Inside a CEH boot camp: Advice from an Infosec instructor

Show Notes

Infosec and the Cyber Work Hacks podcast are here to help you pass the Certified Ethical Hacker (CEH) exam! So for today’s hack, we’re talking about bootcamps. The CEH exam, no matter how you slice it, is an exam that is the definition of the phrase, “It’s a marathon, not a sprint.” With 125 questions and four hours to answer them, there’s as much of a mental game at work here that’s much more than rote memorization of terms and tools. That’s why I wanted to get an insider’s look from Infosec boot camp instructor Akyl Phillips! Phillips will explain what the Infosec five-day CEH boot camp is like, the learning and retention strategies you’ll employ, and all the ways that bootcamp training can help you pass on the first try. Phillips has taught pentesters and red teamers at all levels from sheer beginners to people already in the field, and this episode is a look into how it works. Book yourself a front-row seat for another Cyber Work Hack.

0:00 - How to pass the CEH exam
3:17 - What is a CEH boot camp?
4:02 - Things to know before the CEH exam
5:30 - How does the CEH exam test practical skills?
6:46 - The day-to-day of an Infosec boot camp
11:08 - What is CEH exam day like?
12:14 - Is a cybersecurity boot camp right for me?
13:12 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Transcript

Chris Sienko: 1:10

InfoSec and the Cyborg Hacks podcast are here to help you pass the Certified Ethical Hacker exam. So for today's hack, we're talking about boot camps. Specifically, I'm talking about the CEH exam, which, no matter how you slice it, is an exam. That is the definition of the phrase. It's a marathon, not a sprint, with 125 questions and four hours to answer them. This isn't as much a mental game at work here as anything else, and certainly a lot more than just rote memorization of terms and tools. That's why I wanted to get an insider look from InfoSec Bootcamp instructor Akil Phillips. Akil will explain what the InfoSec 5-Day CEH Pentest Plus Bootcamp is like, the learning and retention strategies that you'll employ and all the ways that bootcamp training can help you pass on the first try. Akil has taught penters and red teamers at all levels, from sheer beginners to people already in the field, and this episode is a look into how it all works. Book yourself a front row seat for another CyberWork Hack.

Chris Sienko: 2:08

Hello and welcome to a new episode of CyberWork Hacks.

Chris Sienko: 2:11

The purpose of this spinoff of our popular CyberWork podcast is to take a single fundamental question and give you a quick, clear and actionable solution or a new insight into how to utilize InfoSec products and training to achieve your work and career goals, and that's what we're going to be doing today.

Chris Sienko: 2:26

If you've been listening to Cyber Work Hacks chronologically, you'll already know my next guest. He is Akil Phillips and he is one of InfoSec's boot camp instructors and he teaches the Certified Ethical Hacker, or CEH certification and I also mentioned in a previous episode that it is actually a dual cert, so he also teaches a CEH pen test plus dual cert boot camp. So we've talked already about his favorite exam test taking tips and tricks. He's walked us through some sample questions, but if you've ever thought of taking a CEH boot camp but wanted to get a sense of what happens there, today is your day. Akil and I are going to walk through the day-to-day skills and info you'll be learning in InfoSec CEH Pen Test Plus Dual Certification Boot Camp. We'll give you a front row seat to that, so welcome back, akil.

Akyl Phillips : 3:14

Thank you for having me. Thank you for having me.

Chris Sienko: 3:17

So, Akil, just to get everyone on the same page, let's talk about the difference between bootcamp training for a certification exam versus the ways, other ways that people will do it, whether they take an academic course for an entire semester or they try to self-study at home. What is, what is? How does a bootcamp differ from those?

Akyl Phillips : 3:35

Uh, because in a bootcamp you have a sped up timeline, right? Uh, if you do it on your own, you might want to take an entire year. If you do it in a semester, you might have two months to three months, um, but in a bootcamp you have five days to, you know, really gather the information and take it in. That would have been spread out over, you know, eight weeks if you were in a college class.

