Showing posts with label CEH Certification. Show all posts
Showing posts with label CEH Certification. Show all posts

Wednesday, 13 September 2017

5 Top Cyber Security Certifications To Get Before 2017 Ends

Top 5 IT Security Certifications

The security industry is ready for another strong year, are you? Demand for permanent cyber security roles has increased by more than 50% since Q4 2015, boosted by explosive growth in the Internet of Things (IoT) and the introduction of GDPR in 2018.

Luckily there’s still time for you to build knowledge and get certified this year. Aim to achieve one of these top 5 cyber security certifications to boost your career, skills, and salary.

1. EC-Council - Certified Ethical Hacker (CEH)

In 2016 two-thirds of large UK firms were targeted by cyber criminals and cyber crime costs reached £4.9 trillion. Clearly, it’s now more important than ever to secure your business.

For organisations that don’t invest in cyber security, getting hacked is just a matter of time. However even those that do prepare are sometimes breached using backdoors unknown to their security teams.

Master the same tools and techniques that hackers use to steal data and bankrupt businesses. By learning how to crack your own systems, you’ll be better able to secure your own organisation.

Learn how to think like a cyber criminal; there’s still time to become a Certified Ethical Hacker this year. Get CEH-certified in just 5 days with Firebrand’s award-winning ethical hacking training.

2. EC-Council - CCISO

EC-Council’s CCISO (Chief Information Security Officer) certification is built to recognise the real-world skills experience needed to succeed in high-level security roles.

Firebrand is the exclusive launch partner for the CCISO in England - you’ll get certified in 3 days, that’s 25% faster than traditional training.

3. (ISC)2 - CISSP

Like the CCISO, the CISSP is aimed at the IT security elite and is known as the gold standard cert for managerial and technical security roles. You’ll master the eight CISSP domains and learn how to secure an organisation from the ground up.

To qualify for the CISSP certification you’ll also need five years’ paid work experience in two or more of the CISSP domains. Because of this requirement, the CISSP is squarely aimed at top level information security experts.

Get CISSP certified in only 7 days with Firebrand and sit your CISSP exam during your official course. Firebrand is an authorised (ISC)2 provider and have won the Highest Performing Affiliate of the Year.

4. ISACA - CISM

The CISM (Certified Information Security Manager) proves your ability to develop and manage an enterprise information security programme, with a focus on risk and incident management.

CISM holders earn an average salary of £65,000 (ITJobsWatch) and it’s a great fit for pros aiming for Security Manager roles. There’s still time to get CISM certified this year: certify in just 4 days with Firebrand and sit your ISACA exam during your course.

5. ISACA - CISA

Prove your IT auditing and security knowledge at an international level with the CISA (Certified Information Systems Auditor). Get the knowledge you need to identify vulnerabilities and introduce controls before the new year.

The CISA is ideal for any security professional with auditing responsibilities. Get certified in just 4 days.

EXCLUSIVE: Train CISA, CISM, CGEIT or CRISC with Firebrand and you’ll sit your ISACA exam during your course.

Bonus: How to get Government-funded cyber security training

Upskill your team quickly using accelerated cyber security apprenticeships. Firebrand’s programmes include industry recognised training, like EC-Council’s CEH, and employees of all ages are eligible – not just school leavers.

Programmes align to in-demand IT security job roles, including:

Monday, 1 August 2016

Becoming a Certified Ethical Hacker - 5 things you need to know

Photo Credit - The Preiser Project
‘Ethical hacker’ may sound like a contradiction in terms, but as the saying goes, ‘it takes one to know one’.

Businesses are increasingly realising the value of employing ‘white hat’ (ethical) hackers to employ the same tools and techniques as the nasty ‘black hat’ hackers, to find and close their IT systems’ security vulnerabilities.

If you’re serious about a career as an ethical hacker, gaining a certification is a powerful way to
demonstrate your expertise, and boost your employment prospects.


1) One certification to rule them all 


There is a wide selection of IT security certifications, for all levels of experience, and with various biases towards either the technical or managerial sides. But for ethical hacking the choice is easy, as one certification is regarded as the gold standard: the EC-Council Certified Ethical Hacker (CEH). By way of evidence: on ITJobsWatch, in the past 3 months 258 jobs cited ‘Ethical Hacker’ or ‘Ethical Hacking’, but 343 explicitly cited ‘EC-Council Certified Ethical Hacker (CEH)’.

The latest version of CEH, v9, was introduced at the end of 2015, so make sure this is the one you study. It offers incredibly comprehensive coverage of the latest techniques and methodologies, based upon the expertise of the world-leading experts at the EC-Council (International Council of Electronic Commerce Consultants). To give you an idea of the certification’s scope, you’ll gain exposure to over 2200 hacker tools.

You don’t need decades of previous experience in order to take the CEH certification. The EC-Council suggests two years’ IT security experience, although this is flexible if you have previous IT-related qualifications.

