-
To ensure you get the most out of your CIN membership and stay connected with the latest updates, we are asking all members to update their community profiles. Please take a few moments to log in and: • Complete all sections of your profile • Review your current information for accuracy • Enter an alternative email address if desired (CIN requires your valid business email address for your training organization). Keeping your profile up to date helps us better serve you, ensures your account is correctly linked with CompTIA’s CRM, streamlines processes, enhances communication, and guarantees you never miss out on valuable CIN opportunities. Thank you for taking this important step! step!
Latest activity
Security+ and Certified Ethical Hacker Content Overlap
- By jasoneckert
- CIN Open Forums
- 14 Replies
I'll echo what @Gregory Childers said but add more of my observations and context.
Firstly, like it's name and objectives suggest, CEH is more comparable to Pentest+ than Security+ in topic focus.
Secondly, aside from one very biased internship host out east that only hires college grads with CEH, I've found that other employers just don't value EC-Council or CEH.
This makes sense to me because most employers pay for blue team skills - red team is more exciting, but to be honest, pentesting is an advanced skill that takes dedication and time, and only a small subset of cybersecurity workers will get to the point where they could make a living from it, or employ those techniques as part of the job. There are far more blue team job opportunities, and nearly every organization needs blue teamers first and foremost.
That's where Security+ comes in - it's a well-rounded certification that forms the baseline of what every IT professional needs to know today when it comes to both blue and red team concepts (with a bigger focus on blue team concepts). You can then evolve into CySA+ (blue team) or Pentest+ (red team), or CASP+/SecurityX if you want to be a CISO.
One more observation about CEH that I've had is that while some questions are new, others are flat out ancient history - I get the feeling they reuse a lot of older questions on topics and pentesting tools and processes that are long deprecated (it drives me nuts and is not something you'll find on CompTIA exams). It wouldn't surprise me in the least if I got a CEH question on these tools in my repertoire:
Firstly, like it's name and objectives suggest, CEH is more comparable to Pentest+ than Security+ in topic focus.
Secondly, aside from one very biased internship host out east that only hires college grads with CEH, I've found that other employers just don't value EC-Council or CEH.
This makes sense to me because most employers pay for blue team skills - red team is more exciting, but to be honest, pentesting is an advanced skill that takes dedication and time, and only a small subset of cybersecurity workers will get to the point where they could make a living from it, or employ those techniques as part of the job. There are far more blue team job opportunities, and nearly every organization needs blue teamers first and foremost.
That's where Security+ comes in - it's a well-rounded certification that forms the baseline of what every IT professional needs to know today when it comes to both blue and red team concepts (with a bigger focus on blue team concepts). You can then evolve into CySA+ (blue team) or Pentest+ (red team), or CASP+/SecurityX if you want to be a CISO.
One more observation about CEH that I've had is that while some questions are new, others are flat out ancient history - I get the feeling they reuse a lot of older questions on topics and pentesting tools and processes that are long deprecated (it drives me nuts and is not something you'll find on CompTIA exams). It wouldn't surprise me in the least if I got a CEH question on these tools in my repertoire:
