Feature

CEH certification gains credence in IT security domain

A strong foothold in his favorite subject was what Nikhil Srivastava was looking for when he went in for EC-Council’s Certified Ethical Hacker (CEH) certification. Srivastava, a security researcher with Ahmedabad based TechDefence, believes his CEH certification course provided him the impetus to enter the information security domain. He has since gone on to complete the next level in EC-Council’s hacking and countermeasures courses, that of a licensed penetration tester (LPT).

Srivastava is one of many young IT professionals in the country opting for this specialist course today. The CEH certification exam is offered by Albuquerque, New Mexico based EC-Council, an international member-based organization, certifying individuals globally in various e-business and information security skills. 

EC-Council’s CEH certification has become highly sought after with instances of companies such as Tata Consultancy Services (TCS) making CEH certification a compulsory prerequisite for security-related posts.

Why CEH?

According to Sanjay Bahl, pen-testing country lead for a leading security consultancy, the CEH certification is definitely a practical value addition, and he is actively using the skills he picked up in his training on a day-to-day basis. Bahl has over five years of experience in the security space and believes that there is high demand for the CEH certification in the market.  “CEH is the course to go for someone wanting to move into the security domain in any organization,” says Bahl, adding that it provides a good start for learning Web applications security and understanding the finer nuances of vulnerabilities and exploits.

According to Ananth Dwivedi, an IT professional at TCS with over three years in the security domain, the CEH certification course makes you look at security from the hacker’s perspective. The CEH certification focuses on taking an offensive rather than defensive stance towards security. A security professional today needs to know how to perform penetration testing and exploit vulnerabilities in order to understand and effectively counter new-age threats -- something that the CEH certification provides. “The focus is not merely on script-kiddie use of tools but rather on understanding the concepts involved,” says Srivastava.

Others tend to agree. However CEH certification has also come under criticism in recent times for having a large and unmanageable syllabus, which in some cases is also outdated. In addition certain quarters in the infosec community believe that CEH certification does not provide adequate focus on Web app and wireless pen-testing. That said, the CEH certification has been recognized as a premier security certification from such bodies as the US Department of Defense (DoD) and the US National security agency (NSA). The US DoD has included the CEH certification program into its directive 8570, making it a mandatory standard to be met by service providers under its US cyber defenders program.

As Satish Das, CSO and VP (ERM – Enterprise Risk Management) at Cognizant puts it, it boils down to individual choice. The CEH certification has a lot to offer right from novice-level security to techniques used in penetrating and defending critical infrastructure. A candidate with CEH certification and relevant experience is certainly favored in the industry today. “Of the several professional certifications available, having a CEH certification is definitely a merit in this domain,” says Das.

http://cdn.ttgtmedia.com/rms/security/CEH_certification_Salaries.JPG

CEH Certification salary trends in India. Image Courtesy: payscale.com

According to Bahl, the CEH certification course is regularly updated by EC-Council to reflect new techniques, exploits and automations, and offers a good insight into concepts such as XSS and SQL injections. He plans to go further and qualify as an LPT and CHFI (certified hacker, forensic investigator).

The benefits of obtaining CEH certification can be summarized as follows:

  • A perspective into the hacker mindset: Unlike traditional security exercises, CEH certification inculcates an understanding of the hacker mindset, enabling anticipatory and proactive security measures.
  • Holistic understanding of risks and vulnerabilities: The way the CEH examination is structured into domains provides a rock-solid foundation to understand the part risks play in an organization’s a daily routine.
  • Understanding exploit evolution: The CEH certification helps in understanding the complete exploit life-cycle. This enables security professionals look at security holes objectively and determine possible attack vectors, rather than merely responding to attacks.
  • Springboard for advanced certifications: Subsequent to CEH certification, candidates could further explore the security domain and follow-up with forensics, penetration testing and audit certifications.

<<Back to index.

Getting CEH certified

The CEH certification course requires a minimum of two years’ security-related experience as an eligibility criterion. The course itself is a 5-day affair with 19 modules. The fees for the CEH certification examination are USD 300. The CEH certification training course is offered by EC-Council in India through authorized training centers (ATCs), which are associated with distribution partners, such as ComGuard in India. You can download a list of ComGuard’s ATCs here.

According to industry experts, the CEH certification exam is a tough nut to crack and requires in-depth knowledge of the subject. The CEH certification course includes modules on intrusion detection, buffer overflows, DDoS attacks, session hacking, forensics, incident management and so forth (details here), which are conducted in a lab environment at the ATCs to simulate real world scenarios.

All candidates must sign a mandatory agreement pledging to not misuse any of the skills learned in the course and to adhere to the law of the land in the use of these skills. The CEH certification exam is also allows candidates to pursue self-study and attempt the exams on their own. Candidates attempting CEH certification on their own are also required to submit a CEH certification eligibility application and obtain authorization from EC-Council prior to sitting for the exam.

<<Back to index.
      >>Get EC-Council/ComGuard's list of ATCs for CEH certification in India (PDF)<<


This was first published in May 2012