Certified Ethical Hacking and Informatics?

http://www.mb.com.ph/issues/2005/05/01/INFO2005050133854.html

I just finished reading "Computer Forensics" by John Vacca, and was thinking about trends for the IT security field.

I have seen many articles about ethical hacking, for example, and it seems that most all companies and governments are concerned about network security.

I was wondering about Informatics, (http://www.informatics.edu.sg/ipdc/hacking.htm).

I'm not sure, but I think that the course is only offered in Singapore, and the Philippines,and other southeast asian locations.

Last week, I had the opportunity to discuss with a group of high school students interested in the IT field, but their parents are concerned about tuition.

Of course, it seems most of them love playing video games, and want to go to DigiPen Institute of Technology and then get jobs making $50-100K USD producing video games. But I tried to explain playing games and making them are two different things.

I directed the students to this website for further information about all of their academic options.

Now I've been thinking what if some of those students didnt' get 4 year degrees, but maybe a 1-2 year certificate in network security at a technical college, then maybe took the ethical hacking, for example at Informatics, and then tried to get IT security jobs.

But I think that some hiring managers would see any hacking as a security risk. And I think that the CISSP certificate is only available if you have never done hacking. I may be wrong.

Also, really, to enter the IT field, one still needs some kind of experience.

Well, anyway, just posting this about Informatics and ethical hacking because it seemed interesting to me because it seems network security is a growing field.

 

A couple of things; informatics, at least in the states, means something else entirely. The post and or site is a little misleading (I didn’t want anyone to be confused).

Here is a great Informatics school :
http://www.informatics.indiana.edu/

Now, the class you were linking to is just that, a class. There is also a cert provided by EC-Council, which I hear is pretty difficult.

"Hacking" is only one portion of information security. To further elaborate, the corporate term would be something along the lines of penetration testing and defense. This is one very small portion of the needed skill sets for inforsec / IA.

The CISSP requires compliance with a code of ethics, which would very much go against hacking. Getting the CEH cert does not make you a hacker, not even close.

You are correct, network security is a growing field, however the faint of heart should stay away. It takes a lot of work, continuous improvement and a very strong base of experience / knowledge to even be considered for this career.

In the end, the CEH is a great add on, but it is not a cornerstone, it is merely garnish. You will get a good overview of the tools used by hackers and security professionals. This might not make you employable, just a script kitty - and maybe not even that.

 

Hey Scuba;

Just curious since it's on the same topic. Have you been able to find out any additional info regarding the Master of Security Science listed here http://www.eccouncil.org/mss.htm

I emailed the [email protected] to get more info, but I"ve yet to get a reply.

I plan to sit the CEH soon myself, but haven't set a date.

-Rob

 

Funny you should ask. I found out about their MS during some training around 18 months ago. I met a guy who took some of their training. At any rate, the MS is way behind schedule. If you look on the site, they mention problems with the D of Ed . . . figures.

I think it is an interesting move. They (EC) tried to pair up with some school (not listed) in order to marry their certs / training with grad courses for credit. Good stuff. We need more of that here in the states. EC has a pretty good name; I just hope they pair up with a good school.

I would not hold your breath on the reply (they can be slow). Let us know what you learn.

The CEH exam is more about the specifics of the tools (very detailed) than anything else. Be prepared and best of luck!

 

I hold several certs, and the main problem with the CEH is the tools can be dated and are constantly being updated/outdated. The CISSP is a cornerston in InfoSec/IA (at least in the eyes of HR). I checked out the ECC MSS, but I am REAL unsure. To give 15 Masters level credit for a cake test like the CEH is a joke. I think the only college i have seen that give credit toward a MS degree is Capalla, although I have seen some that will use it to verify experience for admission into a IA program.

 

Greetings Lou,
I *think* their plan was to offer courses at U of X framed around the classes EC already offered. I also assume one would use their text books (some as high as $140 US).

I have been told by some that the CEH subject matter is not all that "cake". I have not taken the test, however I know some who have. You are correct about the tools constantly changing, that is always going to be the case.

I think it is a step in the right direction for *some* schools to offer options such as this (not saying EC is the answer). Too often we learn a load of stuff at a school and yet this is not exactly what the industry wants. Adding some foundational certs to course curricula is a great way to round out a student / employee IMO.

 

I have the official study material, and it is a chore of memorization, but unlike some of the "bigger" certs like PMP, CISSP, CISA,and CCIE it doesnt require a understanding of why, just the end result. But I agree, maybe cake wasnt a great term to use.

I would love to see Graduate programs that take in account certifications and work with them. I would persue a ECC program if it was offered at a accredited school though. I did read the program they posted and it does seem like a very technical MS program which is great!

 

I have the forensics book and an electronic copy of the CEH stuff. It is a ton of information.

I still need to plan out the CISSP, the PMP was stressful enough. I spent seven months studying. The cert, as you know, isn't about the test - it is about the preparation and what you learn from it.

When I finish my MS, I would like to take the exam 2 -3 months later.

 

If you need anything for you CISSP Id be very happy to help! The website www.cccure.org has a great study database of questions that i used. I was a 5-6 month study for me and it was pretty tough, but doable.. I used the official "yellow brick" book and the Passport book from Shon Harris. Good luck, I am looking at Capitol now and plan to start in the fall...

 

I agree 15 Masters credits seems odd. Actually the 120 Credits for a Masters on their website is in itself very strange. What MS program requires that many credits? I assume if/when they hook up with a school that those types of details will change.
-Rob