

Which pentesting certificate is worth it? - rolisandor
http://blog.peerlyst.com/penetration-testing-certifications/

======
herghost
Completely agree with the whole assessment. I once requested to do the SANS
course (on my company's dollar), and they declined based on cost, but offered
me the CEH as an alternative.

Since it was still on their dollar I sat the course.

The syllabus was effectively "here's a bunch of FOSS hacking tools that you
could use. Here's a lab manual that's a sort of 'Dummies Guide To...' a
handful of them. And here's a really high level 'methodology' you might use".

Interestingly there were people on the course who had never used a non-Windows
machine, or a command line before. This wasn't a problem.

I learned absolutely nothing new from the course. I could have sat the exam on
the way in and got a broadly similar result as I had on the way out. I learned
nothing about "hacking", I learned nothing insightful about network, computer,
or application architectures, there was no discussion about protocols, shells.
Nothing about the fact that "hacking" is hard work, heavy thinking, and
ultimately clever exploitation of subtle problems born from deep, hard-earned,
studious understanding of something.

But yeah, it's a post-nominal, and it gets me through a surprisingly high
number of HR sifts, so I leave it on my CV. At no point have I ever made any
suggestion to anyone in the industry that it's worth a jot, though.

