Do you know of any study that compares security courses? I'm looking for an advanced ethical hacking/penetration testing hands-on course. Currently, I'm looking at two courses in particular:
- Certified Ethical Hacker (CEH) at the Intense School
Advanced Ethical Hacking: Expert Penetration Testing at the InfoSec Institute
I've also looked at the Foundstone courses, but wanted to learn more about these first two. I'm not as interested in getting a certificate as I am in the training provided.
I already have my CISSP certification and have been doing pen testing and vulnerability assessments for different customers for several years. Also, currently, I'm a systems engineer, but I've been in the computer industry for more than 20 years.
I can only respond to your question on the basis of third-party hearsay (friends of friends who've taken one or the other of the classes), published reports and trolling on various message boards. I can't find any detailed published comparisons or studies on these offerings despite focused Web searches. In fact, to augment what I say here, you'll probably want to do some additional digging yourself as well. That said, I talked to both companies and got some pretty good information from each one.
In my opinion, the value of instructor led training (ILT) comes primarily from the instructor, and both organizations have heavy-duty, well-known staff teaching these classes. On the Intense School side, instructors for the Professional Hacking class include:
- Clement Dupuis whose name you may recognize from his well known CISSP study site.
- John Nunez whose name rings a vague bell as an infosec heavy for me, although I can't seem to locate any additional info on him.
Jack Koziol who is the author of a recent and well-regarded book on Snort and worked as a security professional for the banking industry. Koziol also is working on a penetration testing/exploits book for Wiley right now. On the InfoSec Institute side, Jack Koziol is also coincidentally their primary instructor for hacking topics where they offer a much broader and deeper curriculum than the Intense School does. In fact, Koziol is in the process of revamping their courses to further increase their range and depth, and is also recruiting more faculty.
Thus, amusingly, there is rather little difference between the two offerings at a low level, and in terms of preparing for the CEH (Certified Ethical Hacker) you could go either way. But if you want to dig deeply into the subject matter and sharpen your pen testing and related programming skills, the Infosec Institute will give you more of a chance to do just that. I actually got Jack Koziol himself on the phone while researching your question and believe you'll find him to be a great instructor with a lot to offer in terms of knowledge, experience and hands-on exposure to course topics in labs.
For more info on this topic, visit these SearchSecurity.com resources:
- On-demand webcast: Audits, assessments and penetration tests
- Best Web Links: Infosec
training, career and events
This was first published in December 2003