Showing posts with label EC-Council. Show all posts
Showing posts with label EC-Council. Show all posts

Friday, 26 May 2017

Latest EC-Council Disaster Recovery Professional (EDRP) v3 certification launched


EC-Council today announced the launch of the latest version of the EC-Council Disaster Recovery Professional (EDRP) certification, designed to build the critical skills your organisation needs to continue running following a disaster.


Earlier today, EC-Council COO, Sean Lim, announced the launch of the EDRP v3 certification. During a live presentation, Sean outlined exciting updates to the EDRP which resulted in a complete overhaul of the credential, bringing it right up to date.


Why you need disaster recovery skills


The need for disaster recovery skills within your organisation is critical to the continued functioning of your business following a disaster. Organisations lacking a disaster recovery and business continuity plan risk significant financial losses, reputational damage and complete business failure in severe circumstances.

The threat is very real. Statistics from FEMA - a US Department of Defence organisation - report almost 75% of organisations without a business continuity plan fail within 3 years of a disaster. Of these businesses, between 40-60% never reopened their doors immediately following the disaster.


Disaster recovery is a growing industry


Unfortunately for you, disaster events are on the rise. In fact, the disaster recover industry is expected to grow to almost seven times its current size - from $1.6 billion in 2016 to $11.1 billion by 2021. This come as no surprise considering that more than half of companies (54%) have reported a downtime event that lasted more than 8 hours in the past five years (State of Disaster Recovery 2016 – Zetta).


State of Disaster Recovery 2016 Infographic - Zetta


Two thirds of these organisations went on to report that they would lose upwards of $20,000/day for every day of downtime. Consider the revenue your business generates per day and imagine how losing your website and phone systems could impact that. This is an increasingly likely scenario - 34% of organisations reported downtime caused by a malware attack. 

Despite these shocking statistics, 2 in 5 companies still do not have a documented disaster recovery plan, and only 40% of these organisations test them once a year.

Can your business afford not to be prepared?


How the EDRP certification protects you


The EDRP course focuses on developing the skills you need to prevent - and recover from - disasters affecting an enterprise scale organisation. These skills could mean the difference between business recovery and business ruin.

This purpose-built course will teach you to identify vulnerabilities and construct the countermeasures required to prevent and mitigate failure risks within your organisation. 

You’ll develop a foundation in core disaster recovery principles, including preparation of a disaster recovery (DR) plan, risk assessment, policy and procedures development and implementation of the DR plan to recover from disaster – should the worst happen.

EDRP v3 has been completely redesigned to align to the latest job task analysis and market research with key additions including:

  • New curriculum focused on business continuity and disaster recovery
  • Meeting regulatory compliance for standards including ISO 31000, ISO 22301, ISO 22313, NFPA 1600 and many more along the NICE Framework
  • Cloud-based virtual labs to simulate business continuity / disaster recover techniques in real time
  • Bridging the gap between business continuity and disaster recovery
  • Updated exams to validate both knowledge and practical skills across business continuity and disaster recovery

The course syllabus covers:

  1. An introduction to Disaster Recovery and Business Continuity
  2. Business Continuity Management
  3. Risk Assessment
  4. Business Impact Analysis
  5. Business Continuity Plan
Developing the skills to:


  • Design a business continuity management framework
  • Create a risk assessment report
  • Create a business impact analysis report
  • Create a business continuity strategy

Want a detailed look at the new curriculum? Take a look at this page for more in-depth knowledge of the EDRP certification.

Friday, 10 February 2017

EC-Council launch Certified Hacking Forensics Investigator (CHFI) v9 Update

As businesses wake up to the growing and imminent threat of cyber crime, cyber security is a top priority, now more than ever.

In 2004, the global cyber security market was worth just $3.5 billion. But, by 2020 it will be worth a staggering $120 billion according to Wired.

Because of the new and innovative ways businesses are experiencing hack attacks, it’s important that both security and response measures remain up-to-date.

EC-Council’s recent update to the Certified Hacking Forensics Investigator (CHFI) is a prime example of the security industry looking to keep your knowledge current and up-to-date on the latest techniques.

What to do after the worst happened?


The CHFI certification validates your skills in conducting a digital forensics investigation. From understanding which scripts to run in the all important moments following a breach to piecing together clues to catch a trespasser, digital forensics is your first response. 

Digital forensics detectives draw on a wide range of investigation and analysis techniques to identify an intruder's virtual footprints, in the hope of gathering potential legal evidence. 

Put into context, CHFIs are effectively virtual detectives. Just like you’d want an investigator on the case if jewellery was stolen from your home, you’ll want a CHFI if you’re the victim of a cyber breach.  The only difference is, even the most expensive pieces of jewellery can’t compare to the millions it can cost if you’re hacked.

