way better than CEH. I have CEH, and it's a high-level approach to pentesting tools & basic methodology. You learn the basic concepts, but I think it's a joke cert. I only got it because my company paid for it, and it's good eye-candy for HR people. OSCP is very hands-on, and you get graded based on your practical application of the skills instead of just a simple multiple choice exam. **TLDR**: CEH is very high-level/conceptual (not worth it IMO), and HR loves it because of EC-Council's great marketing. OSCP is very hands-on and practical, you will truly gain many skills if you can attain it. Thanks for this topic. I was going into CEH and this thread convince me to go OSCP instead. Is there any good training/book/lab I could take to practice before buying a 800$ for the exam ? Also there is a step further after OSCP which is OSCE (Offensive Security Certified Expert). is this also worth it ? Thanks
Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry