i've heard so much negative feedback about it you guys really bash it because it's frustrating right that that is frustrating our inner person does not enjoy feeling like they have to be a walking encyclopedia so i need to i i need to push you because i i i've got like this loop that i have to close what is the number one what is the if you could only choose one cert what would it be and i'm sorry to push you it's just your opinion yeah just my opinion what would you choose man you're you're stuck on an island you only way off the only way off is to choose one surgery if i'm going to go with one cert i'm gonna go hey everyone it's david bomble back with another interview but in this case i've got daniel daniel i could introduce you but it's probably better if you do it yourself so could you tell everyone a little bit about yourself sure david thanks for having me on this is a real pleasure like you got such a cool podcast or youtube channel you get so much great content so i'm daniel lowry i work for um it pro tv i'm what we call an edutainer you're watching ipro hopefully that kind of gives away the idea behind what i do i instruct on cyber security that's my my specialty my silo as it were and i try to do that in a way that's fun and engaging instead of i'm sure everybody out there has had to at one point deal with the voice over powerpoint awesomeness that is most online it training wasn't a huge fan of that so uh my friends got together they built this little company they asked me to jump on the ship i said hey what the heck and here i am and now i try to inform the masses of cool it training that i can give to you and then get you in there and get you learned up with all the skills that you're going to need to get into cyber security i know it's a hot thing right now it's a lot of fun i know i enjoy it so i i totally understand the appeal of it but okay daniel now i'm going to push you okay now you're ready for some fire all right i'm going to take a sip here you go for it okay so you mentioned a bunch of certifications and there are a bunch out there like security plus um there's ch um you can you can go through the basic list again but you tell me now okay what are the most sorry what are the entry-level certifications and which one would you recommend as the first certification that's uh that's a great question so i'm gonna push you i'm gonna push you now you're gonna push me this is a good push question because it's very relevant right and it is is the probably the question people have on their minds okay tell me i'm poised to jump just tell me where to jump to and i'm gonna go and i'm gonna tackle it i'm gonna kill it i'm gonna get that cert so that i can i can really start making some headway into my career i get that uh the answer to that is my opinion probably the best entry-level certification if you're going toward an offensive security style you know this would be for a sock analyst or anything like this would be i want to be a pen tester one day i want to do vulnerability assessments ultimately maybe get into real red team engagement kind of things i would probably start off with with elearn security they have they have great great certifications the certification and and here here's what i would say why i would say that is that the ep ejpt would be the the certification yes okay so you actually putting that above like security plus or ch or pen test plus yeah yeah and i can say that now because after having i do training for security plus i think it's it's great you got to understand like none of these things are are static they're they're all dynamic everything's always changing security i've just finished the update to security plus with another edutainer here wes bryant he he is the smee on that i'm just kind of there to host and support him and give him that because he he helps people and i just want to say that for the for people who don't know um it protv what's really nice about the way you guys do it versus like a lot of training is you there's always two of you isn't there and like one person is like teaching the other which makes it very interactive as i run i feel like we should be like you know old style like rock soccer robots yeah here we go right because we're we're trying to do what we're having right now and then just make that training think of how much better you learn just listening to a podcast to picking up random you know pieces of information we just try to like move that into a very uh information rich environment and that becomes your training instead of okay let's go through the five phases of pen testing whatever it is you know what i mean it's just yeah that that's that's not engaging that is boring we do we are not people that like to be bored here and we don't want you to be bored we want you guys to have fun we want you to learn we want to get our hands into stuff so we uh we like to show things as often as we possibly can of course there's always going to be those theory uh elements to stuff but yeah when you but i need i need to push you sorry i i interrupt i interrupted you sorry so you were saying ejpt is the is the certification of choice so explain to me why i would say because for two reasons ejpt is very much a it basically is kind of like security plus and um ceh kind of wrapped up in a ball right without the filler now i will i'm going to qualify that that phrase filler here in just a second i say filler okay it is is very pointed is what i mean it is saying you want to be a pen tester let's test you on pen testing things right that's their focus that's their motivation and the exam i've i've never come out of an exam booth before going that was fun that's amazing