The CHFI course covers major forensic investigation scenarios and presents a methodological approach to forensics. You'll cover searching and seizing, chain-of-custody, acquisition, preservation and analysis and reporting of digital evidence. 
   
There’s always an opportunity for a hacker to penetrate your system. When your organisation is hit by a cyber breach, the real issue is how you respond to the attack.

What are the new updates?


The new CHFI version 9 update has a number of key changes.

Firstly, this update introduces new content. You’ll dive into the latest forensics examination techniques, with new operating systems including Linux and MAC Forensics. In the previous version (v8), only Windows forensics was addressed. 

Furthermore, a host of new modules have been added to this course to reflect industry developments. The three modules added are database, cloud and malware forensics. With UK businesses at a cloud adoption rate of 84% and with 54% being hit by ransomware attacks, it's easy to see why these modules have been added.  

EC-Council have also added more than 40% new, hands-on labs to the program. These descriptive and analytical labs are well tested and results oriented. Even with these new labs however, EC-Council have in fact reduced the total number of labs and modules. From 22 modules, 42 labs and 2400 slides, they've now got 14 modules, 39 labs and only 1222 slidesThis change seeks to make the information more concise and digestible, whilst still covering all of the key areas in the same depth. 

 

Why is it essential to your cyber security in 2017?


In a world where 90% of all criminal cases have at least one form of electronic evidence (The Guardian), the importance of being able to conduct a digital forensics investigation is growing rapidly.

Furthermore, the digital forensics market is expected to grow around 15% globally from 2015 to 2020 as businesses quickly realise the importance of cyber forensics. 

Learn how to protect against a cyber attack, fast


Achieve the CHFI certification in just 5 days with Firebrand Training, or check out the extensive cyber security portfolio we have to offer. 

Here's what others thought about the CHFI course: 




   

Wednesday, 14 September 2016

Defend your network with the new Certified Network Defender certification

Today, EC-Council launches their highly anticipated Certified Network Defender qualification. This exciting new certification focusses on developing the critical skills needed to protect, detect and respond to attacks on your network. A much needed skillset in a world plagued by cyber attacks.  
In this post we'll take a closer look at the certification and why it's so crucial for the industry.

Businesses have woken up to the ever present threat of cyber attack 


In today’s growing technological world, organisations are painfully aware threat of cyber breaches and the inadequacies of their preventative measures. In fact, a Government study has found that 51% of UK businesses experienced a security breach in the past 12 months. UK Digital Economy Minister Ed Vaizey emphasised just how “crucial” security is, with “too many firms losing money, data and consumer confidence” as a result of the vast number of cyber attacks.  

While the number of cyber attacks spawn rapidly like infectious bacteria, the demand for individuals certified in cyber security has far out paced supply. Findings suggest that 7 of the 10 cyber breaches on UK companies could have been prevented, pointing at a lack of industry knowledge. Furthermore, 28% of organisations experienced a shortage of network security specialists and by 2019 its expected that the demand for cyber security skills will triple the supply of personnel available.  


What can the CND do?  


Why is it that some businesses lock their doors and put on an alarm, yet they leave their most valuable data completely unprotected? A businesses network is a businesses first line of defence against cyber attacks. Unfortunately, set up incorrectly, it can be an open to door to cyber criminals. Once they're in they can infect your database, install ransomware and compromise your applications.  

The CND, built from a common body of knowledge, focusses on defence.  It is made up of 14 of the most current network security domains, aimed at upskilling network administrators with the knowledge and skills to protect, detect and respond to network security threats. 
As network administrators are familiar with network components, traffic, performance and utilisation, network topology, location of each system and the security policies, they can play an increasingly significant role in becoming the first line of defence for any organisation.   
The course outline was devised by a series of surveys and industry related interviews with lead security managers to address the shortcomings within their existing workforce and organisation. The result is the following 14 modules: 
  1. Computer network and defence fundamentals 
  2. Network security threats, vulnerabilities and attacks 
  3. Network security controls, protocols and devices 
  4. Network security policy design and implementation  
  5. Physical security  
  6.  Host security  
  7. Secure firewall configuration and management 
  8. Secure IDS configuration and management 
  9. Secure VPN configuration and management  
  10. Wireless network defence 
  11. Network traffic monitoring and analysis  
  12. Network risk and vulnerability management 
  13. Data recovery and back-up
  14. Network incident response and management  

So what makes the CND so special? 


More than just a certification catered to the current needs of the market, the CND course boasts other impressive features: 
The course is made up of 50% hands-on labs and practical work. The benefit of this skills-based, lab intensive program is that you gain invaluable real-world experience in the event of a real breach.  

