CEH vs. eJPT — Which One Should You Go For?
TLDR
They are so dissimilar, you really are not able to compare them. But just because something is not possible, doesn’t mean that you shouldn’t do it. So I will, and I actually am in this article.
I want to stress that I am expressing my personal opinion about these two certifications. I feel somewhat competent to do so since I went through the learning programs at the same time and took the exams on the same day. Experiences of other students with these programs may vary, so please take my opinion with a grain of salt and do your own research.
Why I first chose the CEH to get started.
My educational background lies in the natural sciences with a focus on data science. IT security-wise, I did a certificate of advanced studies in “Cyber Security” lately. Apart from enjoying a lot of hands-on material of IT security fails during the last years on my job, that was it.
What has been resonating with me for a long time is the concepts of ethical hacking and more specifically penetration testing.
But where to start? There are myriads of training programs and certifications out there. Most have more or less overlap with others. For a newbie like me, it was tough to choose.
I mean, look at this: https://pauljerimy.com/security-certification-roadmap/ The possibilities are mind blowing!
So I went off and asked experts I am lucky to know personally. The advice I got was to go for an OSCP and or SANS courses. After some research, I concluded these are certainly established benchmarks — albeit some of it obscenely expensive. I do like challenges, but this (retrospectively still sound) advice terrified me. It felt like someone telling you to go and learn how to fly in a fighter jet.
So I tampered it down somewhat. That’s when I came about the CEH. It felt manageable. It promised to give me a broad overview. And let’s be honest. “Certified Ethical Hacker” just sounds plain cool. Definitely cooler to most people than “eLearnSecurity Junior Penetration Tester”.
I was lucky to get a reasonably good Cyber Monday offer, including all you need to pass the exam. Or so I thought…
What was the learning Experience for the CEH like?
The learning experience for the CEH was somewhat mixed. I enjoyed the iClass videos. The lecture by Eric Reed gave a good overview.
The labs were ok. It is all very Windows heavy, which I did not like that much. But I’m well aware, this comes down to personal taste. What drove me crazy, was the sluggish remote desktop style of labs. Also, the labs were extensively step by step. This way they make sure you reach the finish line for each task, but in some places I felt a bit like a robot.
The platform they deliver their textbook on, is on the edge of being unacceptable for me. I’m suspecting they do this to make it more difficult for people to copy the stuff and give it to other people for free. While I understand their intention, I still would have preferred a simple PDF or an e-book. Or a real book for a change considering the price I paid? The e-reading platform is not very responsive, everything is somewhat blurry. The material itself consists of slides with text underneath. The explanations helped me grasp the concepts. Still, I hardly ended up using the platform because I simply disliked using it.
I took rather extensive notes, trying to put it down in my own words. This made me realize when I did not understand or was missing something. I enjoyed this part of the learning experience for CEH most.
Also, the notes came in quite handy when I was learning for the test later on.
After some time, I thought I was ready and went for some practice questions. While I was pretty sure that I had the concepts down, I was caught by surprise. The questions did not resemble what I was expecting at all, and I performed rather poorly at them. That was when the frustrating part of the journey began.
I started googling for experience reports, practice tips, resource recommendations. And I found really a lot.
What I also found lots of, were articles claiming that this was a breeze, it was so easy, they studied like 1 week and ended with a nearly perfect score.
And let’s just say, my initial results on the offical exam prep tool weren’t exactly great. This in turn motivated me to write the following article: “Cert X was way too easy!”
Anyway, I pushed through the frustration it but it was far from being fun. Having made myself accountable by telling others what I’m up to helped a huge deal in that situation!
What was the Exam like?
Here’s one of the FAQs on eccouncil.org I was not aware of shortly before the exam. I hope it helps you to have realistic expectations on what to get.
Will the test consist of material that was not covered in the training or courseware that was used to study?
All learning materials related to exams including EC-Council official courseware and trainings are developed independently of exam content. This is because the exams are created to assess competence when using the skills and knowledge, not the effectiveness of a specific courseware or training.
EC-Council strives to make available preparation material for topics measured in an exam. However candidates are required to check the exam blueprint and objectives prior to registering for the exam.
Note: Official courseware is recommended but not mandatory for an EC-Council exam and it does not guarantee that you will pass the exam.
I was surprised by that. Knowing this in time and adapting my learning strategies accordingly, I got to pass with a comfortable margin.
But was the exam fun? No, not at all.
Does it have to be? Not necessarily.
Would it be better if it was? Of course, which leads to the next chapter.
Why I added eJTP later on.
In the beginning, terms like offensive security, ethical hacking and penetration testing were all synonyms to me.
In the process of studying for the CEH I realized that, if you ask around, this is not true. I also realized that what I actually wanted to learn was how to get my hands dirty and get hands-on beginner level experience in penetration testing.
Luckily, a colleague of mine (thank you, Christoph!) had earlier on already recommended the eJPT to me. At the time, I did not pay enough attention to his wise words (shame on me!), thinking I already got enough on my hands with what I’m doing at the moment.
But with some more knowledge, I realized what a great opportunity this could be.
And I wasn’t disappointed. The whole course was a ton of fun. I flew through the material like a maniac because I kept forgetting time.
eJPT
Christoph, who recommended the course to me, told me the exam was a lot of fun, I was left in doubt. But I can wholeheartedly say, this is true!
Especially after taking the CEH test right before the eJPT, the contrast could not have been greater.
To be fair, I haven’t taken the CEH Practical yet, which might be a better comparison candidate. I might do this in the future. But right now, I have no clue how they would compare.
So now, which one is better?
The issue here is that the question is put in the wrong way. Better for what? What do you want to learn? Where do you want to go with it? Do you need the cert for a future job? What kind of job shall it be?…
The fact is, they are so dissimilar you should not even compare it at all.
But still, people are asking themselves if they should take the CEH or eJPT quite a lot.
Let’s take the perspective of someone who is hiring.
Who to hire? CEH vs. eJPT?
Again, it depends.
For management jobs the CEH might not be bad, although I guess that you might want to look at something like CISSP, CASP+ … instead if you’re aiming for that. But for technical staff and employees that even just occasionally gets their hands dirty, I would not recommend it as a benchmark.
For me, the way the exam is constructed, it tests one thing, and one thing specifically: Can you go through myriads of practice questions and memorize them? So the CEH will give you the vocabulary you can use to talk to other folks on a high level.
But can it assure you also know what you’re talking about?
I doubt that.
I am confident there are lots of awesome and knowledgeable CEH holders out there. But are they awesome because they went through the CEH program?
There probably will be a correlation. But I doubt that the link it is causal.
If you look at 100 CEH holders, I expect it to be like Bertie Bott’s Jelly Beans, you never know what you’re going to get.
On the extreme end, there might even be high scoring CEH holders not being able to change a directory in a terminal.
Analogy from the Analog World
You think I don’t make any sense?
Maybe I am not. To elaborate a bit more, let’s come up with a totally fictional certificate. I call it CF1D (Certified Formula 1 Driver).
How am I testing the candidates?
I collect myriads of MC questions: About oversteer or understeer and how to react to it (makes sense); about different tweaks on the car settings like wing levels, differential locks and so on and how they affect the driving characteristics (cool stuff); about the types of carbon fibers used in rear wings (honestly?), about what manufactures produce certain parts and what kind (why should a driver care about that?)…
Then I let people take the test.
How many will do the cert just because it sounds cool?
How many CF1D holders will be great Formula 1 drivers? You decide.
Summary
Comparing these to certifications is never going to be fair, since they are IMHO not comparable at all.
What can you expect?
The CEH can — but unfortunately does not guarantee to — give you a solid base in vocabulary and conceptual undertanding of ethical hacking topics. After having passed comfortably, I feel that based on a CEH certification alone, one cannot really deduce any level of understanding lest proficiency in cyber security topics, no matter what a CEH holder wants to tell you.
The CEH can — but unfortunately does not guarantee to — give you a solid base in vocabulary and conceptual undertanding of ethical hacking topics.
On the other hand, the eJPT delivers exactly what it promises. If you meet an eJPT certificate holder, you can assume at least basic (a.k.a. “Junior”) penetration testing skills. You can be confident that this person has gotten their hands dirty and is able to autonomously apply conceptual knowledge in an at least semi-open setting.
The eJPT delivers exactly what it promises.
What was it like to go through it all?
Considering the experience I got, I can say the following. The official CEH course was fine. The exam prep and exam itself was rather stressful and not very satisfying, though. I personally took way more time to go through the material than would have been needed to pass the test. Levels of understanding and confidence to pass the test also felt unrelated for a considerable part. But I do not complain. My goal was to grow and learn, not just pass the test.
On the other hand, the eJPT course was fun from the beginning, captivating in the process and exhilerating and heaps of fun during the exam. In fact, it was so much fun and so useful for me personally, that I then bought a 2-year premium membership right away without a second thought. It was a deeply empowering experience.
The eJPT course was fun from the beginning, captivating in the process and exhilerating and heaps of fun during the exam.
Also, if you consider “bang for the buck”, getting the course for free and the cert for just USD 200 is a ridiculous deal when you compare it to the competition.
Even if my expectations I had for the CEH were not fully met, I have to blame myself for not doing more research in the beginning.
Still, I do not regret doing any of the two. If you, from experience, know a better way to fill the vocabulary and conceptual part, please feel free to comment down below and share your insight.
If you’re still unsure, give it a try yourself. At least for the eJPT you can take on the recommended preparatory course (PTS at INE.com) right away for free.
If you want practical advice on what resources I used to pass these certs, feel free to take a look at this article.