2) Do a course 


There’s often a choice with certifications whether to take a course, or self-study. With CEH, self-study is rather challenging, because it’s difficult to gain sufficient practice and ensure you are not accidently breaking the law!

On an official CEH course, you practice your skills on EC-Council's 140 labs covering a vast range of security vulnerabilities. Ethical hacking, probably more than any other IT skill, requires you to ‘think outside of the box’, so realistic mind-stretching practice environments are essential.

3) Be a child 


Ethical hacking is a creative and exploratory process. Yes, there is a suite of standard tools and techniques with which you need to be comfortable, but a mindset of almost child-like curiosity is essential. You’ll constantly need to find unexpected ways of using existing systems to expose the back doors that everyone else has overlooked.

The CEH course places a strong emphasis on teaching you to ‘think like a hacker’. It’s your job to take the red pill, and actively explore how deep the rabbit hole goes.

4) With great power comes great responsibility 


Perhaps as important as curiosity is a strong sense of responsibility. The CEH teaches you the same techniques that ‘black hat’ hackers use for malicious purposes. Consequently, you’re required to sign a form stating that you won’t misuse your knowledge.

The Computer Misuse Act, which mandates prison sentences for hacking, has no provision for curiosity or good intentions – so only ever attack live systems when you have explicit permission from the owner!

5) It’s big money 


Cyber attacks affected 1 in 4 UK businesses in 2015, costing the economy a staggering £34 billion. The cost of each breach was £1.46 million on average. It’s no surprise, then, that businesses are crying out for skilled staff to combat the problem – and they’re willing to pay.

As you may have gathered, the shortfall in certified ethical hackers is rapidly driving up salaries. The current median salary is a very respectable £57,500, having risen from £50,000 two years ago.

Monday, 22 February 2016

5 tips to help you prepare for CEH exam success

 By Sarah Morgan


IT security breaches have regularly made news headlines over the past 12 to 18 months. These hacks can be extremely costly. TalkTalk’s security breach at the end of 2015 for example, is estimated to have cost them £35m, as well as the potential damage to their reputation. Businesses are now making their IT security a top priority to ensure they are protected from hackers. This means the demand for IT security professionals has soared and Ethical Hackers are among the most highly sought after.

The role of Ethical Hacker is one of the most exciting in IT currently with an average salary of £72,500 (according to itjobswatch.co.uk). Ethical Hackers are at the forefront of IT security and the top of their field. They work directly to stop malicious hackers, using many of the same techniques. But crucially, once they’ve spotted a gap in security, they close it to protect the business.

The biggest and most trusted certification for Ethical Hackers is EC-Council’s Certified Ethical hacker certification. As the title suggests, it proves you have the skills of an Ethical Hacker. In order to pass the CEH exam, you’ll need to prove skills in areas like malware threats, session hijacking, SQL infection and cryptography. This shows you can identify gaps in a business’s security and ensure they cannot be exploited.

To help you get your CEH certification and prove you have all the ethical hacking skills required, we’ve compiled 5 of the most useful tips to help you prepare for the tough CEH exam.


1. Get familiar with the exam


It’s important to get familiar with the exam before attempting it. EC-Council’s CEH website can help you do this. It has CEH FAQs, a breakdown of the exam format and duration, plus an extensive background of the CEH certification and regulations. I’d also recommend using the website for reference during your studies, or if you have any queries about the exam. If you still want more information, take a look at our previous post on CEH v9 FAQs.

Due to the sensitivity of the knowledge the CEH is teaching you, probably the most crucial part of the website to take note of is the eligibility criteria. There is a concise summary in the CEH FAQs, but you can find a full explanation of the criteria here. Be aware that if you don’t already meet the training requirements, you’ll have to complete an application form to ensure you’re eligible to sit the CEH exam.


Image courtesy of EC-Council

And as a very basic tip, but a point definitely worth mentioning, make sure you know which version of CEH you’re studying for. EC-Council recently updated the CEH curriculum to version 9. The Version 8 curriculum and exam are however, still around. 

Make sure you know which exam you’re sitting and don't mix up the curriculum you need to study. I’d recommend sitting Version 9 if you can. This has the most up to date content, featuring new attack vectors, a greater focus on cloud computing, mobile and Windows 10 as well as new tools and the latest techniques to use.


2. Use a study guide


EC-Council offer a series of study guides for their CEH exam. These are on five different topics within ethical hacking, which includes “Attack Phases”, “Linux, Macintosh & Mobile Systems”, “Secure Network Infrastructures”, “Threats & Defense Mechanisms” and “Web Applications & Data Servers”. As they’re official from EC-Council, you know you can trust the information. Each book covers its topic thoroughly, giving you plenty of knowledge to tackle it in the exam. 