Unlike many other certifications, the CND course has shifted its focus from the technology used in security, to the operations and processes involved in securing a network. EC-Council liken this focus on operations over the transitory technology to learning mathematics without a calculator. Rather than mindlessly using technology, you’ll learn the why and the how. The benefit of this is that you’ll develop a more holistic, in-depth understanding of security that can help you better protect your organisation.  

Additionally, the CND being a vendor-neutral certification speaks again to the wide audience this certification will benefit as it means the skills can be taken away and transferred to the various technologies organisations use.  



Certification and Training Details 


Available now, Firebrand is delighted to launch the accelerated CND certification course alongside EC-Council.  

The course will be 4 days in duration including the exam, 20% faster than traditional training. As an official provider of EC-Council certifications, you will benefit from certified instructors, and official material giving you the best chance to pass.  

Having just been awarded EC-Council Accredited Training Centre of the Year for the eighth successive year, you know you're in safe hands. 

The Certified Network Defender credential has replaced EC-Council’s ENSA v4.0, which is set to be retired on March 13th 2017.  
  



Thursday, 8 September 2016

Discover the big name finalists named for EC-Council Foundation's InfoSecTech & Exec Awards 2016

Earlier this week EC-Council Foundation announced the finalists for their upcoming InfoSec Tech & Exec Awards Gala running at Hacker Halted on September 14th in Atlanta, GA

On 6th September, EC-Council Foundation announced the finalists for the prestigious upcoming InfoSec Tech & Exec awards. The event honours cyber security professionals, recognising those who represent the very best in their field. 




There are seven award categories across which the nominations are spread. These include Certified CISO (CCISO) of the Year, CISO of the Year, Innovative Security Project of the Year, Most Improved Security Program of the Year, Ethical Hacker of the Year, Penetration Tester of the Year, and Forensics Analyst of the year. Let’s take a closer look at the categories and the big names announced:

Certified CISO (CCISO) of the Year


This award recognises high level professionals, all of which carry the EC-Council Certified CISO credential. They were selected for their contributions to the CCISO community, as well as to the information security industry as a whole. Finalists include:

Richard Ryan II Hernandez, Information Security Officer at LafargeHolcim; Paul Horn, CISO at HD Vest Financial Services; Hung-Pin Hsieh, Senior Manager at Acer Inc.; Luis O. Noguerol, President & CEO at Advanced Division of Informatics & Technology, Inc.; and Niran Seriki, Senior Cyber Security Consultant for EU Institutions.


CISO of the Year


This award highlights professionals who have been nominated for their leadership and innovation in working to secure their organisation. This is achieved amongst a constantly changing landscape of threats. Finalists include:

Syed Azher, CISO at Impact Group; Medha Bhalodkar, CISO at Columbia University; Pavankumar Bolisetty, Global Head - Information Security at Wave Crest Holdings Ltd.; Jared Carstensen, Chief Information Security Officer at CRH plc.; Kok Kee Chaiw, Vice President, IT Security & Assurance IT Security & Assurance at MEASAT Broadcast Network Systems Sdn Bhd (ASTRO TV Malaysia); Bobby Dominguez, Chief Strategy & Security Officer at Lynx Technology Partners, Inc.; Youssef Elmalty, Head of Cyber Security at IBM; Aizuddin Mohd Ghazali, Group IT, Head, Risk & Security Management at Sime Darby Holdings Bhd; Amit Ghodekar, Vice President, CISO at Motilal Oswal Financial Services Ltd; Marvin Marin, Cyber Security Program Manager & Technical Advisor at NetCentrics; Michael Molinaro, CISO & VP at BioReference Laboratories, Inc., JR Reagon, former Global CISO at Deloitte; and Eric Svetcov, AVP, Information Security & CSO at MedeAnalytics.


Innovative Security Project of the Year


This award will recognises a cyber security project that showed an advanced difficulty level while innovating with methods or solutions to support the business goals of its organisation. The finalists include:

Chen Heffer, Cyber Security Officer and his team at the Douglas County Government; Dan Nagle, Senior Software Engineer at Harman Professional Solutions; and Niran Seriki, Senior Cyber Security Consultant at EU Institutions.


Most Improved Security Program of the Year


This exciting award recognises the impact strong leadership can create in securing an organisation when the correct frameworks, policies, and governance are put in place. The finalists for this award include:

Chad Cottle, Chief Information Security Officer and his team at City of Lexington, KY; Juan Gomez-Sanchez, Chief Security Officer at Lennar Corporation; Brenda McAnderson, Chief System Sustainment at System Sustainment, National Cybersecurity Protection System (NCPS), Network Security Deployment (NSD), Office of Cybersecurity and Communications (CS&C), U.S. Department of Homeland Security (DHS); Paul Medici, Director at Fidelity; and Preston Werntz, Chief, Technology Services Division at U.S. Department of Homeland Security, Office of Cybersecurity and Communications.