because normally it's like thank goodness it's over yeah i usually come out going well that was fun yeah same verbiage different like obviously different meanings there uh that experience was great i enjoyed it um i look forward to doing more e-learning security certifications for myself personally just because they have a great track if you're into pen testing it's a phenomenal track to get into does that mean they're the only game in town or like ceh is out the window and they're they'll be boarding up shop within six months because either security hit the scene no absolutely not because their ceh has done a great job of marketing themselves and making themselves a certification that has industry recognition ejp so it's like a it's a gatekeeper type suit isn't it yeah it's totally yeah yeah i i like that terminology that this is something that an hr person would probably put in a offensive or even defensive security and it does have its place because if you look at i would say most people say one of the big problems with ceh is how massive it is so i've got i've heard you i've heard you say previously that the amano you were surprised that there's so much content is is that right yes it's it's tons and tons of con of content so that is what is part of what makes it a difficult certification moderately difficult certification in the past because you got to know a bit about a lot of it right so there's there's tons of stuff and you got to know something about everything and they're going to hammer you on on minutia they're going to oh which nmap switch does x y or z which kind of seems pointless because in the real world you're not gonna you're gonna that's why you got google or you've got documentation yeah it's funny you say that but i mean cisco do the same well they used to do the same yeah sorry go on yeah well i i would i would love to see the day when certification exams are yeah you can use anything you want you know and i i did see that with e-learning security they use anything you want use google anything you like you don't have an exam proctor because what's the reason of proctoring it you can use any resource you can get your hands on is it like a practical exam yes it is a practical exam thank you for that clarification whereas ceh is a more traditional exam based off of a body of knowledge yeah it's like it's like multiple guests yeah right now we're talking about ceh and if you look up ceh is it worth it that kind of thing the exam itself can be a bit of a bear because it's large you know i think it's 100 something 120 something questions or or something like that it's it's a pretty big exam it takes time you got to know minutia things that you can't google that you would be like oh man if i was in the real world i'd be googling this and these are all these are all the negative feedbacks that you hear about ceh i've heard so much negative feedback about it you guys really bash it because it's frustrating right that that is frustrating our inner person does not enjoy feeling like they have to be a walking encyclopedia of uh you know a walking body of knowledge we all have a walking body of knowledge but maybe not to the depth where we outsource a lot of that to the internet to books to references instead of keeping it in our head and that that's just that's how the world works now that said if you look at ch what do they offer right now if we if we're judging ceh based off of chv 10 and not looking at chv 11 which is their current standing yeah i wanted to ask you about 11 because they've that's a new that that got released a few months ago yeah right and that that would be doing that that wouldn't be fair to ec council to judge not that it doesn't play a part but to solely base our our estimation of what the ceh 11 version is just based off of the pa the prior uh versions and the prior performances in the prior um people's experience with it that that would not be a completely fair thing to do so ec council to their credit has seen their competitors elearn security offensive security um what's the other there's tons of them out there now a lot of a lot of certifications are starting to pop up uh even comptia has gotten in the game they got penta plus so what are they doing that's giving them so much success and they're starting to emulate that so if i'm if i'm looking at chv 11 i'm looking at the content i'm i'm now looking at a much more uh true comparison more of an apple to apples apples to oranges with its competitors out there now maybe not in the way that the exam is administered right that but they have also come out with a different this is where people get fun with marketing they're trying to make more money i get it here make more money if you can but they have the ceh practical exam yeah what what is that what is that so that's the three what what is that so what is that that's meant to be the practical performance based exam that they now offer to say okay you know we see you we hear you everybody out there wants to get their hands on something and prove that they can do x y or z and probably they were getting slayed by oscps and the ejpt's of the world so they thought hey we can do that too and so they spun that up and now you have the the ceh practical exam so you have like so ch per se is just a theory based type of exam yeah yeah like the typical theory you know i always say multiple guess as a joke so that one of those type of exams and then the practical is is kind of like e jpt or oscp obviously not the same level as osep but it's a practical type exam is that right yes it is a practical type of exam you're going to log into some some lab environments i think it might be done via like