The aim of splitting EC-Council’s study guides into five is to allow you to take a more in-depth look at each section. From this, you can build your understanding of how a hacker works in each area and how to build countermeasures specific to each area. Take a look at these books here


A concise alternative is the CEHv9: Certified Ethical Hacker Version 9 Study Guide. It follows the digestible, but very informative style that readers found useful in the version 8 study guide, for the new curriculum. Written by IT security expert Sean-Philip Oriyano, it goes into depth on each exam topic, with clear division of each topic making it easy to follow.

Some of its useful components, are the review questions and exam essentials at the end of each chapter. The questions solidify your reading by making you think it through properly, and the exam essentials point out what you’ll need to know for CEH exam success.

You can find it here on AmazonISBN - 978-1119252245


3. Take an official CEH course


Sitting an official CEH course will put you in the best possible position for the exam, following a method proven to help people gain as much knowledge and skills as possible. If you choose an official classroom based CEH course, you’ll benefit from a qualified expert instructor. You’ll have access to the instructor’s expert knowledge when you have questions. Whilst you're also with other students who’ll be in the same situation, asking similar questions and boosting your motivation.

Official courses  give you access to official curriculum,practice materials and an instructor authorised by EC-Council to deliver the training. This means you’ll be studying exactly what EC-Council intends you to, giving you the highest quality teaching and the best possible chance to pass. An official course is also the best way for you to get hands-on and reinforce crucial exam knowledge. You’ll get real-world ethical hacking experience applicable to the role. 

Ethical Hacking requires you to follow a code of conduct, making it impossible to do this in a safe environment in your own time.

4. Test yourself with practice questions

The best way to assess your readiness for the CEH exam is to try a practice test. You’ll get immediate feedback and it’ll help you make the connection between your studies and the end goal of gaining knowledge and skills and passing the exam, relating your knowledge to specially designed questions.

Skillset offer CEH practice tests in 52 different skill areas. From Cryptanalytic Attacks to Computer Viruses to Session Hijacking, this incredible detail means you can study CEH comprehensively. Also, each topic has a series of more advanced levels allowing you to test the depth of your knowledge for each topic area.

There is also a practice test on the EC-Council website. As it comes straight from the creators of the CEH exam you know the questions will be useful and could be a basis from which to build your revision, and assess your readiness for the CEH exam. I wouldn’t use this resource too early in your studies, but as a check to see whether your knowledge is well-rounded enough for the exam.

MeasureUp have an ethical hacker practice lab that allows you to work on your skills in areas like footprintting and reconnaissance, scanning networks, sniffers and device enumeration. Lasting 20 hours, the lab contains plenty of material that will help prepare you for the real-world as well as the exam. You can access this here

5. Get involved in a forum

Using a forum is a great way to connect with many like-minded people who are currently studying for the same certification or who have sat it in the past. You’ll learn from their queries and experiences helping you get ideas for your own studies. However, bear in mind that not everyone is an expert.

TechExams has one of the largest CEH forums, with people that have passed and those who have found barriers and difficulties whilst studying. Here, you’ll be able to find help and information regarding what skill areas you should concentrate on to gain the most from the certification. Not only will this help you pass the exam, it’ll help you focus on the most useful topic areas to help you on the job in the future.


The key to passing any exam is investing time and hard work into your preparation. For your Certified Ethical Hacker exam, and certification as a whole, investing your time and efforts into these five tips will give you the best possible chance of achieving your EC-Council Certified Ethical Hacker certification. Proving your skills as a very capable ethical hacker. 

Best of luck in your studies.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 30 November 2015

Cyber security red alert on Cyber Monday


Cyber Monday creates an ideal opportunity for malicious hackers to attack your business systems. As company servers are hammered by millions of genuine requests from eager buyers, the opportunity for a hacker to breach your system undetected increases. The consequences of which can be severe, considering the financial and public image implications a single breach can create. 

The current strain being exerted on IT infrastructure is strikingly similar to a common hacking technique. The tactic involves a single hacker targeting a network, followed by hundreds of hackers joining the attack to create a diversion. The noise created by the hundreds of additional hacker presents a smoke screen, enabling the initial hacker to breach the system. 

Attacks like these can collapse your infrastructure, forcing websites and whole servers offline. They are becoming all too common as cyber criminal look to cash in on the details stolen. 


Protecting your assets on Cyber Monday 


Today, on Cyber Monday, you should remain vigilant, especially if you're an online retailer. Loyal customers are currently creating the diversionary tactic which could allow a hacker to breach your system. If your attention is being distracted by sales, you should start focusing on security. 

A single breach could expose your data to criminals, or take your website offline for hours. Not only will you miss out on the valuable revenue created by these marketing ploys, the financial ramifications of a breach could collapse your business. Take TalkTalk for example, November’s breach of the telecoms giant is estimated to cost the organisation in the region of £30-35 million. 

