tags:

views:

605

answers:

6
Q: 

Is obtaining CEH certification Useful

Hi StackOverflow,

My friend and I were arguing whether having Certified Ethical Hacker certification (CEH) is useful for a developer. It would be interesting to know the opinions that StackOveflow users have on this topic.

Here is our question:

Would obtaining CEH makes a difference for a developer (a recent university graduate) when looking for employment considering that CEH is “for an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a hacker”?

+2  A: 

I would think that, if any prospective employee saw the word 'hacker' on a CV, they'd immediately forget the word 'ethical' and bin it, greatly reducing your chances of employment.

Remember that the techs who may understand what that means (and even I thought at first it might be taking the mickey) are not the first people that see your CV. You have to navigate through the employment agency, then management and only then will your CV be seen by techs. I suspect you will fail at the first hurdle.

paxdiablo  2009-04-07 06:20:04
+2  A: 

From a security industry point of view CEH is useless and every respectable security company out there is aware of that. Not that CEH got a terrible curriculum it's more about how easy to get it, there so many out there go CEH but no clue about security. But still it won't hurt, it's a tiny little plus.

As a development company I'd personally like to see CEH in a CV especially if you are going to work on security related/required software. Having CEH means you thought of security and understand what is it about. Unfortunately there so many developers out there they just code and design without thinking about security at all. CEH means at least you are not one of them. So again I think it's a nice little plus.

BTW, If a development company thinks hacker is a bad word, you better not get that job, it's bound to suck. (although Pax mentioned that it'll be a problem before a techie sees it. I understand but it shouldn't be a problem unless you after companies with big size and lots of bureaucracy)

dr. evil  2009-04-07 06:46:26
+1 `If a development company thinks hacker is a bad word, you better not get that job`
Rakesh Juyal  2010-05-02 18:35:56
A: 

The EC-Council Certified Secure Programmer might be more appropriate for a developer...

http://www.eccouncil.org/Course-Outline/ECSP.htm

 2009-04-07 07:06:36
didn't know that exist. Does it suck as well or better than CEH?
dr. evil  2009-04-07 08:24:42
I've yet to read negative reviews on CEH or certification by EC Council, so I might not be the best guy to ask
 2009-04-08 01:51:12
Oh...I'm also the other guy, maxyfc is "arguing" over this matter...LOLI was looking at CISSP (harder) or SSCP (easier) and then I revisited CEH and suggested to maxyfc that this might be the "tiny little pluses" in this competitive market. Ultimately its just an added knowledge and skills...
 2009-04-08 02:11:04
Glad to get more opinion and pointed out that CEH may be crap...found some other interesting comments by searching "CEH is crap":https://forum.defcon.org/archive/index.php/t-9091.html
 2009-04-08 02:13:43
A: 

http://www.infoworld.com/d/security-central/certified-ethical-hacker-credential-proves-nothing-510

'nuff said.

securityresearcher  2010-06-29 02:54:41
A: 

https://forum.defcon.org/showthread.php?t=9091

(yep, direct from a DEFCON forum where they ARE hackers and not some stupid commercial company claiming their certification is going to make you a hacker)

me too  2010-06-29 02:59:04
A: 

http://www.amazon.com/Ethical-Hacking-EC-Council/product-reviews/0972936211/ref=cm_cr_pr_redirect/175-8748153-9176517?ie=UTF8&showViewpoints=0&filterBy=addOneStar#customerReviews)

(the amount of industry disdain for this so-called "hacker certification" make me laugh!)

me three  2010-06-29 03:02:05

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security