Technical awards


The following awards focus on the technical expertise of cyber security professionals. This is the first time EC-Council Foundation is awarding these categories.


Ethical Hacker of the Year


This award resonates strongly with EC-Council Foundation’s mission of global cyber security, r
einforced by the Certified Ethical Hacker certification. The award highlights the critical role that ethical hackers play in identifying, reporting and patching weaknesses in the world’s cyber infrastructure. The finalists include: 

Marc Rogers Information Security & IT Expert at CloudFlare, Ankur Chandrakant, Cyber Security & Forensics Expert at Cyber Radix Academy for Future Technology; Zechariah Akinpelu, Team Lead, Application and Database Security Control at Fidelity Bank PLC; Christopher Chavez, Cyber Security Consultant at Avyara Information Systems; and Ali Tabish, Sr. Information Security Analyst at Moon International Pak Pvt Ltd.


Penetration Tester of the Year


This award recognises the professional pen tester who embodies the very best principles of penetration testing. They do this by contributing to the industry and the positive view of information security professionals. The finalists are:

Bassem Helmy, Senior Security Consultant at Deloitte Middle East; Bastien Treptel, Director at Ctrl IT Pty Ltd; Srinivasan Subramaniam Muthukondapuram of Consulting Private Limited, Jonathan Paz Gamer & Black Box Pen Tester at RootByte; and Shitesh Sachan, Sr. Lead Application Security at hCentive.


Forensics Analyst of the Year


This award recognises the professional showing exemplary work in forensics analysis through innovation and meticulous performance of duties. The finalists include:

Andrew Case, Director of Research at Volexity; Ahmed Fawzy, Information Security Manager at Raya Contact Center; Muhammad Nuh Al-Azhar, Superintendent Police - Chief of Computer Forensic Lab. at Indonesian Police Forensic Laboratory Centre; Manish Aggarwal, Netowrk Security Analyst at Total IT Solutions Education Organization; and Yamikani Gogo Wilfred Hauya, Systems Support Officer at Malawi Revenue Authority.


The InfoSec Tech & Exec Gala will precede Hacker Halted, EC-Council Foundation’s largest annual cybersecurity conference, as well as the Global CISO Forum, the Foundation’s premier executive-level event. Tickets are still available for both events.


Monday, 1 August 2016

Becoming a Certified Ethical Hacker - 5 things you need to know

Photo Credit - The Preiser Project
‘Ethical hacker’ may sound like a contradiction in terms, but as the saying goes, ‘it takes one to know one’.

Businesses are increasingly realising the value of employing ‘white hat’ (ethical) hackers to employ the same tools and techniques as the nasty ‘black hat’ hackers, to find and close their IT systems’ security vulnerabilities.

If you’re serious about a career as an ethical hacker, gaining a certification is a powerful way to
demonstrate your expertise, and boost your employment prospects.


1) One certification to rule them all 


There is a wide selection of IT security certifications, for all levels of experience, and with various biases towards either the technical or managerial sides. But for ethical hacking the choice is easy, as one certification is regarded as the gold standard: the EC-Council Certified Ethical Hacker (CEH). By way of evidence: on ITJobsWatch, in the past 3 months 258 jobs cited ‘Ethical Hacker’ or ‘Ethical Hacking’, but 343 explicitly cited ‘EC-Council Certified Ethical Hacker (CEH)’.

The latest version of CEH, v9, was introduced at the end of 2015, so make sure this is the one you study. It offers incredibly comprehensive coverage of the latest techniques and methodologies, based upon the expertise of the world-leading experts at the EC-Council (International Council of Electronic Commerce Consultants). To give you an idea of the certification’s scope, you’ll gain exposure to over 2200 hacker tools.

You don’t need decades of previous experience in order to take the CEH certification. The EC-Council suggests two years’ IT security experience, although this is flexible if you have previous IT-related qualifications.

2) Do a course 


There’s often a choice with certifications whether to take a course, or self-study. With CEH, self-study is rather challenging, because it’s difficult to gain sufficient practice and ensure you are not accidently breaking the law!

On an official CEH course, you practice your skills on EC-Council's 140 labs covering a vast range of security vulnerabilities. Ethical hacking, probably more than any other IT skill, requires you to ‘think outside of the box’, so realistic mind-stretching practice environments are essential.

3) Be a child 


Ethical hacking is a creative and exploratory process. Yes, there is a suite of standard tools and techniques with which you need to be comfortable, but a mindset of almost child-like curiosity is essential. You’ll constantly need to find unexpected ways of using existing systems to expose the back doors that everyone else has overlooked.