Take the following steps to protect your assets on this busy day: 
  • Ensure you follow routine daily security checks – do not let your IT team be distracted by sales
  • Segment systems on separate protected networks – this tactic ensures that if one system or network is breached, an attacker won’t then have free roam to take down multiple systems simultaneously 
  • Increase monitoring of endpoint devices – pay regular and close attention to public facing systems to ensure any suspicious activity doesn’t go undetected. Now is the time to be paranoid, it’s the ideal time for an attack 

Future planning 


Whilst Cyber Monday is high risk, it’s important to prepare for the long term. A cyber-attack can happen at any time, it’s vital you and your team have the security skills implement a long term strategy. 

Investing in training employees is critical. Certification courses like the Certified Ethical Hacker and CISSP will develop the technical and strategic skills required to protect your company assets. You can learn to attack your own systems to identify weaknesses or devise a comprehensive and water tight security system. Stay vigilant.

Thursday, 5 November 2015

The 5 hottest IT jobs and how to get them with Free Training For Life

 By Sarah Morgan

Firebrand’s Free Training For Life competition offers you the chance to win accelerated training completely free, for the rest of your life. There are no restrictions. This means you can choose from Firebrand’s portfolio of 200+ accelerated courses, which includes names like Microsoft, Cisco, CompTIA and (ISC)2.

Winning Free Training For Life has the potential to help you get your dream job, so we’ve mapped out the five hottest jobs right now and selected the certifications you need to secure them.


1. Chief Information Security Officer (CISO)


Security is one of the hottest topics out there at the moment, partly due to the staggering amount of high-profile cyber-attacks that have cost names like, EBay, Sony and most recently TalkTalk, millions. Chief Information Security Officer is one of the top jobs in the field. The average advertised salary is £110,000 according to itjobswatch.co.uk and they are now in high demand. CISOs are responsible for developing and implementing security policies and the company’s security architecture.

To get on the path to becoming a Chief Information Security Officer, you could start with the CompTIA A+ or Network+. The A+ and Network+ will teach you the fundamentals in PC hardware, security and networking that will be highly useful in the future.

(ISC)2’s SSCP is also a great value certification that you can do after a year’s IT security experience. This will begin to teach you advanced skills like cryptography, risk, response and recovery, and dealing with malicious code. This will put you in a great position to become a CISO in the future.

3-5 years into your career, ISACA’s CISA would be perfect to give you IS audit and control skills to ensure the business’s security procedures can protect its information assets. You could follow up with the CISM to get skills like risk and incident management and program development. This will help you move into information security management, and eventually the CISO role.

Many see (ISC)2’s CISSP as the best IT security certification you can aim for, and it will certainly help you get into a CISO role. The CISSP will help you master both the management and technical aspects of the field, giving you security engineering, communication and network security skills. There are also extensions to the CISSP that offer in-depth skills if you have a specific need for them. The CISSP-ISSAP includes further detail in areas like access control systems and security architecture analysis. Also, the CISSP-ISSEP can teach you further skills in technical management and risk management. These can help you master your CISO role.





2. Cloud Infrastructure Architect


The cloud technology market is growing rapidly. Because of this, demand for IT professionals with cloud skills has never been higher. Cloud Infrastructure Architect is one of the most sought after positions. The role involves migrating and integrating applications to the cloud, and managing cloud servers. The average advertised salary according to itjobswatch.co.uk is £70,000.

Typically, a business will use one established cloud provider which could restrict the training you’ll need. The restriction-less Free Training For Life however, would give you access to the wide range of cloud certifications, like the following, that teach you the skills to become a Cloud Infrastructure Architect.

The Microsoft Specialist: Implementing Microsoft Azure Infrastructure Solutions certification would give you the skills to migrate existing on-premises infrastructure to Azure. You’d also learn to manage the systems in the future.

The Microsoft MCSA: Windows Server 2012 R2 certification will give you the skills to manage and deploy Windows Server 2012 and components like active directory domain services and AD FS. It also offers cloud skills that will help you become a Cloud Infrastructure Architect. This is because the system includes cloud technology and is so widely used.

The Microsoft MCSE: Private Cloud will teach you how to build your Microsoft private cloud, very useful in a Cloud Infrastructure Architect role. It covers skills like deploying private cloud services, problem management, optimising a cloud infrastructure and configuring a self-service and multi-tenant private cloud.

Another option is VMware’s vSphere [V6] certification which includes elements of cloud technology. This will teach you skills in virtual machine management, configuring and managing virtual storage and networks, and installing and maintaining vSphere.


3. Certified Ethical Hacker


Certified Ethical Hackers are those who are able to counteract and prevent the threat that malicious hackers pose to businesses. The increasing danger that these malicious hackers are posing, is making the demand for Certified Ethical Hackers soar. According to itjobswatch.co.uk the average advertised salary for an ethical hacker is £55,000.

To begin on the path to a Certified Ethical Hacker role, you need systems and networking foundations. The Microsoft MTA Networking, Security & Windows Server Administration, CompTIA A+ or Network+ would all be great certifications to get those skills. The MTA does not cover the same hardware topics as the A+ or Network+, but does offer more content about server administration and will lean towards Microsoft technology.

