Showing posts with label CEH Certification. Show all posts
Showing posts with label CEH Certification. Show all posts

Monday, 1 August 2016

Becoming a Certified Ethical Hacker - 5 things you need to know

Photo Credit - The Preiser Project
‘Ethical hacker’ may sound like a contradiction in terms, but as the saying goes, ‘it takes one to know one’.

Businesses are increasingly realising the value of employing ‘white hat’ (ethical) hackers to employ the same tools and techniques as the nasty ‘black hat’ hackers, to find and close their IT systems’ security vulnerabilities.

If you’re serious about a career as an ethical hacker, gaining a certification is a powerful way to
demonstrate your expertise, and boost your employment prospects.


1) One certification to rule them all 


There is a wide selection of IT security certifications, for all levels of experience, and with various biases towards either the technical or managerial sides. But for ethical hacking the choice is easy, as one certification is regarded as the gold standard: the EC-Council Certified Ethical Hacker (CEH). By way of evidence: on ITJobsWatch, in the past 3 months 258 jobs cited ‘Ethical Hacker’ or ‘Ethical Hacking’, but 343 explicitly cited ‘EC-Council Certified Ethical Hacker (CEH)’.

The latest version of CEH, v9, was introduced at the end of 2015, so make sure this is the one you study. It offers incredibly comprehensive coverage of the latest techniques and methodologies, based upon the expertise of the world-leading experts at the EC-Council (International Council of Electronic Commerce Consultants). To give you an idea of the certification’s scope, you’ll gain exposure to over 2200 hacker tools.

You don’t need decades of previous experience in order to take the CEH certification. The EC-Council suggests two years’ IT security experience, although this is flexible if you have previous IT-related qualifications.

2) Do a course 


There’s often a choice with certifications whether to take a course, or self-study. With CEH, self-study is rather challenging, because it’s difficult to gain sufficient practice and ensure you are not accidently breaking the law!

On an official CEH course, you practice your skills on EC-Council's 140 labs covering a vast range of security vulnerabilities. Ethical hacking, probably more than any other IT skill, requires you to ‘think outside of the box’, so realistic mind-stretching practice environments are essential.

3) Be a child 


Ethical hacking is a creative and exploratory process. Yes, there is a suite of standard tools and techniques with which you need to be comfortable, but a mindset of almost child-like curiosity is essential. You’ll constantly need to find unexpected ways of using existing systems to expose the back doors that everyone else has overlooked.

The CEH course places a strong emphasis on teaching you to ‘think like a hacker’. It’s your job to take the red pill, and actively explore how deep the rabbit hole goes.

4) With great power comes great responsibility 


Perhaps as important as curiosity is a strong sense of responsibility. The CEH teaches you the same techniques that ‘black hat’ hackers use for malicious purposes. Consequently, you’re required to sign a form stating that you won’t misuse your knowledge.

The Computer Misuse Act, which mandates prison sentences for hacking, has no provision for curiosity or good intentions – so only ever attack live systems when you have explicit permission from the owner!

5) It’s big money 


Cyber attacks affected 1 in 4 UK businesses in 2015, costing the economy a staggering £34 billion. The cost of each breach was £1.46 million on average. It’s no surprise, then, that businesses are crying out for skilled staff to combat the problem – and they’re willing to pay.

As you may have gathered, the shortfall in certified ethical hackers is rapidly driving up salaries. The current median salary is a very respectable £57,500, having risen from £50,000 two years ago.

Monday, 22 February 2016

5 tips to help you prepare for CEH exam success

 By Sarah Morgan


IT security breaches have regularly made news headlines over the past 12 to 18 months. These hacks can be extremely costly. TalkTalk’s security breach at the end of 2015 for example, is estimated to have cost them £35m, as well as the potential damage to their reputation. Businesses are now making their IT security a top priority to ensure they are protected from hackers. This means the demand for IT security professionals has soared and Ethical Hackers are among the most highly sought after.

The role of Ethical Hacker is one of the most exciting in IT currently with an average salary of £72,500 (according to itjobswatch.co.uk). Ethical Hackers are at the forefront of IT security and the top of their field. They work directly to stop malicious hackers, using many of the same techniques. But crucially, once they’ve spotted a gap in security, they close it to protect the business.

The biggest and most trusted certification for Ethical Hackers is EC-Council’s Certified Ethical hacker certification. As the title suggests, it proves you have the skills of an Ethical Hacker. In order to pass the CEH exam, you’ll need to prove skills in areas like malware threats, session hijacking, SQL infection and cryptography. This shows you can identify gaps in a business’s security and ensure they cannot be exploited.

To help you get your CEH certification and prove you have all the ethical hacking skills required, we’ve compiled 5 of the most useful tips to help you prepare for the tough CEH exam.


1. Get familiar with the exam


It’s important to get familiar with the exam before attempting it. EC-Council’s CEH website can help you do this. It has CEH FAQs, a breakdown of the exam format and duration, plus an extensive background of the CEH certification and regulations. I’d also recommend using the website for reference during your studies, or if you have any queries about the exam. If you still want more information, take a look at our previous post on CEH v9 FAQs.

Due to the sensitivity of the knowledge the CEH is teaching you, probably the most crucial part of the website to take note of is the eligibility criteria. There is a concise summary in the CEH FAQs, but you can find a full explanation of the criteria here. Be aware that if you don’t already meet the training requirements, you’ll have to complete an application form to ensure you’re eligible to sit the CEH exam.


Image courtesy of EC-Council

And as a very basic tip, but a point definitely worth mentioning, make sure you know which version of CEH you’re studying for. EC-Council recently updated the CEH curriculum to version 9. The Version 8 curriculum and exam are however, still around. 

Make sure you know which exam you’re sitting and don't mix up the curriculum you need to study. I’d recommend sitting Version 9 if you can. This has the most up to date content, featuring new attack vectors, a greater focus on cloud computing, mobile and Windows 10 as well as new tools and the latest techniques to use.


2. Use a study guide


EC-Council offer a series of study guides for their CEH exam. These are on five different topics within ethical hacking, which includes “Attack Phases”, “Linux, Macintosh & Mobile Systems”, “Secure Network Infrastructures”, “Threats & Defense Mechanisms” and “Web Applications & Data Servers”. As they’re official from EC-Council, you know you can trust the information. Each book covers its topic thoroughly, giving you plenty of knowledge to tackle it in the exam. 

The aim of splitting EC-Council’s study guides into five is to allow you to take a more in-depth look at each section. From this, you can build your understanding of how a hacker works in each area and how to build countermeasures specific to each area. Take a look at these books here


A concise alternative is the CEHv9: Certified Ethical Hacker Version 9 Study Guide. It follows the digestible, but very informative style that readers found useful in the version 8 study guide, for the new curriculum. Written by IT security expert Sean-Philip Oriyano, it goes into depth on each exam topic, with clear division of each topic making it easy to follow.

Some of its useful components, are the review questions and exam essentials at the end of each chapter. The questions solidify your reading by making you think it through properly, and the exam essentials point out what you’ll need to know for CEH exam success.

You can find it here on AmazonISBN - 978-1119252245


3. Take an official CEH course


Sitting an official CEH course will put you in the best possible position for the exam, following a method proven to help people gain as much knowledge and skills as possible. If you choose an official classroom based CEH course, you’ll benefit from a qualified expert instructor. You’ll have access to the instructor’s expert knowledge when you have questions. Whilst you're also with other students who’ll be in the same situation, asking similar questions and boosting your motivation.

Official courses  give you access to official curriculum,practice materials and an instructor authorised by EC-Council to deliver the training. This means you’ll be studying exactly what EC-Council intends you to, giving you the highest quality teaching and the best possible chance to pass. An official course is also the best way for you to get hands-on and reinforce crucial exam knowledge. You’ll get real-world ethical hacking experience applicable to the role. 

Ethical Hacking requires you to follow a code of conduct, making it impossible to do this in a safe environment in your own time.

4. Test yourself with practice questions

The best way to assess your readiness for the CEH exam is to try a practice test. You’ll get immediate feedback and it’ll help you make the connection between your studies and the end goal of gaining knowledge and skills and passing the exam, relating your knowledge to specially designed questions.

Skillset offer CEH practice tests in 52 different skill areas. From Cryptanalytic Attacks to Computer Viruses to Session Hijacking, this incredible detail means you can study CEH comprehensively. Also, each topic has a series of more advanced levels allowing you to test the depth of your knowledge for each topic area.

There is also a practice test on the EC-Council website. As it comes straight from the creators of the CEH exam you know the questions will be useful and could be a basis from which to build your revision, and assess your readiness for the CEH exam. I wouldn’t use this resource too early in your studies, but as a check to see whether your knowledge is well-rounded enough for the exam.

MeasureUp have an ethical hacker practice lab that allows you to work on your skills in areas like footprintting and reconnaissance, scanning networks, sniffers and device enumeration. Lasting 20 hours, the lab contains plenty of material that will help prepare you for the real-world as well as the exam. You can access this here

5. Get involved in a forum

Using a forum is a great way to connect with many like-minded people who are currently studying for the same certification or who have sat it in the past. You’ll learn from their queries and experiences helping you get ideas for your own studies. However, bear in mind that not everyone is an expert.

TechExams has one of the largest CEH forums, with people that have passed and those who have found barriers and difficulties whilst studying. Here, you’ll be able to find help and information regarding what skill areas you should concentrate on to gain the most from the certification. Not only will this help you pass the exam, it’ll help you focus on the most useful topic areas to help you on the job in the future.


The key to passing any exam is investing time and hard work into your preparation. For your Certified Ethical Hacker exam, and certification as a whole, investing your time and efforts into these five tips will give you the best possible chance of achieving your EC-Council Certified Ethical Hacker certification. Proving your skills as a very capable ethical hacker. 

Best of luck in your studies.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 30 November 2015

Cyber security red alert on Cyber Monday


Cyber Monday creates an ideal opportunity for malicious hackers to attack your business systems. As company servers are hammered by millions of genuine requests from eager buyers, the opportunity for a hacker to breach your system undetected increases. The consequences of which can be severe, considering the financial and public image implications a single breach can create. 

The current strain being exerted on IT infrastructure is strikingly similar to a common hacking technique. The tactic involves a single hacker targeting a network, followed by hundreds of hackers joining the attack to create a diversion. The noise created by the hundreds of additional hacker presents a smoke screen, enabling the initial hacker to breach the system. 