a web browser uh kind of thing i've taken some exams that are like that where you get a web browser you go to the link you get basically like what looks like an rdp session via the web yeah like a jump post yeah there you go and uh they're gonna give you some some tasks to perform and you you fill them out you do that and there you go you get your certification if you're able to actually complete the task they ask you to plead which is great good for them they saw that hey we're not strong in this we need to we need to come up in the world and show that we are still a competitor in this space and they're trying to be competitive by offering those things it's a bolt-on solution but it's still a solution they haven't not heard the voices crying in the darkness saying hey you know i got the ceh thing and people are making fun of me you know they're like oh okay yeah no let's let's help you out with that let's get that that is that is to the credit yeah yeah so i i i feel like we do tend to get a bit tribalistic maybe if that's a good word to use about you know um see it's bad you know not my tribe you know because people get very black and white and get very vocal about what they believe you also have to understand what ceh is meant to do i i don't believe that maybe it was when it began but at this point the ceh the regular ceh exam is meant to kind of give you that that's why it's such a large body of knowledge you need to know a bit about everything if you're going to be that security person that wears that hat plus a system administrator you're trying to do that it can be a really good certification for that where to give you like a foundation of knowledge yeah i i don't have to go get security plus right i do need to have some understanding of how certain technologies work there is some pre-requisite knowledge there where i need to understand windows operating systems i do need to understand even some linux operating system i need to understand mobile technology maybe some cloud and things of that nature but now i'm just starting to once i go from there i start to dive into the idea of okay what does security governance look like because they they talk about that kind of stuff inside the training they talk about standard vulnerability assessment and risk management all part of standard security stuff that you would learn in in security plus and so maybe you're like yeah i want that security plus experience but i'm i'm really interested in in the the more offensive side of things maybe learn a bit more about that world ceh is a great certification for that because it does have a ton of stuff and you've got this these huge books that they give you because i think it's like over 3000 pages of information and now you've got a set of references that sit on your shelf as they should again we're outsourcing that knowledge is it a bear to go in and take that test and try to remember all those things yeah but you can think of it as a challenge gamify that right and and right go back to our previous part of the conversation it's hr gatekeeper there is value to that exam there is value that certification there are people out there and let me put it in these terms if i go to a job board and i see on a job that i think is perfect for me and their qualifications are include certification such as ceh pentest plus oscp ejpt or you know whatever and i've got a ceh sitting in my pocket i will tell you ceh is an easier exam than oscp and if it gets me past the same wall right you start to see it we're hackers right gamify this it's a game i want to push you sorry man i want to i want to push you now so first cert ejpt yeah yeah then you you're recommending uh look at ch to get past the gatekeepers because from what i've seen um the problem with ejpt it's a great cert but it's not well known enough to get past a lot of gatekeeper type stuff even though you know perhaps you can you you can talk to them and get past it but if you just want to you know get past the the check boxes and stuff right and the recruitment agents ch is a great way to get past that okay so are you saying do those two and then what would you do or are you saying do a ejpt and then go to oscp sorry daniel to push you on this i just want to try and get a nice path for people to follow yeah like what would you do today you know if if you're starting out or i was starting what would you do so ejpt then ch is that right and then maybe oscp or what would you say so depending on what i want to do if you're saying see this this is where it starts to get down into the minutia where it starts to deviate from a here is the way to here is here is a way okay if you're saying i want to be a pen tester then i would push you ejpt if you're saying i want to be a general security practitioner with an emphasis in the offensive side of security then i would say go ceh right oh okay so are you saying so let me just clarify that because that's a great way to put it so if i want to be red team yeah pen tester ejpt is your first cert but if you want to be like blue team or um just have general knowledge then ch is that what you say right or maybe if you're running like purple team where you're you're kind of doing blue team and red team things that's that all of that is encompassed under your job description or that's your role uh in some way shape or form where you are the person that is not only responsible well ultimately people have to understand that red team's job is to uh what's the word i'm looking for to make the blue team uh uh capabilities more robust right yeah help them the great way to put it right help them find the flaws in what they're doing so that they can shore those up