The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, and Microsoft training courses free for a week.
Learn More ❯

Interview: Matt Walker, Author of CEH Certified Ethical Hacker All-in-One Exam Guide

We've read plenty of certification self-study guides that are quite good at preparing people to take an exam. This one is too, but it stands out in several ways: it's not a mile thick, and it's definitely not boring. Even if you're not planning to take the CEH exam, consider reading this book just because it's packed with interesting stuff.

Matt Walker, CEH, CPTS, CNDA, CCNA, MCSE
Author Matt Walker
(looking his most ethical)

The Certified Ethical Hacker (CEH) credential, which is offered by the EC-Council, is built on the precept that the best way to prevent hackers from breaking into a computer system is to know how they would go about it, and the best way to do that is to become capable of doing it yourself.

Although the EC-Council really wants you to go through their course before you take the CEH exam, that's not strictly required. If youre the do-it-yourself type or simply want to augment training youve already taken, the new CEH All-in-One Exam Guide written by Matt Walker and published by McGraw-Hill is just what you need.

Armed with knowledge gleaned from our social engineering reconnaissance, we tracked down the author and threatened him with a session of cheering on Auburn while drinking Pepsi - unless he gave us the inside scoop on the CEHv7. He buckled and spilled all.

Matt makes no bones about it he wrote this book to help people pass the CEH exam. He doesn't promise you can go from zero to employed CEH just by reading his book, but everything he could possibly include about the exam is in there, including the hands-on exercises necessary to convert theory into practice so you can do, and not just know. Here's what else he has to say about becoming a CEH:

GoCertify: What does someone need to know before starting to study for the Certified Ethical Hacker exam?

Matt Walker: Whether you're talking CEH, or or any other technology certification for that matter, you've just simply got to get the basics done first.I think most people probably spend too much time trying to learn the tools involved in 'hacking,' when they should really be concentrating on what the tools are doing. Want to succeed in CEH? Master basic networking terminology and function first. Things like understanding a 3-way handshake in TCP, what an MTU size is and why you would care, and how a switch decides which frame to send out of which port are all examples of basic networking topics you'll need to know. And don't forget the other side of the coin too - you'll need to know at least the fundamentals of how operating systems work and how applications function. I know none of this is exciting, but if you don't put the work in up front, you'll pay for it later.

Lastly, I firmly believe it's important to have a broad range of experience in IT. Spend some time working desktop issues, and learn how Windows devices talk to each other (and how they interact with the user). Get on to a data floor and learn how servers work. Find your twinkie-eating network guru and follow him around a network closet, to see how the devices are plugged together, where the wires run, and why it's all done that way. There is simply no replacement for hands-on experience, and if you're going to be successful long term, you'll need to know a little about all of it.

GoCertify: Are there other certifications that might be good to have first?

Matt Walker: I don't know that I'd say any of these are absolute requirements, but if you made me answer I think CompTIA's certs (like Network+ and Security+) are a good start for a newcomer to the field. And you can't go wrong with Linux certifications done along the way too: your pen test team will be made up of people with varying specialties, and your background might be the perfect fit.

GoCertify: What is the best way to get hands-on practice for the CEH exam while staying out of jail?

Matt Walker: In preparation for this book, I read and talked to a lot of people involved in this field. They were all over the spectrum, from politics and religion to sports and favorite places to eat (one guy told me he ate a cold hot dog for breakfast every morning, and another threatened to throw me out of his office when I told him drinking Pepsi was like rooting for Auburn - it's just plain wrong). But you know what every single one of them had in common, and the one thing I could always get a proud smile and an unending conversation on? They all had a home lab of some sort. Whether it was a bunch of VMs or a collection of machines and networking equipment cobbled together over a career, every successful pen tester had a lab that they spent time honing skills on.

Want to see the best way to 'Metasploit' your way past an Apache webserver? Load one up at home and start shooting at it. Want to see if a man in the middle attack would work, and whether the users on either end would even know it happened? Set up a couple machines and fire away. Sure there are labs you can buy space on, and if you're in school your professor should have something set up for you, but there is just no better way to do it than setting up your own lab.