Attacks like these can collapse your infrastructure, forcing websites and whole servers offline. They are becoming all too common as cyber criminal look to cash in on the details stolen. 


Protecting your assets on Cyber Monday 


Today, on Cyber Monday, you should remain vigilant, especially if you're an online retailer. Loyal customers are currently creating the diversionary tactic which could allow a hacker to breach your system. If your attention is being distracted by sales, you should start focusing on security. 

A single breach could expose your data to criminals, or take your website offline for hours. Not only will you miss out on the valuable revenue created by these marketing ploys, the financial ramifications of a breach could collapse your business. Take TalkTalk for example, November’s breach of the telecoms giant is estimated to cost the organisation in the region of £30-35 million. 

Take the following steps to protect your assets on this busy day: 
  • Ensure you follow routine daily security checks – do not let your IT team be distracted by sales
  • Segment systems on separate protected networks – this tactic ensures that if one system or network is breached, an attacker won’t then have free roam to take down multiple systems simultaneously 
  • Increase monitoring of endpoint devices – pay regular and close attention to public facing systems to ensure any suspicious activity doesn’t go undetected. Now is the time to be paranoid, it’s the ideal time for an attack 

Future planning 


Whilst Cyber Monday is high risk, it’s important to prepare for the long term. A cyber-attack can happen at any time, it’s vital you and your team have the security skills implement a long term strategy. 

Investing in training employees is critical. Certification courses like the Certified Ethical Hacker and CISSP will develop the technical and strategic skills required to protect your company assets. You can learn to attack your own systems to identify weaknesses or devise a comprehensive and water tight security system. Stay vigilant.

Tuesday, 29 September 2015

Why now is the time to become a Certified Ethical Hacker

 By Sarah Morgan

Cyber criminals are using increasingly more advanced technologies to breach the security of high-profile businesses. The list of companies and institutions hacked now include Ebay, Sony, Target, AOL, the NHS and even the US Military. Even after such massive security scandals, some dating back almost 10 years, companies are only now realising how crucial IT security is to their success. 

Because of this, now more than ever, businesses want professionals who can demonstrate skills in ethical hacking. Read on to discover the reasons why there has never been a better time to become a Certified Ethical Hacker.

Large scale investment


According to Microsoft’s Digital Crimes Unit, 1 in 5 businesses have been the subject of a cyber-attack. This means it’s a matter of when, not if, more high-profile security breaches will happen. As a result companies are recruiting and training Certified Ethical Hackers to make sure it isn’t them. Because of this, demand for Certified Ethical Hackers continues to climb, almost indefinitely.

In addition, BT has recently launched an ethical hacking service for customers in financial services. This service is designed to help organisations in retail and investment banking to protect their business from security breaches and cyber-attacks. If other big businesses follow suit and begin to offer full-scale services like BT’s, the demand for Certified Ethical Hackers will increase significantly. 

With 1000s of jobs currently advertised, and the future growth potential, this is just one of the reasons why there has never been a better time for you to attain EC-Council' Certified Ethical Hacking credential.


Investment from small and medium businesses


It's not just global organisations investing in ethical hacking to ensure their names aren’t headline news for the wrong reasons. Small and medium businesses are increasingly realising the need to increase investment in IT security to future proof their business.

In recent interview with the BBC, Steven Harrison, Lead Technologist at IT services firm Exponential-e, states there can often be a knowledge gap between small business and industry giants. To bridge this gap, small businesses are increasingly investing in developing the skills of ethical hackers to tighten up their security. The goal is to prepare themselves as they expand into the cloud, social media and other advancing technologies. 

If you work for a small or medium business, now is a fantastic time to encourage your boss to invest in training you as a Certified Ethical Hacker.


Removing the stigma


When the title of “ethical hacker” was first mentioned, some businesses were cautious of employing those with the skills to hack their systems. For obvious reasons, businesses were reluctant to hand over the keys to their company’s security. They were fearful of disgruntled employees who knew every detail of their security systems and how to access their most sensitive data.

However, ethical hackers have proven time and again their value by protecting businesses from cyber-attacks that have devastating potential. Companies are also more aware of the rigorous background checks for criminal records and codes of conducts that all ethical hackers must pass and sign.

This is good news, as the types of attacks that are threatening businesses are becoming increasingly more common and complex. The best way to counter this threat is to employ a Certified Ethical Hacker to discover and patch weaknesses in security. 

The realisation of the worth of ethical hackers means more businesses are looking to employ and train Certified Ethical Hackers for protection. They are much more willing to open their doors to you.


Image courtesy of chanipipat at FreeDigitalPhotos.net




EC-Council Certified Ethical Hacker v.9.0


EC-Council recently released the new and updated version of the Certified Ethical Hacker certification. Because the CEH certification is the pinnacle in the field of ethical hacking, when the course is updated, it provides the latest knowledge and skills available. Version 9 is no different and has added new vulnerabilities and attack vectors. 

Now is the perfect time to bring your skills up to date and set yourself apart from other professionals.