The CEH course places a strong emphasis on teaching you to ‘think like a hacker’. It’s your job to take the red pill, and actively explore how deep the rabbit hole goes.

4) With great power comes great responsibility 


Perhaps as important as curiosity is a strong sense of responsibility. The CEH teaches you the same techniques that ‘black hat’ hackers use for malicious purposes. Consequently, you’re required to sign a form stating that you won’t misuse your knowledge.

The Computer Misuse Act, which mandates prison sentences for hacking, has no provision for curiosity or good intentions – so only ever attack live systems when you have explicit permission from the owner!

5) It’s big money 


Cyber attacks affected 1 in 4 UK businesses in 2015, costing the economy a staggering £34 billion. The cost of each breach was £1.46 million on average. It’s no surprise, then, that businesses are crying out for skilled staff to combat the problem – and they’re willing to pay.

As you may have gathered, the shortfall in certified ethical hackers is rapidly driving up salaries. The current median salary is a very respectable £57,500, having risen from £50,000 two years ago.

Thursday, 22 October 2015

Firebrand wins two EC-Council Global Awards 2015

 By Sarah Morgan

We are delighted to announce that Firebrand Training has won two honours at the EC-Council Global Awards 2015. Firebrand has been named EC-Council Accredited Training Centre of the Year. This extends a record-breaking run of successive awards to seven years. This is an achievement matched by no other training centre, bolstering Firebrand’s reputation as the elite EC-Council training centre.

Firebrand instructor, Richard Millett, has also been named in the Instructor Circle of Excellence for the second time. This is the third EC-Council award he’s won, after being named Instructor of the Year in 2014 and in the Instructor Circle of Excellence in 2011.




Reaction


Firebrand Training’s UK Managing Director, Emma Seaman said:

“We’re thrilled to hear of both Firebrand’s and Richard’s achievements at the EC-Council Global Awards 2015. We’re extremely proud of everyone’s hard work at the training centre to make it the very best in Europe. We’re especially proud of Richard’s commitment to his students and to improving their knowledge and skills on his EC-Council courses.”

Jay Bavisi, President of EC-Council, gave his opinion on the awards:

“We have some of the best training organisations representing EC-Council across the globe and they have again demonstrated the commitment to high quality training, winning them awards again this year”


How the awards were won


Firebrand picked up both the Accredited Training Centre of the Year (Europe) award and Instructor Circle of Excellence (Europe) award after being chosen from over 700 training centres, 107 countries and a huge group of EC-Council certified instructors, worldwide. EC-Council give their partners an extensive and rigorous set of criteria. After meeting these, Firebrand and Richard Millett were selected as the best in Europe in the two categories.

The Accredited Training Centre of the Year award recognises the training centres that provide the highest level of information security training. Courses include EC-Council’s flagship Certified Ethical Hacker, the Computer Hacking Forensics Investigator, the Network Security Administrator and the ECSA

The Instructor of the Year award highlights the instructors who’re best at giving their students a greater level of understanding and ability, enhancing their skills the most.
Here's what President of EC-Council, Jay Bavisi had to say about Firebrand Training when we caught up with him at EC-Council’s Hacker Halted event:  




About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 16 October 2015

Top 5 FAQs about CEH v 9

 By Sarah Morgan

EC-Council recently launched version 9 of their flagship Certified Ethical Hacker certification. This course contains the latest content in the field of ethical hacking and IT security. It will continue to develop the skills of IT professionals to protect businesses, reacting to and preventing cyber-attacks. But what’s different? What do you need to know about it? Here are the top 5 FAQs to explain all you need to know about CEH v9.

Q: How has the CEH v9 curriculum changed?

A: Largely, the structure of the course has remained the same. There are now 18 modules rather than 20. The two modules “Trojans and Backdoors”, and “Viruses and Worms” have been condensed into one module known as “Malware Threats”. Also, the modules “Buffer Overflows” and “Penetration Testing” have been removed. However, the majority of the content has been relocated to other areas of the course including the “System Hacking” and “Hacking Mobile Devices” modules.

There has also been changes to some of the content itself. Most notably, the inclusion of a Cloud Computing module. It applies general areas of security like service hijacking and penetration testing and covers cloud specific security and tools like CloudPassage Halo. This is a great addition as it reflects the current trend, with cloud technology now crucial to many businesses.

Q: Can I apply CEH v9 content to my business and my role? 

A: The skills you’ll learn will be the very latest available. The principle of the CEH course is to improve your skills and abilities in a practical environment and will prove its value most, in real-world situations in your workplace. However, it’s almost impossible to stay in front of hackers or predict what they’ll do next. But, you’ll have the most current skills in the industry, which’ll be invaluable when facing new types of cyber-attacks. 