make it stronger make it faster make it leaner meaner and tougher for the adversaries out there that are looking to get into their systems it's fun to pop shells it's fun to hack through a system but at the end of the day that's not my job as a red teamer as an offensive as a pen tester as a vulnerability assessor it's not my job my job is to find the weaknesses in a system find out whether or not they're exploitable then go back to the people that built that system and say hey man i found some i found some weakness in your fence here let me show you some ways in which we can make that work a whole lot better so the guys like me can't find or or girls or as it may be might find their way through that at the end of the day and i've said this in conferences i've said this on countless different ways at the end of the day red team's job is to make blue team win blue team eventually should be winning the game because if it's a great word i like what i like what you said there we have to think about these things more philosophically than we do because everyone's like i want to hack i want to hack but i mean at the end of the day what pays the bills or gets you a job is to protect a company in a lot of cases i mean obviously the exceptions but right the most jobs are protecting companies so i like the way you put that yeah what is the value that you bring to the company i always tell people like if you're if you're going red team side of things what is the deliverable the thing that the company paid let's say you're a let's say you're a pen tester and uh you've been hired to do an engagement what's the deliverable at the end of that engagement it's a report well what's in that report here's your weaknesses here's how we did it here's how you fix it if you need help you know maybe that was a part of our agreement if it's not we can bolt that on and come in and help at the end maybe even do a reassessment to verify that those security controls are now working right this is the job of a of a pen tester this is what they do this is their purpose in life red team real true red team engagements are to kind of even go further than that as far as like we are going to be basically become a specific type of threat we're going to model ourselves after based off of your organization and we are going to act as a true apt against your company and see if we can't make some way so that you can better threat model what might actually come down your your way and again for the sole purpose of the blue team eventually winning the game so if you like that if you think that oh i'm gonna get into red team because i like hacking yeah that's super awesome and it is fun to do but that is a small subset of what you what you do in the entirety of the business so do you need to know hacking stuff do you need to learn those hacking skills absolutely is that fun absolutely it is so much fun but if you just want to have a good time and know some hacking stuff cool welcome to the community you'll grab a ctf sign up for hack the box and have a good time and enjoy hacking and popping shells you can just totally do that and then maybe as you mature in your understanding of what that does and how you can play that maybe you then start to move toward that side of things and as you see i go oh you know what i think i could be a real asset to a company if i was employing these skills that i've learned or these certifications that i've gained because i always think of them as a as a challenge right i want to challenge myself let me take let me take some training let me see if i can get assert if i didn't at the very end of the day did i at least learn something did i take something away from that that i improve myself that i make myself more marketable if that's what i'm trying to do so i didn't gain the certification i gained a lot of experience i can make that experience a part of my resume i need to be doing things that aren't certification uh related as well like hack the box i want to push on that because you mentioned hack the box and stuff so what's your opinion on certs versus hack the box and you know try hack me stuff like that some people are like really focused on certs um are you saying like you should do certs and that or how would you spend your time basically yeah it is it is at both end i would say uh a because you can get burned out when you're working on certifications you're going to kind of bounce in and out of either side of that that coin where you're going to be like okay i got it i got to work on my certification so i got to carve some time out i want to get this cert it has some value in the in the industry so i want to do this as a as a profession so i'm going to get that search so i'm going to spend some time working on gaining the knowledge i need to gain that cert depending on the certification you're working on doing things like hack the box try hack me vulner hub whatever can help make that learning experience a a true practicum something that i've i've not only engaged in with my head but with my person i've done it i've got experience in it it might not be a true representation of the real world but it was a it was a challenge i had to apply the knowledge in a real way and use that so they can definitely bolster themselves out a lot of times i find myself jumping back over to doing things like try hack me or whatever uh because it's fun right it's it's kind of uh go back to the idea i like hacking because it's fun and let's let's just have a good time and you know what i find what happens is i learn a ton of stuff though i i do a new challenge then maybe a new box drops on hack the box and i go oh i gotta do some googling here and all