Ethical Hacker Certification

[Summer_breeze]

Hi all, i think the whole idea about getting certified is a recognizion of certain skill level.
And all these certification bring to one purpose:- Better job perspective

I mean, i don't need any certification to be in the security field, but it certainly make the path
a lot smoother if i get related cert, related job experience and neatly ironed shirt.

I did CEH sometime back, i think it is an overview of hacking process and it does
provide to some extend some fun stuff you can do at ur own computer. But they discourage
people to try those we learn on those systems that doesn't belong to us.

Until now i still haven't sit for the exam. One of the reason is: i can't bring myself to remember all the nmap option. As i rely a lot on the /? option.

[thehorse13]

Okay, so here is a question then. According to some in this thread, certs are a waste of time as opposed to experience. Aside from waiting and working in the industry for 10 years so that you have time to see a lot of stuff, how does one a) gain knowledge and experience without being a black hat, and b) gain acknowledgment of that knowledge?

Well the first thing you need to do is read a little more carefully. I specifically stated that *ONLINE* certs are worthless and industry certs are not a true reflection of a person's skill or knowledge related to real world environments.

Now, to answer your questions:
a) There is no other way. Time is a requirement for learning. That's why it's called experience. Also, labeling yourself as a black hat, red hat, ass hat or any other hat won't make a difference either. Simply put, if you want knowledge, invest the time. Period.

b) You'll gain acknowledgement when you perform at your job *AND* when you begin to produce programs, tools, tutorials and joining industry groups where your name will get out when you present your custom solution to a complex security problem. More or less, when you start doing things that benifit others and/or solve problems that others can't, you'll quickly see that you will get all the recognition you'll ever need. Make sense?

[lepricaun]

i agree with thehorse13, but i also think that "hacking" experience can be achieved by setting up your own server (or even better, do it with a couple of friends) and try to hack eachothers servers specifically set up for this purpose. this way you can exactly see where log files are stored by several loggers, try out exploits etc... WITHOUT having to do anything illegal...

of course it will take more time, since you also need to set up the server, not only hack it, BUT also this will give you experience and knowledge...

a friend of mine is setting up a server as we speak, just for this purpose... nothing illegal about this and a lot of fun!

[drgn_lvr]

Well the first thing you need to do is read a little more carefully. I specifically stated that *ONLINE* certs are worthless and industry certs are not a true reflection of a person's skill or knowledge related to real world environments

Sorry if you took what I said personally, but I was not singling anyone out. The general discussion seemed to be debating the worth of certifications in general, not just online ones. And yes, I do understand that time is the best teacher, but I more specifically meant was that the training you receive (or studying you might do on your own) seems a good way to gain a certain amount of knowledge faster that you might learn it otherwise.

For example. I was just promoted within my company to a security analyst. I like this field, and want to get serious about it, both for professioanl reasons, as well as personal ones. But by the time I get OJT sufficient to make me an "expert", the field will have moved on. If I want to increase my knowledge and credentials quicker, a good cert program might do the trick.

[LeeBkr311]

Again this long-winded discussion has come back to say that the true key to success as in most things is balance.

[thehorse13]

Sorry if you took what I said personally

This is AO, I take nothing personally.

[drgn_lvr]

Noted, thehors13.

[yuvraj]

Well people you might think i m wrong. But You dont get anything by certifying yourself with a certificate on hacking. If you are a true hacker then certification never matters, its the work that matters. 10% ppractical work is better than 90% theory.

[lepricaun]

but that doesn't pay our salary at the end of the month, the theory does

[LeeBkr311]

Very true, lepricaun.
Without any certs. but still having years of experience you may get a job in the field and know more then the lastest fresh out of school new-hire but I garuntee that the one with certs. got a higher starting pay! Unless they had ZERO experience but many programs (CCNA, CCNP, etc.) require hands on experience when you take the course