Tuesday, 18 January 2011

CEH and Security+ Certifications

Over the past week I took (and passed) the Security+ and Certified Ethical Hacker (CEH) certifications (two more to add to my increasing list of certs).

Here are my thoughts about both exams.

Certified Ethical Hacker CEH

This was reasonably good exam, and passing it shows that you know something about IT Security in relation to hacking and countermeasures.

I found this exam easier than I expected (but having been on the Pentesting with Backtrack course, I guess anything in this field would seem easier).

The most interesting questions were around interpreting logs of hacker activity, and assessing what had been done or attempted. Having actually performed these attacks myself, I found it straight-forward, but interesting.

(I finished the exam in around half the time allowed, with a high passing score)

What does CEH prove?

  • A reasonable knowledge for attack vectors, and some tools (though you don't need to be an expert hacker by any means)
  • Knowledge of command line options, and interpretation of output, for various tools including
    • tcpdump
    • snort
    • nmap
    • hping
  • Understanding of various reconnaissance and scanning methods
  • Knowledge of several hacking techniques and methodologies
  • A good working knowledge of Wireshark and networking protocols
  • An understanding of DoS, rootkits and trojans

What doesn't it measure that I feel it should

  • Ability to use these tools in a real world environment
  • Ability to perform a penetration test, or defend a network

I would say this exam is focused more towards incident response teams rather than ethical hackers or penetration testers, but I enjoyed it, and would say that it was worth taking.


This exam was disappointing as I found it far too easy. Very much an entry level exam.

What does it prove?

  • A very general understanding of basic IT Security principles and networking protocols
  • Not sure other than that...

What doesn't it measure that I feel it should

  • Far too much to mention (I really don't think it measured my skills or challenged me)
I'm not sure who this exam is aimed at, perhaps IT staff who are taking their first steps into IT Security.

In Summary

CEH is a reasonable exam to prove a basic understanding in incident response, hacking, and network security. I would say this exam is worth taking, though certainly not as in-depth as something like OSCP or CREST.

As for Security+: If you are thinking of taking, or hiring anyone based on Security+; I would say look at other certs as this one is very much entry level.

My recommended certs

For all the exams, courses and certifications I have taken so far, I would most recommend the following based on their difficulty, value to a company, and ability to measure a person's skills and knowledge.
  • CISSP - For a very broad reaching view of IT Security
  • OSCP - For it's technical depth, and understanding of attackers
  • CISM - To help match IT Security to the needs, and risk tolerance, of a business


  1. In your recommended list, did you mean "OCSP" or "OSCP" ?

  2. OSCP (fat fingers on my Dell mini10)

  3. Congrats Ben, keep up the good work

  4. Hi, I need to ask you few stuffs related to certs, Kindly shoot an email to rafaybaloch@gmail.com.

    Warm Regards,
    Rafay Baloch


  5. "Nice post. You just post the right content i was searcing for. Good Job. CEH Course provide hands-on classroom training to scan, test, hack and secure systems and applications.


  6. Thanks for sharing your post. This information very helpful and good looking blog. You can also visit on : Ethical Hacking Training Institute in Delhi