In 2019 I started exploring Offensive Security as a change in career as I have spent the majority of my career in development, DevOps and Consulting.

The skills gather over my varied employment at Marketing, Post Production and Games organizations gave me an extensive knowledge base to fall back on. Since moving into consulting in my day job at MongoDB I started exploring more security related topics.

I identified the EC-Council’s Certified Ethical Hacker (CEH) course as my first certification in Cyber Security as I was much more interested in the Offensive side.

CEH

In 2019 I started working n the CEH content in my spare time using the Pluralsight videos for CEH Prep. The content was extremely detailed but my lack of focus meant I did not create sufficient notes and never did commit to completing the content.

During the pandemic in 2021 I signed up for the official CEH Course at EC-Council, and started working though the complex topics on a regular basis.

CEH - Theory

I signed myself up for the Theory Exam for May 2022. The exam is a 4-hour 125 multiple-choice questions.

During my preparation for the exam I signed up for some mock exams and I quickly realised the multiple choice answers were very close to each other, not like some of the more obvious choice you may encounter in other certifications.

Here is an unrelated example:

Identify this color

1. Iris
2. Amethyst
3. Orchid
4. Middle Purple

Yes I agree it looks purple to me… and yes this is Iris

About one week out from the exam I took 4 days off and spent it doing extensive revision and studying.

On the day of the exam I was nervous as expected, but working my way through the exam I got to the end and was rewarded for my efforts with a Pass.

CEH - Practical

Once I passed the Theory part of the certification I started working on the lab provided by EC-Council for the practical exam preparation.

The content provided was good, although I did feel like the tools that was mostly used was Windows Based tools.

I scheduled my exam for August 2022, after which I would attend DefCon 30 (I won a content to attend). First I needed to pass my exam…

I spent every moment I was not working on the course material and once I completed the materials I completed all provided labs.

On exam day I was extremely nervous as I did not know what to expect. 6 hours to complete 20 rigorous challenges, that range the spectrum from Port Scanning, malware, trojans and communication protocols.

My nerves meant I miss read the first question and lost a large chunk of time, and decided to continue with the rest of the challenges and revisit challenge one.

As I progressed through the challenges I started gaining confidence and once I completed all the challenges I revisited the first. On the second and third read of the question the solution was quote clear to me.

Once I submitted the challenges I was again rewarded with a Pass

CEH - Master

Upon passing of both the Theoretical and Practical Exams I was awarded the CEH Master Certification.

I found the CEH a good option to support my change in focus for my career. I believe existing knowledge I had helped me immensely, but the course provided me with the vocabulary and guidance to focus on the security of systems.

Master	Theory	Practical

Conclusion

Sometimes the CEH do get a bad reputation, but as a helping hand to make changes in career it can be a great tool.

I subsequently advanced further by signing up for the Offensive Security Certified Professional course, and pass that, but more on that later.