of a sudden i'm taking all those methods that i learned in maybe a certification training and i'm applying it to trying to hack this and now i'm taking the experience that i learned there and i'm going back to my certification going oh that's where this okay and everything starts to work together so a lot of times again going back to the red team idea that yeah these things are great um partners that they go together like chocolate and peanut butter a lot of times there are so many of these great resources where you're able to take that you must be an american chocolate and peanut butter have you had it it's awesome i'm just kidding but i mean that's great so i mean you basically those two go together yeah like suits and and and the practical stuff and not only that sorry i i interrupted you go on no i was gonna say well i i like where you're going with that because it brings us back around to the idea of it's let me put this away i'm i'm go for a job right i apply i've got a cert put the assertive choice in that in that ball they go cool that's great what else you got uh well i got the cert okay but you know what are you doing to show me that you can actually do it right that this is something that you're engaged in something that like a lot of people can just hunker down and go i'm gonna go get a cert ingest that information go take the certification get the cert and now now what you know we the people out there that i'm seeing like before covet hit we were able to actually go face to face in conferences and and do some meet and greet and talk in that way and even still now in in the the digital way in which we interact you see that people they like certs they it helps with like you say hr gatekeeping to get the right people in front of the right people but at the end of the day they want to see the aptitude they want to see the passion because they know the love for it right that person is going to be a phenomenal employee all you got to do is give them the resources that they need and get out of their way and let them do the job and you're going to be so happy that's what you did so put them with somebody that's been doing it for a hot minute they know the ins and outs of the work hey here's the new person they're going to shadow you for the next month and you're going to help them get up to speed and that's honestly that should be just about any job right you need to you need to work under someone that knows what they're doing because everything's new to us at one point in time don't understand the concepts you might have even done some of it before but it doesn't mean that's necessarily how we do it here right you might need to just understand their workflow and do it because that's how they like it done that's cool go get that done work under somebody i like that mentorship uh model even if you're trying to to just learn somebody that has walked those steps ahead of you is you'll come to find most people are more than happy to share that knowledge with anybody that is passionate shows a true interest and willingness to do the hard work that's and that's that's another really great but but you make a good point about you know you mustn't just take any job i mean unless you have to i like that thing about you you don't want to be the cleverest guy in the room oh no girl in the room you want to be the the person that's a few steps below so that you can learn from others around you yeah i i want to go like mentorship yeah yeah no you're fine i want to grow myself uh i'm not the smartest guy in the room a lot of places uh sometimes i am sometimes i'm not and when i am i'm trying to give that knowledge to other people like if you come to ig pro tv sorry danny i want to take you back to the search because you you gave us like sort of two parts like ejpt for red team um ceh is like gatekeeper slash you know more generalist type knowledge um are there any other search because i also want to push you on security plus and pen test plus but i mean what would you so let's let's start with that what about those sides would you recommend not doing those and just going straight to ejpt ch and then what comes after like oecp perhaps but let's start with you know security plus pen test plus sorry i want to push you because it's it's nice to get someone of your knowledge and like put you in the hot seat if you like oh yeah yeah yeah heat it up light the fire right so i i think that we find ourselves trying to to focus in and say which one it's not which one right it's how do i get all this because security plus has like security plus is an 80 um 8570 compliant for the dod the united states government that will get you in the door of a lot of government work just having security plus if you're in the military and you need to be able to do x y or z job that is a ksa right and it's it's cheaper than in ch yeah by far oh my goodness and it's in it's easier i suppose because you don't have the 3 000 pages or whatever you have to learn it's still pretty good um body of knowledge but yeah it's nowhere near the tome that is c-e-h uh but i don't just want security i i want security plus i want pentest plus i want ceh i want ejpt i want them all right they're like pokemon to me yeah you gotta gotta catch them all in because it makes me more marketable the more that i'm doing the more that i'm engaged with the community and if that be through certification showing my passion because i don't want to have an air of arrogance like security pluses beneath me right it could apply that might be the thing that gets me the job maybe they're like oh man they got the security plus i know what that is let's bring them in you know hold on i like what you