In this post, my goal is to provide feedback on my experiences obtaining the EC-Council Certified Ethical Hacker v9 (C|EH) certification. Although I passed the C|EH exam in November of 2017, I am hoping to provide useful information for those who are interested in achieving this certification.
While studying for the CompTIA Security+ exam, my company graciously provided a Plural Sight subscription (~$500). Within Plural Sight’s library, I found several courses on Certified Ethical Hacker 312–50.
I began to watch this series and really enjoyed how the instructors delivered the content. They thoroughly discussed each topic, but also were able to breakup the monotony with witty jokes and stories. In addition, the first video of the series provided instruction of how to setup up your own virtual lab.
For me, the Plural Sight C|EH course was a great start. However, I wanted some formal or virtual classroom instruction. So, I found a company that was advertising a C|EH class on Eventbrite and purchased a seat.
Since I had about one month before the virtual classroom instruction began, I continued with the Plural Sight C|EH series in order to be more familiar with the instructor lead virtual training. As the time neared to take the virtual classroom instruction, the red flags started appearing.
Based on the training provider’s literature, the provider was supposed to email basic information regarding the instructor’s name as well as the ability to setup and test remote connectivity to their virtual classroom. However, that did not occur.
After multiple calls and emails to the training provider, all of which were unanswered, I turned to EC-Council for assistance. This is where I learned that EC-Council provides the instruction themselves and only authorizes a few third-party training partners.
So yes folks, I got took. Ironically enough, I got scammed trying to take a Certified Ethical Hacker class. To add insult-to-injury, EC-Council informed me that I was not eligible to sit for the C|EH 312–50 exam without first attending an authorized C|EH training class.
Luckily, I purchased the virtual training with an AMEX card. After reporting the event to AMEX, they immediately credited my account and advised me they would take care of reimbursement from the third-party and that I was not to worry about this event any longer. Thank you AMEX!!
Once the money was credited to my AMEX account, my next action was to purchase the C|EH class from EC-Council. The concept of a vendor providing the training was new to me based on my past experiences taking Cisco training; where it was all taught by third-parties and not Cisco. I will have to chalk this up to a lesson learned.
From EC-Council, I purchased the iLearn package. This included a one-year subscription of iLearn Online Training, a six-month subscription of iLabs, e-courseware, a VUE AVTC Voucher, and a six-month subscription to Transcender.
Once the purchase was complete, EC-Council followed up with several emails that included detailed instructions on how to get started as well as how to redeem the vouchers for the different packages purchased.
The iClass portal is where all of the virtual lecture content is stored for on-demand play back. I enjoyed the instructor’s ability to deliver the content as well as provide stories pertaining to his hacking experience. The portal also provides the ability to take notes and launch the E-Courseware.
With regards to the E-Courseware, this material was housed on Vitalsource.com within the Bookshelf portal. I thought the material was well put together. If one is not familiar with the Bookshelf portal, it may take some time to get used to it.
Also, within the iClass portal there is the ability to launch the Module Labs. I really enjoyed the labs a lot. The labs were configured to where the student had multiple systems to hack against and not disrupt other students. In addition, the student can walk through the chapter lab with step-by-step instructions or go completely rogue and test what seemed to be hundreds of different security applications.
After I completed the C|EH course, on iClass, I used the Transcender voucher to register for my six-month practice test. I took multiple practice tests each day and I continued testing until I consistently scored in the 95% range. At this point, I used my last voucher and registered to sit for the exam.
As to the C|EH v9 exam itself, I found that it was not as challenging as the CompTIA Security+ exam. I felt a little let down due to the fact that I thought there would have been some basic hacking simulations on the exam.
In talking with several veteran penetration testers, the lack of keyboard time seems to portray a negative light towards the C|EH within the security community. Although, I have read that the new C|EH v10 exam has a practical component and hopefully this will address some of the lukewarm acceptance of the C|EH certification among the security community.
In closing, I hope that sharing my experience helps provide useful information to those who are seeking the EC-Council C|EH certification. In addition, if you do not already have the CompTIA Security+, I would recommend completing this shortly before or after completing the C|EH exam.