Following on, the Security+ can give you more detailed security skills, covering topics like compliance and operational security, access control and identity management, and cryptography. Similarly, Cisco’s CCNA will boost your skills in the networking area. This will teach you skills in areas like LAN switching technologies, IP addressing and routing technologies, and network device security.

After two years’ IT experience, you should be ready to sit your Certified Ethical Hacker course. This will give you the knowledge to fill an ethical hacking role. You’ll learn advanced skills in areas like Trojans and backdoors, viruses and worms, session hijacking and SQL interjection. These are necessary and vital skills in the arsenal of an ethical hacker, so you can comprehensively check the security of a business and cover gaps that could be maliciously exploited.

The Computer Hacking Forensics Investigator is a further certification that can boost your skills in the forensics process, improving your skills in responding to an attack. This could really make you stand out in the ethical hacking field.


4. Web Developer


Every modern business needs a website, meaning web developers with skills to create and maintain them, are in high demand. According to itjobswatch.co.uk, the average salary for a Web Developer is £37,500.

To give yourself the fundamental web development skills, an MTA in Software Development Fundamentals or HTML5 App Development Fundamentals would be suitable. You’ll learn core programming and general software development skills that’ll be useful in any web development role.

To get the high level skills you need to become a web developer, you could sit the Microsoft MCSD: Web Applications. This will teach you how to create and deploy modern web applications, whilst giving you an introduction to coding languages like HTML5, CSS3 and JavaScript. It also teaches you basic programming skills like program logic, developing user interfaces and storing data.



5. Project Manager


Free Training For Life has the potential to take your career into project management. The skills in this field are versatile and useful in many areas of business. According to itjobswatch.co.uk, Project Managers have an average salary of £52,500.

You should begin with the PRINCE2 Foundation and Practitioner. It provides a framework for managing projects that is the most popular of its kind in UK. It teaches you how to structure and manage your projects, including planning and organisation techniques. It also covers potential changes and risks to your projects.

Once you meet the prerequisites, you can progress onto PMI’s PMP. This covers more detailed planning and tight regulation of your projects, helping you improve the success rate of your projects. You’ll learn to regulate budgets, communications, quality management and more.

Learning to apply the agile methodology will also help you become a more successful project manager. The PRINCE2 Agile will teach you to combine PRINCE2 and agile in your projects. You’ll learn agile fundamentals and how to tailor the management process around those fundamentals. This will help you react more effectively to unpredictable changes. 



Free Training For Life has no restrictions, meaning you can take your career in any direction you choose. For the rest of your life, stay at the cutting edge in your career by gaining high-quality skills and certifications that can open doors to places you’ve never considered.

You can sit courses from vendors such as (ISC)2, APMG, AXELOS, CISCO, CompTIA, EC-Council, ISACA, Linux, Microsoft, The Open Group and many more. Free Training For Life lets you dream big and accelerate your career with any course you choose. 

You can enter Free Training For Life here and see Firebrand’s full portfolio of accelerated courses here.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 16 October 2015

Top 5 FAQs about CEH v 9

 By Sarah Morgan

EC-Council recently launched version 9 of their flagship Certified Ethical Hacker certification. This course contains the latest content in the field of ethical hacking and IT security. It will continue to develop the skills of IT professionals to protect businesses, reacting to and preventing cyber-attacks. But what’s different? What do you need to know about it? Here are the top 5 FAQs to explain all you need to know about CEH v9.

Q: How has the CEH v9 curriculum changed?

A: Largely, the structure of the course has remained the same. There are now 18 modules rather than 20. The two modules “Trojans and Backdoors”, and “Viruses and Worms” have been condensed into one module known as “Malware Threats”. Also, the modules “Buffer Overflows” and “Penetration Testing” have been removed. However, the majority of the content has been relocated to other areas of the course including the “System Hacking” and “Hacking Mobile Devices” modules.

There has also been changes to some of the content itself. Most notably, the inclusion of a Cloud Computing module. It applies general areas of security like service hijacking and penetration testing and covers cloud specific security and tools like CloudPassage Halo. This is a great addition as it reflects the current trend, with cloud technology now crucial to many businesses.

Q: Can I apply CEH v9 content to my business and my role? 

A: The skills you’ll learn will be the very latest available. The principle of the CEH course is to improve your skills and abilities in a practical environment and will prove its value most, in real-world situations in your workplace. However, it’s almost impossible to stay in front of hackers or predict what they’ll do next. But, you’ll have the most current skills in the industry, which’ll be invaluable when facing new types of cyber-attacks. 

If you’re not yet an ethical hacker, but looking to make the step forward in your career, having these up-to-date skills, and the certification to demonstrate it, will put you in the best possible position to boost your career.


Image courtesy of EC-Council


Q: Isn’t this knowledge harmful? Why make it so readily available?

