Certification of Ethical Hacking...
(1) Certified Ethical Hacker
The Certified Ethical Hacker (CEH) is the broadest of all available certification options. The CEH exam is designed to test the cybersecurity professional’s baseline knowledge of security threats, risks, and countermeasures through lectures and hands-on labs. An experienced professional may sit for the exam without any training by submitting proof of at least two years of cybersecurity experience.
Managed by the EC-Council a significant benefit of the CEH certification is flexibility. The EC-Council has options for instructor-led training, video lectures, and self-study. These options are available online, and organizations have the option of contracting EC-Council trainers to conduct on-site training.
Even though many of the job listings for ethical hackers specifically require a CEH certification, it may not always be the best option. A major criticism of CEH is that because of the emphasis on lecture-based training, most of their hacking courses do not provide an adequate amount of hands-on experience.
2. Global Information Assurance Certification Penetration Tester
The Global Information Assurance Certification (GIAC) program is run by the SANS Institute, one of the oldest organizations that provide cybersecurity education. GIAC offers dozens of vendor-neutral certifications with courses that require hands-on learning. GIAC courses are held online. The company also sponsors white research papers that are provided to the cybersecurity industry without charge.
There are a variety of options to earn the GIAC Penetration Tester (GPEN) certification, but it is highly recommended that learners take the SEC560 course on Network Penetration Testing and Ethical Hacking from the SANS Institute; it is one of the most comprehensive courses on the topic and demonstrates that the certificate holder has received a good balance of theory and hands-on training.
3. Offensive Security Certified Professional
The Offensive Security Certified Professional (OSCP) is the least known but most technical of the certification options. Offered by the for-profit Offensive Security, it is advertised as the only completely hands-on certification program. Offensive Security designed the program for technical professionals “to prove they have a clear, practical understanding of the penetration testing process and lifecycle.”
Before considering the OCSP certification, understand that the coursework requires a solid technical understanding of networking protocols, software development, and systems internals, specifically Kali Linux, an open-source project maintained by Offensive Security. Most students enrolled in this training program will take the course online; classroom training is only offered in Las Vegas.
The OCSP exam is conducted on a virtual network with varying configurations. The test-taker is tasked with researching the network, identifying vulnerabilities, and hacking into the system to gain administrative access within 24 hours. At the end of the 24 hours, the Offensive Security certification committee must receive a comprehensive penetration test report for review. They will review the findings in the report and determine whether to grant the certification