Boost your security skills


The demand for Certified Ethical Hackers is only set to increase in businesses of all sizes. As technology continues to advance, so will the threats to the businesses using it. These businesses will need to protect themselves, one of the best ways to do that is through Certified Ethical Hackers.

So, insummery here is why there has never been a better time for you to become a Certified Ethical Hacker:

1. Big business are investing heavily in recruitment and training of Certified Ethical Hackers. The emergence of ethical hacking as a service ins only going to create yet more jobs.

2. Small and medium businesses are investing more in developing ethical hacking hacking skills, meaning you have more chance of improving your knowledge and skills.

3. Reduced stigma and a greater appreciation of the value of ethical hackers means more and more companies are opening their doors to Certified Ethical Hackers.

4. The release of CEH v9 means you can bring your skills up to date and be at the forefront of ethical hacking.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 


Wednesday, 3 June 2015

The 5 best CEH certification books 2015


By Sarah Morgan


Cyber-attacks are now ranked amongst the top 10 global threats to your business, a survey from Aon Solutions revealed this week. It’s no surprise – security breaches can cripple your business infrastructure, leak private customer data and destroy your organisation’s reputation.

The IT security field is expected to grow 37% by 2022 and many security professionals are now taking the offensive and building their white hat hacking skills with EC-Council’s CEH certification.

The CEH v8 certification is an advanced certification, and to conquer it you’ll need to prove your expert white hat hacking knowledge. To help you do just that, here are our 5 best CEH certification books for 2015…


CEH: Certified Ethical Hacker Version 8 Study Guide – 14 Oct 2014
ISBN-13: 978-1118647677

Sybex’s Certified Ethical Hacker Version 8 Study Guide is perhaps the most popular preparation tool for the CEH certification.

The guide boasts a concise, easy-to-follow approach to the certification that covers all exam objectives with examples and hands-on exercises.

You’ll study everything you need to pass the CEH exam – including cryptography, footprinting, trojans and covert channels. Also included is a companion website, stuffed with study tools like practice exams, chapter review questions and electronic flashcards.

The guide is useable in both classroom and self-study scenarios. Plus, an average user score of 4.2/5 stars across Amazon (28 reviews) ranks this as one of the most sought-after books on our list.

Available in:


CEH Certified Ethical Hacker Bundle, Second Edition (All-In-One) – 1 Oct 2014
ISBN-13: 978-0071835572

A popular CEH revision guide from Matt Walker - a man with so many certifications after his name he makes the alphabet feel insecure.
Billed as a money-saving self-study bundle, this comprehensive package includes massive amounts of content:

  • CEH Certified Ethical Hacker All-in-One Exam Guide, Second Edition
  • CEH Certified Ethical Hacker Practice Exams, Second Edition
  • CEH Quick Review Guide

The All-in-One exam guide is your primary asset for CEH certification success. Inside, you’ll find complete coverage of all CEH exam objectives and topics.

Reviewers cite a desire for a greater focus on policy questions. Despite this it retains an impressive 4.1/5 star review average on Amazon (14 reviews)

Available in:


Certified Ethical Hacker (CEH) Cert Guide15 Dec 2013
ISBN-13: 978-0789751270

Authored by certification expert Michael Gregg and published by Pearson IT certification, this chunky 640 page CEH certification guide is certainly comprehensive.

As well as a companion to the CEH certification’s v8 topics, you’ll also focus on building your own study guide, complete with test preparation routines and review questions. A CD featuring two complete practice exams is also bundled with this certification guide.

Finally, you’ll get preparation hints and exam tips from leading security consultant, Michael Gregg.

Available in:


The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy – 1 Aug 2013
ISBN-13: 978-0124116443

Though not a CEH certification guide, this introductory book provides any aspiring ethical hacker with a solid foundation of ethical hacking knowledge – crucial for passing the CEH exam.

You’ll study the same hacking tools commonly found within the CEH certification, and learn how to use them to conduct real life penetration tests.

This book begins with the basics and guides you towards more advanced subjects such as post exploitation and access maintenance. This is an ideal book for anyone with an interest in penetration testing - especially useful for those starting down the path to their CEH certification.

Available in:


Official CEH CoursewareEC-Council

As well as study guides, you also have the option to simply purchase EC-Council’s official CEH courseware. This is everything you’ll need to pass your CEH exam - included in the official bundle is:

  • Three official EC-Council CEH books (lab manual and two courseware manuals with slides)
  • 6 DVDs

The labs showcased in the courseware are tested against the latest operating systems with all up-to-date patches and hot-fixes applied.

Plus, the 6 DVDs contain over 20GBs of guides on how to use the latest hacking and security tools alongside more than 1,000 minutes of videos demonstrating hacking techniques.

Purchase the official CEH courseware from EC-Council store.


Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 6 March 2015

Frequently Asked Questions about EC-Council’s CEH certification


By Sarah Morgan


With the recent spate of high profile hacks targeting the biggest and wealthiest, you might not be surprised to learn that EC-Council’s Certified Ethical Hacker cert is experiencing a boost in popularity.

As malicious hacking and cybertheft become increasingly prevalent in our lives, the CEH will continue to gain in importance. A lack of information security knowledge and investment is often to blame for data and system breaches – it’s clear that organisations need professionals with advanced security skills.