A: EC-Council ensure that social responsibilities are fulfilled before they allow someone onto any CEH course. All candidates must have a minimum of two years IT security related experience before they can sit a CEH course. Plus, all candidates are required to sign an ethics agreement, which states they will respect the knowledge they learn and not misuse it in any way. Every CEH candidate must also agree that they will only use what they have learned for lawful actions. These processes and requirements make the course and the knowledge within, as safe as possible.

Q: I have CEH v 8, do I need to update it for it to be relevant? 

A: CEH v 8 is currently still available for you to sit but this won’t be the case for too much longer. If you already have version 8 or even version 7, your skills and knowledge will still be relevant and your experience is of course vital in helping you stay current.

In such an ever-changing industry though, it doesn’t take long for your skills to become out-dated. CEH v 9, with its additions of new attack vectors and addressing new vulnerabilities will be perfect when you want to update your skills. I would recommend getting your skills updated as and when you can, to ensure your skills don’t become out-dated. 

Q: Am I the right candidate to sit CEH v 9?

A: CEH v 9 has prerequisites much like previous versions. To meet these prerequisites you must have at least two years IT experience with a strong working knowledge of TCP/IP, Windows Server (NT, 2000, 2003, 2008, 2012) and a basic familiarity with Linux and/or Unix. 

If you’re looking to become an ethical hacker, it’s a great job choice for the future and the new CEH will stand you in good stead. Businesses of all sizes, are realising the value ethical hackers bring to a business. This is leading to the current trend of businesses recruiting more and more ethical hackers. CEH v 9 is the most current edition of the popular certification, covering more attack vectors than ever and updated for the most modern technologies. If you want the latest in ethical hacking knowledge and skills, CEH v 9 will provide exactly that.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 29 September 2015

Why now is the time to become a Certified Ethical Hacker

 By Sarah Morgan

Cyber criminals are using increasingly more advanced technologies to breach the security of high-profile businesses. The list of companies and institutions hacked now include Ebay, Sony, Target, AOL, the NHS and even the US Military. Even after such massive security scandals, some dating back almost 10 years, companies are only now realising how crucial IT security is to their success. 

Because of this, now more than ever, businesses want professionals who can demonstrate skills in ethical hacking. Read on to discover the reasons why there has never been a better time to become a Certified Ethical Hacker.

Large scale investment


According to Microsoft’s Digital Crimes Unit, 1 in 5 businesses have been the subject of a cyber-attack. This means it’s a matter of when, not if, more high-profile security breaches will happen. As a result companies are recruiting and training Certified Ethical Hackers to make sure it isn’t them. Because of this, demand for Certified Ethical Hackers continues to climb, almost indefinitely.

In addition, BT has recently launched an ethical hacking service for customers in financial services. This service is designed to help organisations in retail and investment banking to protect their business from security breaches and cyber-attacks. If other big businesses follow suit and begin to offer full-scale services like BT’s, the demand for Certified Ethical Hackers will increase significantly. 

With 1000s of jobs currently advertised, and the future growth potential, this is just one of the reasons why there has never been a better time for you to attain EC-Council' Certified Ethical Hacking credential.


Investment from small and medium businesses


It's not just global organisations investing in ethical hacking to ensure their names aren’t headline news for the wrong reasons. Small and medium businesses are increasingly realising the need to increase investment in IT security to future proof their business.

In recent interview with the BBC, Steven Harrison, Lead Technologist at IT services firm Exponential-e, states there can often be a knowledge gap between small business and industry giants. To bridge this gap, small businesses are increasingly investing in developing the skills of ethical hackers to tighten up their security. The goal is to prepare themselves as they expand into the cloud, social media and other advancing technologies. 

If you work for a small or medium business, now is a fantastic time to encourage your boss to invest in training you as a Certified Ethical Hacker.


Removing the stigma


When the title of “ethical hacker” was first mentioned, some businesses were cautious of employing those with the skills to hack their systems. For obvious reasons, businesses were reluctant to hand over the keys to their company’s security. They were fearful of disgruntled employees who knew every detail of their security systems and how to access their most sensitive data.

However, ethical hackers have proven time and again their value by protecting businesses from cyber-attacks that have devastating potential. Companies are also more aware of the rigorous background checks for criminal records and codes of conducts that all ethical hackers must pass and sign.

This is good news, as the types of attacks that are threatening businesses are becoming increasingly more common and complex. The best way to counter this threat is to employ a Certified Ethical Hacker to discover and patch weaknesses in security. 

The realisation of the worth of ethical hackers means more businesses are looking to employ and train Certified Ethical Hackers for protection. They are much more willing to open their doors to you.


Image courtesy of chanipipat at FreeDigitalPhotos.net




EC-Council Certified Ethical Hacker v.9.0


EC-Council recently released the new and updated version of the Certified Ethical Hacker certification. Because the CEH certification is the pinnacle in the field of ethical hacking, when the course is updated, it provides the latest knowledge and skills available. Version 9 is no different and has added new vulnerabilities and attack vectors. 

