EC Council, the world’s leading provider of certifications and training in the information security domain, today announced the release of five core programs and certifications to create an all-new learning track. These programs and their ensuing qualifications will prepare quality, skills attested, respected, capable cyber-manpower that is in demand by the global workforce. It is a big step forward towards EC-Council’s commitment in Bringing Workforce Development Training and Certification Programs that Measure Industry Readiness.
In today’s world, hackers are using sophisticated malware techniques to inflict intellectual and financial losses to their target, while organizations depend heavily on information technology to protect their vital information. The ability to harness new technology to bring value to an organization is critical to any organization’s growth matched with the ability to deploy these safely without over burdening the organizations risks posture.
In response to the growing threats, EC-Council has addressed the root of the problem – the lack of cybersecurity professionals skilled in ethical hacking, security analysis, and penetration testing.
Biggest Leap Since the Original
EC-Council raises the bar again for ethical hacking training and certification programs through the Certified Ethical Hacker (CEH) v10 program, which is in compliance with the NICE framework’s Protect and Defend specialty area. In order to meet the rising demands of employers across the world, the program now includes IoT hacking, vulnerability analysis, static and dynamic malware analysis, and emerging attack vectors on cloud, artificial intelligence, and machine learning.
CEH is used as a hiring standard and is a core sought after certification by many organizations, governments, cybersecurity practices, and is a cyber staple in many of the top universities around the globe.
Exam Sanctity
"The biggest issue for CISO’s is the need to differentiate candidates that have the knowledge and candidates that actually have the skills and abilities to do the job. Abilities that represent true technical and security challenges faced at the workplace today and every day. Many Fortune 500 companies developed creative ways to find and hire those that could actually do the job…They spent millions of dollars and countless amount of time and management to achieve that annually. Today, we offer a solution to this problem," said Jay Bavisi, CEO of EC-Council Group and Chairman of the Board, EC-Council University.
Ethical hackers from around the world will now be able validate their skills in a new exam format launched by EC-Council.
The all-new C|EH (Practical) certification exam will be delivered as a secure, remotely-proctored, hands-on, live certification test that can be taken anytime, anywhere. The exam is a six hour practical exam built by subject matter experts in the ethical hacking field, that will test the candidate against 20 real-life scenarios.
The combined benefit of a practical exam, proctored anywhere in the world will allow organizations to quickly train, test, and deploy their cyber-ready workforce.
A Progression From the Former
Continuing where the CEH program left off, is the enhanced ECSA v10 program that includes a new comprehensive step-by-step penetration testing methodology that improves upon the best from ISO 27001, OSSTMM, and NIST Standards. This program is 100% compliant to the new NICE 2.0 framework and CREST framework, bringing real tangible benefits to employers including helping them assess their cybersecurity workforce, identify critical gaps in cybersecurity staffing, help their cyber workforce explore tasks and work roles, and assist with understanding the KSAs that are recognized by employers for in-demand cybersecurity roles.
The program includes a new comprehensive social engineering penetration testing methodology and has increased its focus on methodology for perimeter devices (IDS/Firewall), database, wireless, and cloud penetration testing, using both manual and automated penetration testing approaches, along with many other major improvements.
Application of Methodology
After a successful completion of the ECSA v10 credential, certified members can now attempt the brand-new ECSA (Practical) certification exam — a 12 hour practical, fully proctored, live online exam, built on EC-Council’s cyber-range, simulating real-life environments. The exam will test the candidate on their application of penetration testing methodologies to perform a comprehensive security audit of an organization.
The ECSA (Practical) will test your ability to perform threat and exploit research, understand exploits in the wild, write exploits, customize payloads, and make critical decisions at different phases of a penetration testing engagement. The candidate will also be required to create a professional pen testing report with essential elements and guidance for the organization in the scenario to act on.
An ECSA Practical credential will provide the assurance that the candidate possesses the skills required while on the field and will stand as a testimony to their ability to undergo the rigor of the profession.
100% Practicality into Training Sessions
The all-new EC-Council learning track would not be complete without a penetration testing program.
Following the launch of the LPT (Master) program at the Hacker Halted Conference 2017, came a flood of requests for an advanced penetration testing course, in order to help professionals be better prepared for the LPT (Master) test. Since then, EC-Council began working on a course that could resolve the problems faced by cybersecurity professionals and hiring managers, alike, bringing forth EC-Council’s Advanced Penetration Testing program
The Advanced Penetration Testing Course was created as the next level progression after the ECSA to prepare you for the challenges that the LPT (Master) examination presents. This program is designed to demonstrate the advanced concepts of penetration testing, bringing 100% practicality into the training sessions to provide professional skills that demonstrate how professional pen testers will determine the attack surface of targets within a required time frame to gain access to the machines and escalate privileges.
The course is designed to show the advanced concepts of scanning against defenses, pivoting between networks, deploying proxy chains, and using web shells. The last module of the course includes an SOW for each of the various networks we have created for the course. This, combined with the composition of various ranges, mimics a professional penetration test.
Upon completion of the Advanced Penetration Testing program, candidates will challenge the LPT (Master) exam, the world’s first fully online, remotely-proctored LPT practical exam, that offers a challenge like no other by simulating a complex network of a multinational organization in real time. The candidates will also have to demonstrate an advanced understanding of testing modern infrastructures by completing a professional penetration test report to be evaluated by EC-Council experts for completeness and professionalism.
For more information on these courses, visit www.eccouncil.org/