Chris Sienko: 4:02

Yeah, I think that's a really noteworthy thing, especially the second one there. People who might spend a year, you know, idly paging through the CEH study manual and think, well, it's going to happen eventually. But you know, I think it's worth noting that, you know, not everyone is, you know, feels that they can do something this fast, but you're here to show us that it's possible to get that immersed and learn that much stuff that quickly. So I want to learn about that. So, to start with, what prerequisite skills or background should boot camp students have before entering the CEH Pentest Plus dual boot camp? I mean, does this begin with the rudimentary cybersecurity functions, or are there things that should be in the student's toolkit already in that regard?

Akyl Phillips : 4:49

For the CEH and Pentest Plus Bootcamp. You definitely want to show up, at least knowing your way around the tool belt Right. So you want to know what protocols are. You want to know how computers work, but you don't need to necessarily be an expert in any one thing. In fact, the ethical hackers the antithesis of that Right, the ethical hackers usually the jack of all trades and figuring out how to be dangerous in each space. So you don't need to be a specialist, but you do need to. You know at least know that you know the right tool for the job. That's where we're getting to right, so we're going to start teaching you the right tool for the job. We need you to know that a hammer is a hammer, though.

Chris Sienko: 5:30

Yeah, absolutely yeah, and that's and I think that's a really good insight too, because we've talked in past episodes that you know, if you're going to be an ethical hacker, there's a chance you're going to be on a team with other people and that's going to be the point where you're going to want to specialize, because you're going to have a group of people who are all laser focused on one thing. But right now, you need to know a little bit of a lot, and so this is, this is the way to do it. So, because ethical hacking is such a hands on practice and such a real time sort of endeavor, understanding the real time decisions and inner workings of an ethical hacking campaign are going to be crucial. So how does CEH test these types of practical skills in the exam?

Akyl Phillips : 6:09

So I think CEH both the CEH and the Pentest Plus do a really good job of asking you questions that you would only know if you'd been there, right? Think of it, liz, as if you had an alma mater and your alma mater was Harvard, right? Well, just like in Suits, everybody knew that the main character didn't go to Harvard because he didn't know this particular pizza spot. Right, it's just like that If you haven't actually picked up the tools, you're not going to know the landmark, right? Yeah, so that's what they're really asking.

Chris Sienko: 6:46

A lot of these questions are on Interesting, yeah, yeah, and I think we you know we hear the phrase a lot of certain collectors and it's like people who want to get all of the certifications and they just do it by by book learning and, ok, well, I've, I've learned all this stuff, but like there's such a long sort of practice of like trying these things and seeing what fails and then figuring something else out on the fly, so that's, that's good to know. So so I want to talk about your boot camp. You said it's five days consecutive. Can you give us a sense of the schedule for each of these days and how much of each day is spent on different domains of the exams? And I think you said previously that you teach CEH and Pentest Plus a lot of the sort of joint concepts. Can you talk about how those feather together in your boot camp?

Akyl Phillips : 7:36

how those feather together in your, in your bootcamp, sure? So I think if we were to ever talk about demystifying ethical hacking, then the first step to actually demystifying it and bringing it down to scale is to develop a methodology, right? Whereas the CEH is the staple or the go-to cert in the industry for certified ethical hacking, uh, the phases of it. There's like 19 different phases and keeping up with 19 different things. As you imagine, if you're juggling 19 different balls, you're going to drop a couple, right, uh? Whereas the pen test plus takes those 19 phases and summarizes them into four to five, right, and that makes it a lot easier to start breaking down the day by day for the boot camp as well.

Akyl Phillips : 8:23

So if on day one, we're bringing you in talking about, you know, the general threat landscape, we might start talking about reconnaissance. By the time we get into day two, we're going to start talking about port scanning and all of these different network protocols, how networks work and what are the things we're looking at. Day three, we get into exploitations and attacks, which can be a pretty robust part. Right, if you are trying to get into ethical hacking, you think this is the only thing you need to talk about, but it's like 20% of the entire pie, right. We then talk about post-escalation and there's a lot of scripting that you talk about for the pen test, plus not writing the script but really understanding the breakdown of a script and how it's organized and what it may be doing. So once you go through all of those phases, you're complete with the bootcamp and ready to go.