said i mean it's i mean my counter to you would be time and money time and money yes time and money so you know that's why i'm kind of pushing you like you know if i'm short on time short on money i would go um ejpt because it's it's relatively inexpensive uh by far less like half as expensive as ceh it's very geared toward pen testing so if that's where you want to go that's that's perfect and would do fine for you if you were wanting to if you had to be that security person and know something about the the offensive side of things it would be just fine for that as well um pentest plus also another very viable alternative very strong showing let me put this away i didn't hate taking the pen test plus certification exam but you loved eggs i love dj pt but i didn't hate pentest plus i thought it was a great especially for their first foray into offensive security red team side of things i thought it was a very strong showing for them to come out of the gate with that did a great job i think it's a very practical exam even though it's not a practical exam so which would you choose security plus or pen test plus sorry to keep putting you on the spot it's just time and money you know give me give me give me like just your opinion if i was just starting out i would go security plus if i was if i had some some time in the grass i knew a bit about security you know maybe foundationally i would go pentas plus if i you know i might not have had a security certification but i've kind of messed around with it i know a bit about it you probably got the wherewithal to jump into a pen test plus and and be successful here's a nasty question i like to ask this question so so get ready i like it what is the best cyber security ethical hacking certification like if you only could pick one right what would you pick is it oecp that's a tough one so oscp has a lot of positives ocp has um industry recognition hr gatekeeping kind of idea going behind it it's it's very it's practical i say very proud it is practical yep um it's probably a top of the entry level bottom of the mid-tier just from my experience what i've seen a lot of people consider oscp to be an entry-level certification it is interesting that people say i've heard that as well people say it's it's like entry level mid-level i mean it's not something you would recommend as your first search is that right yeah i i wouldn't recommend it for a lot of people's first cert it would depend on the person if i was going case-by-case but generally no um you do need to understand a lot of they they assume a lot of knowledge right at that point so and then you get to the exam itself and the exam itself is the beast well it's a beast because it's a big puzzle right it's it's five big puzzles one one one of the um exam boxes this is all well known information from us i'm not giving away their secret sauce or anything but there's gonna be a buffer overflow challenge that you have to create a a very basic um exploit a couple of twists and turns in there that you anybody that you know just sits there anything but most of it is designed to be kind of like a ctf and ctfs are basically like little hacking puzzles and they can be like wicked frustrating especially when you're under a time crunch and you're like you've spent some money you don't want to fail so that's probably the negative aspect of the oscp you ca it's a rite of passage almost at that point because it was a really hard thing you stuck your hands in the in the bullet ant mitts and you didn't scream for 24 hours and you came out and you you did it good for you you know so that's why it's it's kind of respected uh they have started to they had at one point a real um uh issue with them being relevant and their relevancy they've so guys were saying it was outdated yeah yeah i was outdated a bit and i think that they've since kind of updated things and and tried to bring it up more to speed what's going on with relevancy it was definitely one of the things i liked about ejpt it was very straightforward it wasn't a ctf it was here is basically a what may very well be what it looks like for you on your first pen testing engagement they've got a web application they've got this they've got that you've got to try to use the skills that we've taught you to to answer questions that only you would be able to answer if you did it correctly right i like that so it's not like what i don't like about the ctf thing is they're trying to catch you out yeah whereas this sounds like it's more like um perhaps like what like you said you'd encounter it in the real world you have certain tools it's not like just to try and it's not a gotcha or trying to get you a lot of exams are trying to uh or at least it seems like it to me trip you up yeah it's like they're trying to test you on how well you take a test yeah which is pointless which is that's this is not the job the job is do you understand these technologies are you familiar with x y or z tool maybe not to the point that you know maybe it's just a basic familiarity maybe it's a little more in depth that you understand the switches and where you would use uh different things within that tool set to accomplish a goal and that's fine but don't make it to where it's like was it port you know eight eight three nine or eight eight three eight oh that's what we have that's why we have google right come on that's exactly right that's why we have google that's why i'd love to see all certifications just be practical at one point with here's the google screen here's the machines if you can do the job then you can do the job not the other so i need to i i need to push you because i i i've got like this loop that i