The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Interview: Matt Walker, Author of CEH Certified Ethical Hacker All-in-One Exam Guide

GoCertify: What types of jobs will the successful Certified Ethical Hacker be prepared to do?

Matt Walker: You mean other than writing best selling books for a great publisher?

Seriously, the field is very broad, so there's no one answer for this. It's better to ask yourself what you want out of it. Virtually any IT Security position - from a CIO all the way down to a help desk employee in their first week of work - will benefit from attaining this certification.CEH holders can obviously work on pen test teams, but if you step back and look at the big picture, the opportunities are literally endless -as long as you're willing to put in the work. If you want to move forward in the security field, CEH shouldn't be your end goal, rather it's a great place from which to launch the rest of your career.

GoCertify: The CEH seems to be very widely accepted and approved in US Government DoD circles is there also strong demand in the private sector and internationally?

Matt Walker: Surprisingly demand for security professionals always seems to spike right after a giant, very public, computer attack is discovered...

Probably a more important question to me is, 'how long will demand for this certification and knowledge last?'Operating systems come and go, and technologies that are sexy today are outdated and replaced anew next year, but the need for securing everything...well, that's always going to be needed, isn't it?

As to market demand, government, financial institutions and medical facilities need good security people and practices - for obvious reasons - but I think the market is much, much broader than that. Everyone from the mom-and-pop store on the corner to the biggest retailers in the world understand more and more, every day, how much IT security, or lack thereof, affects their bottom line. This field hasn't even begun to stretch its legs, and I'm excited to be a part of it.

GoCertify: How much law does a CEH need to know to stay on the "ethical" side of hacking?

Matt Walker: I don't want to say that you're going to need to be a lawyer, but you are going to have to play one of TV. Or maybe just your pen test team... Laws and guidelines - especially overseas laws - aren't always clear in their definition of scope, and there are more than a few examples of people playing by what they thought were the rules, only to find themselves in deep trouble later on. We cover the basics of what you need to know, law-wise, in Chapter 1. For new members to the field, though, you'll need to rely heavily on the senior members of your team and organization: not that you can get by with the old 'I was just following orders' excuse, but they should definitely have guidelines in place to keep you (mostly) protected from yourself.

GoCertify: Who typically should be involved with setting up pen testing?

Matt Walker: That really depends on the test you're running. In some instances, the business/corporate/government owner may not want anyone else within the organization to know the test is going on. Other times, you'll want everyone involved up front. It's truly a situational call.

GoCertify: There are so many types of attacks covered in your book - are they all going to show up on the actual exam?

Matt Walker: The only correct answer to this question is, they could be... The CEH exam is 150 questions and is very thorough in its coverage, however every time I've taken the exam it has been different. Sometimes you'll get an extra question or two on wireless attacks, other times it'll seem like all they care about is sniffing and enumeration. Just take the time to be familiar with as much of it as you can, and use deductive reasoning and the art of answer elimination (eliminate the ones you do know are incorrect) to handle the rest.