In response to this growing need, more and more professionals are looking to the CEH as a way of gaining new security skills and securing a rewarding career as an Ethical Hacker.

There’s a lot to learn about this popular cert - let’s take a look at the most frequently asked questions about EC-Council’s CEH certification.


Q. What actually is an Ethical Hacker?

A. Ethical hackers attempt to penetrate a computer system or network with the aim of finding security vulnerabilities that could otherwise remain undetected. However, unlike malicious hackers, ethical hackers are given permission to undertake these controlled attacks.

Without these harmless penetration tests, security holes could remain unseen, leaving the organisation in a position that a malicious hacker could exploit.

pat138241 / FreeDigitalPhotos.net


Become an Ethical Hacker and you’ll learn to use the same techniques and tools as a cybercriminal. However, instead of exploiting these vulnerabilities, as an Ethical Hacker you’ll document security holes and provide actionable advice on how they can be fixed.


Q. How much does an ethical hacker earn?

Ethical hackers earn an average advertised salary of £55,000 according to data from ITJobsWatch.


Q. Why should I get the CEH cert?

A. The CEH is a brilliant introduction into the world of Ethical Hacking. You’ll finish your certification with an in demand set of skills covering Intrusion Detection, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Plus, if you need to break into the field of ethical hacking or penetration testing, the CEH will put you ahead of other uncertified job applicants (assuming you similar experience).

It’s a benchmark certification for ethical hackers - “CEH is the original standard,” says Albert Whale, president and chief security officer at IT Security, Inc.


Q. Is the CEH necessary to get a job in Ethical Hacking?

A. The CEH is the most well-known certification in Ethical Hacking, but it’s not an absolute requirement. At their most basic, certifications are simply a supplement to real-world experience - without this you will only get so far.

This certification will help you break into the Ethical Hacking profession, but you’re not guaranteed a career. You’ll get great skills and a renowned certification, but you’ll still need experience to back it all up.


Q. What prerequisites do I need to take an EC-Council course?

A. This cert sits in the sweet spot between entry level qualifications like CompTIA’s Security+ and advanced certs like the CISSP.

Before attending a CEH training course you should ideally possess at least two years IT experience, a good knowledge of TCP/IP, Windows Server and a basic familiarity with Linux and/or Unix.


Q. Will I be taught by a real hacker?

A. At EC-Council’s accredited training centres you’ll be trained by experienced security professionals. You won’t be taught by a 17-year-old reformed hacker – EC-Council adheres to a strict code of ethics and employs experienced instructors with a clean reputation.


Q. Isn’t it irresponsible to teach people how to hack?

A. The more we know about how the ‘bad guys’ operate, the more secure our systems, data and networks will be. Whilst the knowledge you’ll gain on a CEH course has the potential to be misused, many would argue this far outweighs the benefits of teaching thousands of IT professionals how to better protect their businesses.

To help highlight responsibility, EC-Council requires all of their students to sign an agreement, agreeing to respect the knowledge and not misuse it. You’ll also be required to agree to abide by all legal laws of the land in the use of your new knowledge and skills.


Q. How is the exam structured?

A. To achieve your CEH v8 certification you’ll need to pass exam 315-50 at a Prometric or Pearson VUE test centre. This exam is a 125 question, multiple choice paper covering the 19 CEH domains. To gain your CEH cert, you’ll need to score at least 70%.

Take a look at EC-Council’s site for more information on your CEH exam.


Q. What is the current version of the CEH certification?

A. Released in 2013, CEH v8 is the current version of the certification and introduced new modules in Social engineering and IPv6. CEH v7 retired on October 31st 2013 – you will no longer be able to take this exam.


Q. Do I have to recertify my CEH?

A. As of January 1st 2009, all EC-Council certifications will be valid for three years. However, to maintain your certification you will be required to achieve 120 credits (per certification) during the three years after you certify.

These credits can be gained in the following ways:

  • Attending conferences
  • Writing research papers
  • Reading material on realated subjects
  • Attending webinars

Qualifying activities must have been completed during the three year window after you achieve your certification.

More information on EC-Council’s recertification policy can be found here.


Q. What is EC-Council Aspen?

A. Aspen is a gateway to portals, products and services provided by EC-Council for its registered members.

As a member you’ll be able to place orders on products and courseware, view your certification(s) continuing education scheme and maintain your certs with EC-Council.

Access Aspen here.

Related Articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 17 December 2014

Best IT certifications for 2015


By Sarah Morgan


Getting certified is a brilliant way to prove that you are as skilled as you say you are. But a certification doesn’t stand alone – if you can’t apply it, what’s the point? Now that 2014 draws to an end, let’s take a look at some of the best IT certifications for 2015 that will advance you to the next stage in your career.

The need for qualified IT professionals is now massively outpacing the supply – it’s estimated that Britain alone will need 500,000 new IT professionals over the next five years. And with the widespread uptake of technologies, like Cloud and virtualisation, getting certified in 2015 really will make all the difference.

2014 saw a barrage of cyber-attacks inflicted upon businesses around the world. In fact, more organisations fell victim to cybercriminals in 2014 than 2013, the US State of Cybercrime revealed. And reports are already predicting an increase in cybercrime for 2015.

So from security to cloud and project management qualifications - getting certified for 2015 could be one of the best decisions you make next year. Here's our list of the best IT certifications for 2015.