If you’re not yet an ethical hacker, but looking to make the step forward in your career, having these up-to-date skills, and the certification to demonstrate it, will put you in the best possible position to boost your career.


Image courtesy of EC-Council


Q: Isn’t this knowledge harmful? Why make it so readily available?

A: EC-Council ensure that social responsibilities are fulfilled before they allow someone onto any CEH course. All candidates must have a minimum of two years IT security related experience before they can sit a CEH course. Plus, all candidates are required to sign an ethics agreement, which states they will respect the knowledge they learn and not misuse it in any way. Every CEH candidate must also agree that they will only use what they have learned for lawful actions. These processes and requirements make the course and the knowledge within, as safe as possible.

Q: I have CEH v 8, do I need to update it for it to be relevant? 

A: CEH v 8 is currently still available for you to sit but this won’t be the case for too much longer. If you already have version 8 or even version 7, your skills and knowledge will still be relevant and your experience is of course vital in helping you stay current.

In such an ever-changing industry though, it doesn’t take long for your skills to become out-dated. CEH v 9, with its additions of new attack vectors and addressing new vulnerabilities will be perfect when you want to update your skills. I would recommend getting your skills updated as and when you can, to ensure your skills don’t become out-dated. 

Q: Am I the right candidate to sit CEH v 9?

A: CEH v 9 has prerequisites much like previous versions. To meet these prerequisites you must have at least two years IT experience with a strong working knowledge of TCP/IP, Windows Server (NT, 2000, 2003, 2008, 2012) and a basic familiarity with Linux and/or Unix. 

If you’re looking to become an ethical hacker, it’s a great job choice for the future and the new CEH will stand you in good stead. Businesses of all sizes, are realising the value ethical hackers bring to a business. This is leading to the current trend of businesses recruiting more and more ethical hackers. CEH v 9 is the most current edition of the popular certification, covering more attack vectors than ever and updated for the most modern technologies. If you want the latest in ethical hacking knowledge and skills, CEH v 9 will provide exactly that.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 3 June 2015

The 5 best CEH certification books 2015


By Sarah Morgan


Cyber-attacks are now ranked amongst the top 10 global threats to your business, a survey from Aon Solutions revealed this week. It’s no surprise – security breaches can cripple your business infrastructure, leak private customer data and destroy your organisation’s reputation.

The IT security field is expected to grow 37% by 2022 and many security professionals are now taking the offensive and building their white hat hacking skills with EC-Council’s CEH certification.

The CEH v8 certification is an advanced certification, and to conquer it you’ll need to prove your expert white hat hacking knowledge. To help you do just that, here are our 5 best CEH certification books for 2015…


CEH: Certified Ethical Hacker Version 8 Study Guide – 14 Oct 2014
ISBN-13: 978-1118647677

Sybex’s Certified Ethical Hacker Version 8 Study Guide is perhaps the most popular preparation tool for the CEH certification.

The guide boasts a concise, easy-to-follow approach to the certification that covers all exam objectives with examples and hands-on exercises.

You’ll study everything you need to pass the CEH exam – including cryptography, footprinting, trojans and covert channels. Also included is a companion website, stuffed with study tools like practice exams, chapter review questions and electronic flashcards.

The guide is useable in both classroom and self-study scenarios. Plus, an average user score of 4.2/5 stars across Amazon (28 reviews) ranks this as one of the most sought-after books on our list.

Available in:


CEH Certified Ethical Hacker Bundle, Second Edition (All-In-One) – 1 Oct 2014
ISBN-13: 978-0071835572

A popular CEH revision guide from Matt Walker - a man with so many certifications after his name he makes the alphabet feel insecure.
Billed as a money-saving self-study bundle, this comprehensive package includes massive amounts of content:

  • CEH Certified Ethical Hacker All-in-One Exam Guide, Second Edition
  • CEH Certified Ethical Hacker Practice Exams, Second Edition
  • CEH Quick Review Guide

The All-in-One exam guide is your primary asset for CEH certification success. Inside, you’ll find complete coverage of all CEH exam objectives and topics.

Reviewers cite a desire for a greater focus on policy questions. Despite this it retains an impressive 4.1/5 star review average on Amazon (14 reviews)

Available in:


Certified Ethical Hacker (CEH) Cert Guide15 Dec 2013
ISBN-13: 978-0789751270

Authored by certification expert Michael Gregg and published by Pearson IT certification, this chunky 640 page CEH certification guide is certainly comprehensive.

As well as a companion to the CEH certification’s v8 topics, you’ll also focus on building your own study guide, complete with test preparation routines and review questions. A CD featuring two complete practice exams is also bundled with this certification guide.