have to close if you could only choose one cert what would it be and i'm sorry to push you it's just your opinion yeah just my opponent what would you choose man you're aren't you stuck on an island you only way off the only way off is to choose one search if i'm gonna go with one cert i'm gonna go ejpt ah that's interesting yeah i think elearn security has really done the right thing like their their philosophy on the certification i'm amazed you you didn't say oscp i i don't say oscp because uh well there there are so many different factors that you you have to kind of boil it down to i'm gonna i'm gonna try to cast as wide a net as possible oh you know i mean daniel it's your opinion yeah and say whatever you like scp to me does not cast that net it's a much more right and as you move up the wrong even the needle in security those nets are going to get smaller and smaller and smaller you're you're working on very specific skill sets for and having a very broad prerequisite set of skills so that you can move into that so the the focus starts to narrow as you move up in difficulty and things of nature so oscp to me is a little more like if you had ejpt that would be a great precursor to moving into the oscp and then taking oscp exam and going okay i'm not i'm not starting from jump street and trying to work my way up so again i'm if you're trying to hem me into a path i would go something like i would say something like security plus then maybe like ceh or pen test plus and then ejpt if i'm building a perfect world here uh and then oscp and then back to like ecpt then maybe back to osce um yeah that kind of stuff and and starting to work that way the man uh ew ptx the um extreme web or they've got that there's so many they got these acronyms they're crazy you're talking about like the um offset um like the wireless uh so they have wireless and then elearn security has their penetration tester extreme version two i think is their lowest version uh which is extremely hard then you've got like um g pen you think about sans they have certifications as well at the what i want it's it's tough because i mean like it is i mean i'm i'm pushing it and when you start talking about the value i think that's the real yeah what what's the value yeah is the certification is going to have some value itself but the real to me right this is my opinion take it or leave it to me the the real value comes in the training and the experience you get with that training and that's why when i teach ceh one of the major things i heard and experienced when i took ceh was man they just they turn a fire hose on and they hammer you with all this theory and concepts and tools and you got to just all this stuff and then i'm like uh someone turns around says now you teach ceh and i go okay well now that it's my baby i'll do it the way i want i'll do it the way i think would be most effective and that's why when you watch my ceh class it's not just a fire hose and a deluge we're going to get our hands dirty we're going to apply these things i also have like you know methodology classes like i built a hands-on hacking series where hey let's take all those things we learned in ceh or that maybe we're getting ready to take ceh or oscp or ejpt or whatever certification that's on that red teach side of things and let's see how we work our way through that's how let's build a good methodology that's going to help us be successful in those exams so then they apply to everything instead of just oh this is the ceh training you take my pen test plus it's going to be the same thing i'm not just going to say well here's the the problem with sql injection is that you're allowing the execution of transact sql on the back end through yada yada and these mechanisms not that you don't need to know that we go through that and then i go now let's do it let's let's spin something up here's my web application right here and uh yeah this is this is fun here's the one you'll see one equals one uh oh look that worked but how do we get at the database how do we get how do we how do we make this a little a little more point okay let's keep going down the rabbit hole let's start with i how do i find a sql injection how do i exploit a sql injection how do i use sql injection to gain access to the database how do i use that access to then gain access to the system itself maybe getting even a shell back from the system all through one concept which was sql injection so um just just to make sure i understand that's a course that you've created that's part of it pro tv yeah absolutely yes and what what is it called again that would be ceh that's eh we do that in ceh we do that in pen test plus micro in other words you you've taken the um sorry to interrupt you've taken the the certs like pentest plus or security plus or ch and you've kind of like made it practical if you like and that you you're demonstrating stuff rather than just talking about it i've looked at some of the security stuff um like security plus and like the books and some of the materials out there and it's like just concept of the concept of the concept it's like after like an hour of that you you like sport out of your mind so i'm really glad to hear what you've done yeah you know that came from me having the exact same experience as that going i cannot stay engaged with this this is death by pablo man we've all been there and we've all had to come back from the brink of like going oh i'm ready to just toss in the towel this is this is not fun it's terrible yeah right why why why can't it be fun why can't it be hey run over to von hub grab this vulnerable machine and let's do this stuff that we're talking about here you