1. Microsoft MCSA: Windows Server 2012 

Support for Windows Server 2003 ends July 14th, 2015. Using the system after end of support could cost you up to £120,000 a year in custom support. You will also lose the ability to process online transactions via Visa & Mastercard as Windows Server 2003 will fail to adhere to PCI compliance.

Despite warnings from Microsoft, estimates from HP suggest 11 million systems are still running Windows Server 2003. This could be a cripple your business, come 2015, considering the estimated 3 to 18 months it takes to migrate a datacentre of 100+ servers.

Thousands of businesses will now be migrating to Windows Server 2012, making the MCSA: Windows Server 2012 certification a valuable asset. Get this cert and you’ll reduce the hassle of migration and be able to make the most of your new server software faster.

Start planning your migration today (if you haven’t already) and make it a smooth process for your organisation by taking the MCSA: Windows Server 2012 course.


2. EC-Council Certified Ethical Hacker

There was a 50% chance you were a victim of cybercrime in 2014, data from Microsoft revealed. The same is true for one-in-five small and medium businesses.

Certifications like EC-Council’s CEH are now becoming increasingly sought after for businesses of all sizes. After all, nobody wants to face a crippling security breach like Sony’s recent attack.

Protect your business from cyber attacks like this (image from Sony's recent breach)



























Take on the CEH in 2015 and you’ll get comprehensive ethical hacking and networking security training. On this course you’ll learn how to conduct penetration tests against your own systems. With the knowledge of a hacker at your disposal, you’ll identify and close security holes that a cybercriminal could otherwise exploit.

The CEH certification also qualifies you for a wide range of roles within IT security from Forensics Analyst to Application Security architect.


3. (ISC)2 CISSP

In the past year alone, cyber security vacancies have doubled with demand now overwhelming supply, according to data from Technojobs.

The CISSP is a global standard and widely recognised as the information and cybsersecurity benchmark cert. Achieve it and you’ll display solid proof of your rounded IT security experience as well as a common baseline and standardisation of knowledge.


Certifications like the CISSP are in demand (2014 saw a 10% growth in the average salary for cyber security professionals) as they are frequently required for the majority of senior roles within cyber security.


Protect your organisation from IT security threats of all kinds - find out how to become a CISSP.


4. Microsoft MCSA: Office 365

Take the Microsoft MCSA: Office 365 and position yourself to take advantage of Microsoft’s new Cloud focus. This is also your first step to achieving Microsoft’s new Cloud Productivity competency for your business.


Achieve this certification and you’ll use the power of the cloud to save time, money and free up your business’s resources. You’ll get the skills required to set up an Office 365 tenant, including federation with existing user identities. If you evaluate, deploy and maintain Office 365 services, or plan to in the future – this is the course for you.



5. VMware® vSphere 5.5 

Businesses continue to embrace virtualisation technology as a way to reduce cost and complexity of critical applications. ‘The always-on-business will become the norm across the globe’ writes Don Williams, Vice president at Veeam Software.

Users want continuous access and to keep up, businesses have turned to virtualisation technologies to provide this. Products like VMware’s vSphere enable businesses to virtualise their server resources and aggregate them into logical pools for use across the entire business.

vSphere 5.5 is the fix for costly infrastructure sprawl as it allows your business to run multiple operating systems and applications on a single computer. Gone are the days of having multiple servers running at sub-optimal capacity - virtualisation technology gives increased productivity by reducing physical servers and ensuring each is running at full capacity.

Learn how to apply virtualisation technology within your organisation in 2015, with VMware’s official vSphere 5.5 certification. Find out more here, but bear in mind, this certification may change with the release of vSphere 6 sometime in 2015.


6. Microsoft Specialist: Developing Microsoft Azure Solutions 

Cloud technology is growing and demand for Cloud qualified professionals is growing with it. In 2014, 56% of IT departments couldn’t find qualified staff to support their cloud projects and demand for ‘cloud-ready’ IT professionals is also set to grow by 26% in 2015, IDC reports.

Microsoft's Public Cloud offering, Microsoft Azure, continues to grow with more than 1000 new customers joining everyday. After investing $15 billion in building and maintaining the global datacentres that power the Azure platform, it’s clear Microsoft have big plans in the Public Cloud space for 2015. You can tap into the demand for cloud skilled professionals by looking at the newly released Microsoft Specialist certifications focusing on the Azure platform.



If you’re a developer, the Developing Microsoft Azure Solutions certification is a brilliant way to gain a greater understanding of the Azure platform in 2015. This specialist course, built for developers, teaches you how to establish your own Azure virtual network environment, construct Azure Virtual Machines, host azure websites and design resilient cloud applications.

If you already hold the MCSD: Web Applications cert, this qualification is a brilliant way for you to get a rounded understanding of the Azure platform for 2015.

To achieve the certification you’ll have to pass the Microsoft Exam: 70-532.


7. Implementing Microsoft Azure Infrastructure Solutions

This is the second of Microsoft’s new specialist Azure certifications. With it, you’ll learn how to migrate your on-premise infrastructure to Azure. You’ll also learn how to:
  • Plan and implement data services based on SQL
  • Deploy and configure websites
  • Publish content through CDNs
  • Integrate on premise Windows AD with Azure AD
To achieve the certification you’ll have to pass the Microsoft Exam: 70-533.