Finally, you’ll get preparation hints and exam tips from leading security consultant, Michael Gregg.

Available in:


The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy – 1 Aug 2013
ISBN-13: 978-0124116443

Though not a CEH certification guide, this introductory book provides any aspiring ethical hacker with a solid foundation of ethical hacking knowledge – crucial for passing the CEH exam.

You’ll study the same hacking tools commonly found within the CEH certification, and learn how to use them to conduct real life penetration tests.

This book begins with the basics and guides you towards more advanced subjects such as post exploitation and access maintenance. This is an ideal book for anyone with an interest in penetration testing - especially useful for those starting down the path to their CEH certification.

Available in:


Official CEH CoursewareEC-Council

As well as study guides, you also have the option to simply purchase EC-Council’s official CEH courseware. This is everything you’ll need to pass your CEH exam - included in the official bundle is:

  • Three official EC-Council CEH books (lab manual and two courseware manuals with slides)
  • 6 DVDs

The labs showcased in the courseware are tested against the latest operating systems with all up-to-date patches and hot-fixes applied.

Plus, the 6 DVDs contain over 20GBs of guides on how to use the latest hacking and security tools alongside more than 1,000 minutes of videos demonstrating hacking techniques.

Purchase the official CEH courseware from EC-Council store.


Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 17 December 2014

Best IT certifications for 2015


By Sarah Morgan


Getting certified is a brilliant way to prove that you are as skilled as you say you are. But a certification doesn’t stand alone – if you can’t apply it, what’s the point? Now that 2014 draws to an end, let’s take a look at some of the best IT certifications for 2015 that will advance you to the next stage in your career.

The need for qualified IT professionals is now massively outpacing the supply – it’s estimated that Britain alone will need 500,000 new IT professionals over the next five years. And with the widespread uptake of technologies, like Cloud and virtualisation, getting certified in 2015 really will make all the difference.

2014 saw a barrage of cyber-attacks inflicted upon businesses around the world. In fact, more organisations fell victim to cybercriminals in 2014 than 2013, the US State of Cybercrime revealed. And reports are already predicting an increase in cybercrime for 2015.

So from security to cloud and project management qualifications - getting certified for 2015 could be one of the best decisions you make next year. Here's our list of the best IT certifications for 2015.


1. Microsoft MCSA: Windows Server 2012 

Support for Windows Server 2003 ends July 14th, 2015. Using the system after end of support could cost you up to £120,000 a year in custom support. You will also lose the ability to process online transactions via Visa & Mastercard as Windows Server 2003 will fail to adhere to PCI compliance.

Despite warnings from Microsoft, estimates from HP suggest 11 million systems are still running Windows Server 2003. This could be a cripple your business, come 2015, considering the estimated 3 to 18 months it takes to migrate a datacentre of 100+ servers.

Thousands of businesses will now be migrating to Windows Server 2012, making the MCSA: Windows Server 2012 certification a valuable asset. Get this cert and you’ll reduce the hassle of migration and be able to make the most of your new server software faster.

Start planning your migration today (if you haven’t already) and make it a smooth process for your organisation by taking the MCSA: Windows Server 2012 course.


2. EC-Council Certified Ethical Hacker

There was a 50% chance you were a victim of cybercrime in 2014, data from Microsoft revealed. The same is true for one-in-five small and medium businesses.

Certifications like EC-Council’s CEH are now becoming increasingly sought after for businesses of all sizes. After all, nobody wants to face a crippling security breach like Sony’s recent attack.

Protect your business from cyber attacks like this (image from Sony's recent breach)



























Take on the CEH in 2015 and you’ll get comprehensive ethical hacking and networking security training. On this course you’ll learn how to conduct penetration tests against your own systems. With the knowledge of a hacker at your disposal, you’ll identify and close security holes that a cybercriminal could otherwise exploit.

The CEH certification also qualifies you for a wide range of roles within IT security from Forensics Analyst to Application Security architect.


3. (ISC)2 CISSP

In the past year alone, cyber security vacancies have doubled with demand now overwhelming supply, according to data from Technojobs.

The CISSP is a global standard and widely recognised as the information and cybsersecurity benchmark cert. Achieve it and you’ll display solid proof of your rounded IT security experience as well as a common baseline and standardisation of knowledge.


Certifications like the CISSP are in demand (2014 saw a 10% growth in the average salary for cyber security professionals) as they are frequently required for the majority of senior roles within cyber security.


Protect your organisation from IT security threats of all kinds - find out how to become a CISSP.


4. Microsoft MCSA: Office 365

Take the Microsoft MCSA: Office 365 and position yourself to take advantage of Microsoft’s new Cloud focus. This is also your first step to achieving Microsoft’s new Cloud Productivity competency for your business.


