Wednesday, June 4, 2008, 07:45 AMWork sent me on the EC-Council Certified Ethical Hacker course the other week, at quite considerable expense. I was looking forward to it - the outline of the course that I was given certainly looked comprehensive and I hoped to learn a great deal. I was even considering forking out the $250 for the examination myself.
Well having taken the course, I'd now be wary of employing anyone who thought it was worth the cash to get certified. The material was five years out of date and littered with factual errors, many so bad they were funny. The course consisted of a week long death-by-powerpoint and the three phone-book sized course books were just a copy of the slides. The breadth was enormous but the depth really shallow, and I didn't really learn very much. The course presenter was, to be fair, in better command of the facts than the course material but nevertheless consistently made basic errors. He rounded off the experience with misogynistic "jokes" and anecdotes - yes, this is the IT industry, but it's also 2008 not 1978!
One particular pearl I have to pass on. One of the 3000 slides was on vulnerability scanners - software that can scan your computer systems and report any potential security issues with them. One bullet point on this slide mentioned software available for Linux. The software? SANE! Yes the software for scanning and digitising images of bits of paper. It even mentioned parallel and USB scanners! A bit of Googling revealed that someone had simply searched for "Linux scanners" and cut and paste the first bit of text they'd found.
I can safely say that it is the worst course I've attended. Ever.