8. AXELOS PRINCE2 Foundation and Practictioner

PRINCE2 is the de-facto standard for project management in the UK and is held by 63% of all project management professionals. With over a million exams taken globally, it’s already recognised as the world’s most popular project management methodology.

This qualification covers the management, control and organisation of a project. It embodies years of project management best-practice and provides a flexible and adaptable framework that suits different projects.

The PRINCE2 remains a sought-after certification for 2015 as employers continue to demand this qualification for their project management roles.


9. Microsoft MCSE: Private Cloud

The MCSE: Private Cloud certification focuses on the skills to combine Windows Server and System Centre 2012 to build a private cloud for your business. This certification requires the MCSA: Windows Server 2012 as a prerequisite. 

To boost the uptake of this already popular cert, Microsoft have launched various initiatives to help IT professionals get the prerequisites for this in-demand cloud certification.

To find out more about how to get the MCSE: Private Cloud certification, check out Microsoft Evangelist, Keith Mayer’s step-by-step guide. Or, if self-study isn’t for you, take a look at this accelerated course.


10. CompTIA A+

Many an IT professional’s career has been built upon the solid foundations of the CompTIA A+ certification. In fact, over 1,000,000 people have achieved the A+ in the past 20 years.

Major brands - like Dell, HP and Lenovo – require that their technicians are A+ certified in order to service their products. It’s even supported by government branches like the US Department of Defence.

The skills you’ll get from this certification are vendor neutral, meaning they’ll remain universally applicable across your entire IT career.

If you’re new to IT then this cert is one of the best ways to break into the industry. Take the CompTIA A+ and set yourself up with a comprehensive base of IT knowledge for 2015.


If we missed any great certifications you’re planning on taking in the New Year, please comment below!

We supported our best IT certifications for 2015 with a lot of our popular blogs from 2014, take a look at them below:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 12 December 2014

Fast track your career into Cyber Security in 2015

 By 

Continuing growth in salaries, a shortage of skilled professionals and a rapid increase in available jobs make a career in cyber security a real prospect. Follow this guide to fast track your career into cyber security in 2015...

If you’re considering a career in cyber security then 2015 could be the year for you. The hacking of Sony Pictures is the latest in a string of high profile attacks, which continues to put recruitment of skilled cyber security professionals top of the agenda.
placeholder

Cyber security vacancies in the UK have doubled in the last year, with demand outstripping supply, according to a recent study by Technojobs. Combine this with of a 10% growth in the average salary for UK cyber security professionals, now £57,000, and increased Government support and it’s easy to see why the current climate is perfect for employment in the field of cyber security.


Follow these tips to fast track your career into cyber security in 2015…



1. Find the right job for you


First things first, work out which job is right for you. Whether you want to become a Computer Forensics Investigator, Information Security Analyst or Penetration Tester, it’s important to know what the job entails.
SANS have compiled a list of the top 20 Information Security and Cyber security jobs which you can use to track down job descriptions on the major job boards.


2. Get certified


Sometimes the quickest way into the cyber security sector is to get certified. In fact the majority of commercial cyber security and defense-related IT Security jobs require security certifications as a prerequisite. So the lack of certification may be the only thing standing between you and your cyber security career. Find out.


If you are looking at entry-level positions then the CompTIA Security+ and Microsoft MTA Security Fundamentals are a great place to start.

Those considering a more advanced position would be well placed to consider EC-Council’s Certified Ethical Hacker (CEH) certification or ISACA’s Certified Information Security Manager (CISM) certification.
Then there is the industry gold standard Certified Information Systems Security Professional (CISSP) from (ISC)2, for those eyeing up a position in Senior Management.
This is merely scratching the surface, there are a range of security certifications available from other renowned vendors including Cisco, Symantec and GIAC.


3. Make sure you have the right experience


This echoes back to the first point, when you’re looking at job descriptions, scope out the level of experience required for the job in question. You may realise that you don’t have the right experience at this stage, but at least you know what you’ll need to be working towards.
For those looking at starting a career, this may mean taking a non cyber security-related job as a stepping-stone. As pointed out in a fantastic post from Ira Wrinkler in Computerworld:

“You cannot be expected to protect computers if you don’t know how to administer a computer system, you can’t secure a system that you can’t properly configure on your own, you can’t secure a database if you aren’t fluent in the database management system, and you certainly can’t write secure code if you can’t code at all.”

A great way to bridge the experience gap at the entry level is through voluntary work experience or internships. Keep your eyes peeled, they are everywhere.


4. Get your CV in shape



This can be applied to any industry, but always make sure your CV is up to scratch. This will be the first impression you make to a potential employer, get it wrong and it will be the last.
Having past experience in the recruitment sector here’s my top advice:

  • Ensure your CV is tailored to each individual position. This includes a covering letter outlining why you want the job and why they should consider you.
  • You need to make an impact in the first few lines, so highlight relevant experience and achievements from the outset.
  • Don’t waffle, if your CV is more than 2 pages then it’s too long.
  • No spelling mistakes, with modern day spell check it’s unforgivable.


