The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, and Microsoft training courses free for a week.
Learn More ❯

Interview: Passing the Certified Ethical Hacker Exam

The CEH has become increasingly desirable since its launch in early 2003. Find out what you need to know to add it to your resume.

Interview: Michael Gregg
Author: Certified Ethical Hacker Exam Prep 2

A typical computer is attacked every 30 seconds by hackers, identity thieves, and assorted viruses technology experts say. Businesses face a constant challenge against "would be" hackers from both inside and outside their organizations. A web poll conducted by Sophos, found that 58 percent of respondents receive at least one phishing email every day. It is a sad but true fact that financially motivated attacks continue to increase as hackers look for ways to generate revenue from their illegal activities. This is why GoCertify has taken time to discuss with Michael Gregg, CEH, and author of CEH Exam Prep 2 what he thinks about the CEH certification and how one may best prepare for the exam.


GoCertify: Why did you write this book?

Michael Gregg: I wrote this book for a couple of reasons. First, I wrote this book because I know that not everyone has the time or money to attend a boot camp or a series of security classes. For those that are interested in gaining the certification without attending a hacking class, this book offers them a path not previously available. Even for those not contemplating taking the exam, this book can be a great tool to help them learn better security techniques and the methods used by attackers to breach networks and systems. I think you would agree that there is a big need for security awareness.

Second, I wrote this book to help those that have attended a hacking class or are preparing to attend one. No matter how good the instructor is or how much lab time you get, these classes are still typically only a week long. This book will help those individuals prep for the exam and can be used as a step-by-step guide to reinforce the methodologies used by hackers and their legitimate counterparts. No matter who is paying for the exam, your company or yourself, you are going to want to pass the first time!

 GoCertify: What is the CEH and who is it for?

Michael Gregg: The CEH (Certified Ethical Hacker) certification is for individuals who want to learn more about the hacking tools and techniques used by the real hackers to attack business and governmental networks. The certification is sponsored by the EC-Council www.eccouncil.org. It is designed for individuals who are tasked with reviewing an organization's security posture, identifying potential vulnerabilities, and providing recommendations as to their elimination or mitigation. While CEH classes are open to individuals with any level of experience; it's recommended that you have two years of security experience or more before you attend.

GoCertify: How is it earned (including costs)?

Michael Gregg: The CEH exam costs $250 and is available at authorized Prometric Testing Centers. Before calling Prometric, you will need to go the EC Council site and download and complete the CEH Exam (EC0-350) Application Form. Once this has been faxed back to EC-Council and approved, EC-Council will send you an eligibility voucher number which you can use to register and schedule the test at any Authorized Prometric Testing Center.

GoCertify: Why is it an important certification (and what does it cover)?

Michael Gregg: The CEH certification covers more than 20 domains and touches on all the primary security issues and concerns that an organization would have from physical security to firewalls, IDS, malware, to hacker techniques.

GoCertify: What kinds of jobs would someone with CEH certification qualify for?

Michael Gregg: I think that really depends. I did a search on Monster.com with the word hacker and got 43 hits while "firewall admin" returned more than a thousand. Anyone responsible for securing organizational assets can gain from this certification. Learning the tools and techniques is not only going to help the ethical hacker that has been tasked with finding the organizations weaknesses but also other security professionals and IT managers. As an example, everyone knows good firewall rules are critical but imagine when the firewall admin can actively demonstrate the security vulnerabilities from not implementing a specific rule.

GoCertify: What is the best way to prepare for the exam?

Michael Gregg: Practice, that's what I typically tell students and others I meet that ask about certifications. A certification only means that you passed the test. If that is your only goal, you are cheating yourself. To me, certifications are about gaining knowledge and expanding your skills. With technologies like VMware; it's easy to setup a variety of systems in your own home lab. These systems can be used to practice tools and techniques used by penetration testers. Also, spend some time checking out sites and resources like www.securityforest.com and www.metasploit.com. Finally, there are also a large number of sites that are setup on the Internet for the specific purpose to allow individuals to go through a series of hacker challenges. These labs typically progress from easy to difficult. One such list of sites can be found at www.firewall.cx/ftopicp-7271.html.

GoCertify: So, now that you have finished up this book, what is your next project?

Michael Gregg: After a business trip to China later this year and some pending security assessments, I will be starting my fifth security book. I'll be looking forward to coming back and talking to you about it later this year!