Chris Sienko: 9:17

Is there a lot of sort of in-class collaboration? Do people ask you to help them run certain scenarios? Do you sort of do them in real time or anything like that? Like yeah, what's that aspect like?

Akyl Phillips : 9:31

100 percent. Yeah, so we have labs and cyber ranges that we run, that are provided to us as well, which can often serve to really open up the eyes of our of our students, right, and the reason again that you need this is the paperwork or the ink in front of you saying, hey, how does this work. The paperwork or the ink in front of you saying, hey, how does this work. Right, it connects with the hey, I've actually done this, I've ran this scan. If you say, hey, what's a stealthy NMAP scan, and you have the memory of typing in the S and the big S after that, you never forget how to run that particular scan.

Chris Sienko: 10:17

Interesting. Okay and and is I know a lot of our, our bootcamps will have kind of a you know a generic thing at the end saying, like you know, optional time in the evening for sort of study and group work. Do you do you see, on average, like, do CEH, you know Pentest Plus students uh, like just kind of work around the clock during these five days, like that? Do you do you see a lot of like like night night study?

Akyl Phillips : 10:39

for the CEH guys? Yeah, definitely Um it. So, depending on what bootcamp you're teaching, you get a different mix of guys. These guys can tend to be a little bit more entrenched, um, and a little bit more involved. Uh, I had one guy, um, in my last CEH class who, um man, I would walk into the hotel lobby and it's probably 10 o'clock at night and he's still studying in the hotel lobby, Right, so you get some real dedicated folks for CEH.

Chris Sienko: 11:08

And I imagine I think the good news is probably a lot of these people that would this would be fun for them anyway, people that would this would be fun for them anyway, and so, but it's nice to be able to have like five days off of your work grid or whatever, to like sit there and just think about nothing but this. So, so to that end, you're, you know, you've, you've been, you've been sweating it out for five days. You've run every single scenario you can like. What is what is exam day Like? Is this something where people take the exam right after the boot camp, or do you recommend scheduling it a few days or weeks out to give their brain time to cool off and firm up their knowledge?

Akyl Phillips : 11:41

I'd like to put it back in the hands of my students, and the reason for that is I think everybody's a little bit different. For me personally, I want to get in there as soon as possible. Again, figure out what the beast looks like. Again, figure out what the beast looks like. But if that's not who you are, if you want to take time, if you want to make sure that you're prepared, I may tell you to go ahead and take an extra week, right? Nothing's wrong with taking the time if you have it. So. But because for a lot of people, when they're coming to our bootcamps, it can be a I need this for my job they tend to jump in right away.

Chris Sienko: 12:14

Yeah, so considering taking a boot camp for certification exam study Akil, as we wrap it up today, what advice or evidence can you give to our listeners who are wondering if a boot camp is their best option?

Akyl Phillips : 12:27

This is actually the best advice I can give you. Most people in the industry have taken these tests and a lot of people have failed these exams. If you've tried to take a whack at it on your own or you want to have an easier time, if you want to enjoy this industry when you're done passing the exam, then maybe a boot camp might be able to bridge the gap and you can grab some of the knowledge that is being poured out into the room and stand on the shoulders of giants. I'm not here to tell you how to do it. I'm just here to give you a extra helping hand so that you can get farther than where you possibly could have gotten on your own.

Chris Sienko: 13:08

Awesome. Akil Phillips, thank you for touring us through the CEH boot camp. This was a lot of fun.

Chris Sienko: 13:12

Thank you Thank you and to everyone listening and watching at home. Thank you for watching this episode. If you enjoyed this video and felt that it helped you and might help some of your fellow students or friends or colleagues, please share it with them, either on your social medias or on your forums, and definitely subscribe to our podcast feed and our YouTube page. You can type in Cyber Work InfoSec into any of them and we will be right there waiting for you. So there's plenty more to come. If you have any other topics or certs or career paths that you want us to cover, drop them in the comments below. We do read them. We do take them to heart. Until then, we will see you next time and, as always, happy learning. Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12 most in-demand cybersecurity roles. I asked experts working in the field how to get hired and how to do the work of these security roles so you can choose your study with confidence. I'll see you there.