Achieve this certification and you’ll use the power of the cloud to save time, money and free up your business’s resources. You’ll get the skills required to set up an Office 365 tenant, including federation with existing user identities. If you evaluate, deploy and maintain Office 365 services, or plan to in the future – this is the course for you.



5. VMware® vSphere 5.5 

Businesses continue to embrace virtualisation technology as a way to reduce cost and complexity of critical applications. ‘The always-on-business will become the norm across the globe’ writes Don Williams, Vice president at Veeam Software.

Users want continuous access and to keep up, businesses have turned to virtualisation technologies to provide this. Products like VMware’s vSphere enable businesses to virtualise their server resources and aggregate them into logical pools for use across the entire business.

vSphere 5.5 is the fix for costly infrastructure sprawl as it allows your business to run multiple operating systems and applications on a single computer. Gone are the days of having multiple servers running at sub-optimal capacity - virtualisation technology gives increased productivity by reducing physical servers and ensuring each is running at full capacity.

Learn how to apply virtualisation technology within your organisation in 2015, with VMware’s official vSphere 5.5 certification. Find out more here, but bear in mind, this certification may change with the release of vSphere 6 sometime in 2015.


6. Microsoft Specialist: Developing Microsoft Azure Solutions 

Cloud technology is growing and demand for Cloud qualified professionals is growing with it. In 2014, 56% of IT departments couldn’t find qualified staff to support their cloud projects and demand for ‘cloud-ready’ IT professionals is also set to grow by 26% in 2015, IDC reports.

Microsoft's Public Cloud offering, Microsoft Azure, continues to grow with more than 1000 new customers joining everyday. After investing $15 billion in building and maintaining the global datacentres that power the Azure platform, it’s clear Microsoft have big plans in the Public Cloud space for 2015. You can tap into the demand for cloud skilled professionals by looking at the newly released Microsoft Specialist certifications focusing on the Azure platform.



If you’re a developer, the Developing Microsoft Azure Solutions certification is a brilliant way to gain a greater understanding of the Azure platform in 2015. This specialist course, built for developers, teaches you how to establish your own Azure virtual network environment, construct Azure Virtual Machines, host azure websites and design resilient cloud applications.

If you already hold the MCSD: Web Applications cert, this qualification is a brilliant way for you to get a rounded understanding of the Azure platform for 2015.

To achieve the certification you’ll have to pass the Microsoft Exam: 70-532.


7. Implementing Microsoft Azure Infrastructure Solutions

This is the second of Microsoft’s new specialist Azure certifications. With it, you’ll learn how to migrate your on-premise infrastructure to Azure. You’ll also learn how to:
  • Plan and implement data services based on SQL
  • Deploy and configure websites
  • Publish content through CDNs
  • Integrate on premise Windows AD with Azure AD
To achieve the certification you’ll have to pass the Microsoft Exam: 70-533.


8. AXELOS PRINCE2 Foundation and Practictioner

PRINCE2 is the de-facto standard for project management in the UK and is held by 63% of all project management professionals. With over a million exams taken globally, it’s already recognised as the world’s most popular project management methodology.

This qualification covers the management, control and organisation of a project. It embodies years of project management best-practice and provides a flexible and adaptable framework that suits different projects.

The PRINCE2 remains a sought-after certification for 2015 as employers continue to demand this qualification for their project management roles.


9. Microsoft MCSE: Private Cloud

The MCSE: Private Cloud certification focuses on the skills to combine Windows Server and System Centre 2012 to build a private cloud for your business. This certification requires the MCSA: Windows Server 2012 as a prerequisite. 

To boost the uptake of this already popular cert, Microsoft have launched various initiatives to help IT professionals get the prerequisites for this in-demand cloud certification.

To find out more about how to get the MCSE: Private Cloud certification, check out Microsoft Evangelist, Keith Mayer’s step-by-step guide. Or, if self-study isn’t for you, take a look at this accelerated course.


10. CompTIA A+

Many an IT professional’s career has been built upon the solid foundations of the CompTIA A+ certification. In fact, over 1,000,000 people have achieved the A+ in the past 20 years.

Major brands - like Dell, HP and Lenovo – require that their technicians are A+ certified in order to service their products. It’s even supported by government branches like the US Department of Defence.

The skills you’ll get from this certification are vendor neutral, meaning they’ll remain universally applicable across your entire IT career.

If you’re new to IT then this cert is one of the best ways to break into the industry. Take the CompTIA A+ and set yourself up with a comprehensive base of IT knowledge for 2015.


If we missed any great certifications you’re planning on taking in the New Year, please comment below!

We supported our best IT certifications for 2015 with a lot of our popular blogs from 2014, take a look at them below:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.