5. Consider signing up with a recruitment agency



This advice is perhaps more for the seasoned professional, but signing up with a specialist recruitment agency can significantly improve your chances of landing that coveted role. Yes you’ll have to go through an interview, but once on the books there are numerous benefits.

A good recruitment consultant will:

  • Have in depth understanding of the industry and some powerful connections
  • Advise you on how to improve your CV and interviewing skills
  • Sell you into employers, even if that employer isn’t currently looking
  • Get the first shot at a high profile position that may never make a job site
So there we have it, five tips to set you on your way to a new cyber security career in 2015. I wish you every success.



Author Profile

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint, Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.

Wednesday, 22 October 2014

5 incredible jobs for a Certified Ethical Hacker


By 


EC-Council’s Certified Ethical Hacker certification opens doors for IT security professionals. Take on the CEH and you’ll get comprehensive ethical hacking and network security training – you’ll learn to think (and hack) like a hacker.

And like most certifications, the CEH is only a stepping stone to your dream career. The experience you’ll get from becoming a CEH can be applied across a huge variety of job roles. Let’s take a look at some of the most impressive ones:


1. Penetration Tester 

Average advertised salary - £55,000*


Just like malicious hackers, penetration testers attack IT systems to locate security flaws. But, unlike hackers, penetration testers are White Hats - their aim is to protect systems, not exploit them.

The only difference between penetration testing and hacking is whether you have the system owner’s permission. If you want the thrill of hacking and enjoy the challenge of breaking into networks, penetration testing could be an incredibly rewarding career for you.

"pssst, what's Frank's password?"
If you can find a vulnerability during your simulated real-life cyber-attack, then you’ve earned your wages.

You’ll establish the viability of attack vectors (also known as an ‘attack-surface’), research known vulnerabilities within the client’s hardware and software stacks and identify weaknesses using common hacking tools.

And you might even find yourself using social engineering to legally con client’s employees, e.g. trying to solicit employee passwords from other employees.


2. Forensics Analyst

Average advertised salary - £42,500*


This ultra-modern role involves analysing the way in which intruders breach IT infrastructure. You’ll be assessing the full extent of any malicious breaches in order to identify additional systems / networks that have been compromised.

Investigating the minute traces left by complex Black Hat attacks requires an IT expert proficient in cutting edge forensic and reverse engineering skills. You’ll need to think and act like a hacker in order to identify the ways they breached your client’s system. 

You'll be using a hacker's malware as evidence for his crimes
Image courtesy of Stephen Miles
To be a successful forensic expert you’ll need to master prevention / detection, hacker exploit techniques and reverse engineering of malware.

Perhaps most importantly, you’ll need to stay at the cutting edge of attack methodologies. Hackers won’t get complacent, so neither can you. If you can keep your security knowledge and skills up-to-date, you’ll find success as a Forensics expert.

And whilst many job postings advertise the CEH certification as a desired qualification, EC-Council also offers a specific digital forensics course. It’s called the Computer Hackings Forensics Investigator (CHFI) and will teach you everything you need to know about investigating, recovering and tracking cybercrime.


3. Internet / Network Security Administrator

Average advertised salary - £47,500*


Internet security administrators are responsible for protecting vulnerable computer systems and networks against attack. Also known as security specialists, the security administrator handles all aspects of information security.

You’ll be the go-to professional for all aspects of an organisation’s information security. As well as teaching your colleagues about computer security, you’ll check for security violations, research and install protection software and defend/take action against cyber-attacks.

If the breach is serious, you may even find yourself providing evidence of cyber-attacks to prosecute individuals for breaching security.

You’ll have a great deal of responsibility and as a result, you’ll need good communication skills and the ability to react exceptionally fast to security problems. You might even be expected to work on-call in case of emergencies. 


Pictured above: a visual metaphor for network security.
sidewinder123 / MorgueFile


4. Application Security Architect

Average advertised salary - £65,000*


Application security architects work with development and computer architecture teams to create security applications.

You’ll likely find yourself testing programs for security weaknesses and performing vulnerability scans. You’ll be responsible for creating effective security applications and will work closely with software development teams, providing security guidance and expertise.

To succeed in this role you’ll need great problem solving skills and the ability to anticipate vulnerabilities in new software. And, as with most security roles, you’ll also need a deep understanding and appreciation of emerging cyber security risks.


5. Computer Network Defense Analyst

Average advertised salary - £40,000**


Computer network defence analysts work with cutting edge cyber-security technologies to provide expert opinions on current and emerging network security threats.

Get it? Program...
DogertonSkillhause / MorgueFile
You’ll create security threat analysis reports and briefs that describe the risks of potential threats and the risks these threats may pose to your organisation networks.

Tasks could include:
  • Analysing network traffic to identify anomalous activity
  • Determining appropriate response to anomalous network activity
  • Studying identified malicious activity to determine weaknesses exploited
  • Examine network topologies to understand data flows through the network
  • Provide daily summaries and news, events and activities and distinguish these incidents and events from benign activities.



Secure your dream security job

The CEH certification is great for any information security professional. Secure it (in only 5 days?) and prove you can defend your organisation from malicious attacks; you’ll be well on your way to your dream job.

*data from ITjobsWatch.co.uk
*data from simplyhired.com



About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.