Pentest+ vs. CEH

Steve Linthicum

Well-known member
  • Jul 31, 2019
    363
    4
    627
    28,771
    Oceanside, CA
    slinthicum.edublogs.org
    Wanted to share with you a comment I made to the president of an educational institution that relates to the CompTIA Pentest+ certification. As you might expect, I'm of the opinion "Certified Ethical Hacker" gets a boost because of the certification title. But I think that is where the advantage ends. In today's email to him I said, "we need to talk about Pentest+ as an alternative to CEH. For background, see: https://resources.infosecinstitute.com/pentest-plus-vs-ceh/#gref".
     
    Wanted to share with you a comment I made to the president of an educational institution that relates to the CompTIA Pentest+ certification. As you might expect, I'm of the opinion "Certified Ethical Hacker" gets a boost because of the certification title. But I think that is where the advantage ends. In today's email to him I said, "we need to talk about Pentest+ as an alternative to CEH. For background, see: https://resources.infosecinstitute.com/pentest-plus-vs-ceh/#gref".

    Also check out this cool infographic! https://certification.comptia.org/docs/default-source/downloadablefiles/05848pentest-infographic.pdf
     
    If you go to the following link: https://community.infosecinstitute.com/categories/pentest+, you will find forum posts from a website, TechExams.net, that merged with infosecinstitute.com a while back. When the beta exam was active quite a few members of that forum took the exam and compared it to the CEH exam. One thing that I think was interesting is that a few felt the Pentest+ test was harder than the CEH.
     
    If you go to the following link: https://community.infosecinstitute.com/categories/pentest+, you will find forum posts from a website, TechExams.net, that merged with infosecinstitute.com a while back. When the beta exam was active quite a few members of that forum took the exam and compared it to the CEH exam. One thing that I think was interesting is that a few felt the Pentest+ test was harder than the CEH.

    A colleague here said the same thing about PenTest+ being more difficult than CEH. I was asked recently if I had CEH on my list, and I flat out told the individual that I've been doing national security cyber and infosec for 15 years and had absolutely no intention of putting it on my list. I have a lot of strong opinions about the over pendulum swing towards offensive cyber. It's one of the reasons I was excited about the CySA+. There are simply too few accessible defensive certs.

    I like the fact that CompTIA has taken the holistic approach and especially the stackable that says "good cyber isn't just offensive, it's understanding both sides." It's a positive strength to the overall approach.
     
    Wanted to share with you a comment I made to the president of an educational institution that relates to the CompTIA Pentest+ certification. As you might expect, I'm of the opinion "Certified Ethical Hacker" gets a boost because of the certification title. But I think that is where the advantage ends. In today's email to him I said, "we need to talk about Pentest+ as an alternative to CEH. For background, see: https://resources.infosecinstitute.com/pentest-plus-vs-ceh/#gref".
    Steve, thanks for the resource!
     
    I saw some recent statistics that showed CEH, from a job search perspective, was one of the most mentioned cybersecurity "keywords" out of all the cybersecurity certifications listed in job postings. That much doesn't surprise me given it's longevity. However, I'm of the belief that PenTest+, overall, is the better of the two.

    1. CEH is much too large to teach in the traditional 5-day format
    2. CEH is too expensive
    3. CEH exam is too easy
    4. CEH doesn't have performance-based questions

    On the flip-side, PenTest+:

    1. Is more teachable in a 5-day format
    2. Has performance-based questions
    3. Is considerably more affordable
    3. Teaches actual penetration testing processes and methodologies whereas CEH is more like Security+ Part 2.

    I think, given some time, PenTest+ will catch up with CEH in terms of market penetration.
     
    • Like
    Reactions: Lee McWhorter
    I saw some recent statistics that showed CEH, from a job search perspective, was one of the most mentioned cybersecurity "keywords" out of all the cybersecurity certifications listed in job postings. That much doesn't surprise me given it's longevity. However, I'm of the belief that PenTest+, overall, is the better of the two.

    1. CEH is much too large to teach in the traditional 5-day format
    2. CEH is too expensive
    3. CEH exam is too easy
    4. CEH doesn't have performance-based questions

    On the flip-side, PenTest+:

    1. Is more teachable in a 5-day format
    2. Has performance-based questions
    3. Is considerably more affordable
    3. Teaches actual penetration testing processes and methodologies whereas CEH is more like Security+ Part 2.

    I think, given some time, PenTest+ will catch up with CEH in terms of market penetration.

    Nick, I agree with your assessment. On another note, I wanted to share the article I wrote a while back that discusses the challenges associated with authoring technical books in a world of rapidly advancing technology. See http://certmag.com/old-data-technical-textbook-dilemma/

    Hopefully (although I doubt it), the financial rewards make authoring a financially rewarding effort for you.

    Steve