Now is the perfect time to bring your skills up to date and set yourself apart from other professionals.


Boost your security skills


The demand for Certified Ethical Hackers is only set to increase in businesses of all sizes. As technology continues to advance, so will the threats to the businesses using it. These businesses will need to protect themselves, one of the best ways to do that is through Certified Ethical Hackers.

So, insummery here is why there has never been a better time for you to become a Certified Ethical Hacker:

1. Big business are investing heavily in recruitment and training of Certified Ethical Hackers. The emergence of ethical hacking as a service ins only going to create yet more jobs.

2. Small and medium businesses are investing more in developing ethical hacking hacking skills, meaning you have more chance of improving your knowledge and skills.

3. Reduced stigma and a greater appreciation of the value of ethical hackers means more and more companies are opening their doors to Certified Ethical Hackers.

4. The release of CEH v9 means you can bring your skills up to date and be at the forefront of ethical hacking.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 


Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.



Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:


  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security


Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:


  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance




Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to itjobswatch.com, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 3 June 2015

The 5 best CEH certification books 2015


By Sarah Morgan


Cyber-attacks are now ranked amongst the top 10 global threats to your business, a survey from Aon Solutions revealed this week. It’s no surprise – security breaches can cripple your business infrastructure, leak private customer data and destroy your organisation’s reputation.

The IT security field is expected to grow 37% by 2022 and many security professionals are now taking the offensive and building their white hat hacking skills with EC-Council’s CEH certification.

The CEH v8 certification is an advanced certification, and to conquer it you’ll need to prove your expert white hat hacking knowledge. To help you do just that, here are our 5 best CEH certification books for 2015…


CEH: Certified Ethical Hacker Version 8 Study Guide – 14 Oct 2014
ISBN-13: 978-1118647677

Sybex’s Certified Ethical Hacker Version 8 Study Guide is perhaps the most popular preparation tool for the CEH certification.

The guide boasts a concise, easy-to-follow approach to the certification that covers all exam objectives with examples and hands-on exercises.

You’ll study everything you need to pass the CEH exam – including cryptography, footprinting, trojans and covert channels. Also included is a companion website, stuffed with study tools like practice exams, chapter review questions and electronic flashcards.

The guide is useable in both classroom and self-study scenarios. Plus, an average user score of 4.2/5 stars across Amazon (28 reviews) ranks this as one of the most sought-after books on our list.

Available in:


CEH Certified Ethical Hacker Bundle, Second Edition (All-In-One) – 1 Oct 2014
ISBN-13: 978-0071835572

A popular CEH revision guide from Matt Walker - a man with so many certifications after his name he makes the alphabet feel insecure.
Billed as a money-saving self-study bundle, this comprehensive package includes massive amounts of content:

  • CEH Certified Ethical Hacker All-in-One Exam Guide, Second Edition
  • CEH Certified Ethical Hacker Practice Exams, Second Edition
  • CEH Quick Review Guide

The All-in-One exam guide is your primary asset for CEH certification success. Inside, you’ll find complete coverage of all CEH exam objectives and topics.

Reviewers cite a desire for a greater focus on policy questions. Despite this it retains an impressive 4.1/5 star review average on Amazon (14 reviews)

Available in:


Certified Ethical Hacker (CEH) Cert Guide15 Dec 2013
ISBN-13: 978-0789751270

Authored by certification expert Michael Gregg and published by Pearson IT certification, this chunky 640 page CEH certification guide is certainly comprehensive.

As well as a companion to the CEH certification’s v8 topics, you’ll also focus on building your own study guide, complete with test preparation routines and review questions. A CD featuring two complete practice exams is also bundled with this certification guide.

Finally, you’ll get preparation hints and exam tips from leading security consultant, Michael Gregg.

Available in:


The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy – 1 Aug 2013
ISBN-13: 978-0124116443

Though not a CEH certification guide, this introductory book provides any aspiring ethical hacker with a solid foundation of ethical hacking knowledge – crucial for passing the CEH exam.

You’ll study the same hacking tools commonly found within the CEH certification, and learn how to use them to conduct real life penetration tests.

This book begins with the basics and guides you towards more advanced subjects such as post exploitation and access maintenance. This is an ideal book for anyone with an interest in penetration testing - especially useful for those starting down the path to their CEH certification.

Available in:


Official CEH CoursewareEC-Council

As well as study guides, you also have the option to simply purchase EC-Council’s official CEH courseware. This is everything you’ll need to pass your CEH exam - included in the official bundle is:

  • Three official EC-Council CEH books (lab manual and two courseware manuals with slides)
  • 6 DVDs

The labs showcased in the courseware are tested against the latest operating systems with all up-to-date patches and hot-fixes applied.

Plus, the 6 DVDs contain over 20GBs of guides on how to use the latest hacking and security tools alongside more than 1,000 minutes of videos demonstrating hacking techniques.

Purchase the official CEH courseware from EC-Council store.


Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 6 March 2015

Frequently Asked Questions about EC-Council’s CEH certification


By Sarah Morgan


With the recent spate of high profile hacks targeting the biggest and wealthiest, you might not be surprised to learn that EC-Council’s Certified Ethical Hacker cert is experiencing a boost in popularity.

As malicious hacking and cybertheft become increasingly prevalent in our lives, the CEH will continue to gain in importance. A lack of information security knowledge and investment is often to blame for data and system breaches – it’s clear that organisations need professionals with advanced security skills.

In response to this growing need, more and more professionals are looking to the CEH as a way of gaining new security skills and securing a rewarding career as an Ethical Hacker.

There’s a lot to learn about this popular cert - let’s take a look at the most frequently asked questions about EC-Council’s CEH certification.


Q. What actually is an Ethical Hacker?

A. Ethical hackers attempt to penetrate a computer system or network with the aim of finding security vulnerabilities that could otherwise remain undetected. However, unlike malicious hackers, ethical hackers are given permission to undertake these controlled attacks.

Without these harmless penetration tests, security holes could remain unseen, leaving the organisation in a position that a malicious hacker could exploit.

pat138241 / FreeDigitalPhotos.net


Become an Ethical Hacker and you’ll learn to use the same techniques and tools as a cybercriminal. However, instead of exploiting these vulnerabilities, as an Ethical Hacker you’ll document security holes and provide actionable advice on how they can be fixed.


Q. How much does an ethical hacker earn?

Ethical hackers earn an average advertised salary of £55,000 according to data from ITJobsWatch.


Q. Why should I get the CEH cert?

A. The CEH is a brilliant introduction into the world of Ethical Hacking. You’ll finish your certification with an in demand set of skills covering Intrusion Detection, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Plus, if you need to break into the field of ethical hacking or penetration testing, the CEH will put you ahead of other uncertified job applicants (assuming you similar experience).

It’s a benchmark certification for ethical hackers - “CEH is the original standard,” says Albert Whale, president and chief security officer at IT Security, Inc.


Q. Is the CEH necessary to get a job in Ethical Hacking?

A. The CEH is the most well-known certification in Ethical Hacking, but it’s not an absolute requirement. At their most basic, certifications are simply a supplement to real-world experience - without this you will only get so far.

This certification will help you break into the Ethical Hacking profession, but you’re not guaranteed a career. You’ll get great skills and a renowned certification, but you’ll still need experience to back it all up.


Q. What prerequisites do I need to take an EC-Council course?

A. This cert sits in the sweet spot between entry level qualifications like CompTIA’s Security+ and advanced certs like the CISSP.

Before attending a CEH training course you should ideally possess at least two years IT experience, a good knowledge of TCP/IP, Windows Server and a basic familiarity with Linux and/or Unix.


Q. Will I be taught by a real hacker?

A. At EC-Council’s accredited training centres you’ll be trained by experienced security professionals. You won’t be taught by a 17-year-old reformed hacker – EC-Council adheres to a strict code of ethics and employs experienced instructors with a clean reputation.


Q. Isn’t it irresponsible to teach people how to hack?

A. The more we know about how the ‘bad guys’ operate, the more secure our systems, data and networks will be. Whilst the knowledge you’ll gain on a CEH course has the potential to be misused, many would argue this far outweighs the benefits of teaching thousands of IT professionals how to better protect their businesses.

To help highlight responsibility, EC-Council requires all of their students to sign an agreement, agreeing to respect the knowledge and not misuse it. You’ll also be required to agree to abide by all legal laws of the land in the use of your new knowledge and skills.


Q. How is the exam structured?

A. To achieve your CEH v8 certification you’ll need to pass exam 315-50 at a Prometric or Pearson VUE test centre. This exam is a 125 question, multiple choice paper covering the 19 CEH domains. To gain your CEH cert, you’ll need to score at least 70%.

Take a look at EC-Council’s site for more information on your CEH exam.


Q. What is the current version of the CEH certification?

A. Released in 2013, CEH v8 is the current version of the certification and introduced new modules in Social engineering and IPv6. CEH v7 retired on October 31st 2013 – you will no longer be able to take this exam.


Q. Do I have to recertify my CEH?

A. As of January 1st 2009, all EC-Council certifications will be valid for three years. However, to maintain your certification you will be required to achieve 120 credits (per certification) during the three years after you certify.

These credits can be gained in the following ways:

  • Attending conferences
  • Writing research papers
  • Reading material on realated subjects
  • Attending webinars

Qualifying activities must have been completed during the three year window after you achieve your certification.

More information on EC-Council’s recertification policy can be found here.


Q. What is EC-Council Aspen?

A. Aspen is a gateway to portals, products and services provided by EC-Council for its registered members.

As a member you’ll be able to place orders on products and courseware, view your certification(s) continuing education scheme and maintain your certs with EC-Council.

Access Aspen here.

Related Articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.