As a cybersecurity professional, once you have conquered the foundational security certifications, there is an overwhelming number of paths you can pursue.
Cybersecurity is the toughest technical specialty to hire for, according to Global Knowledge’s IT Skills and Salary Report. Forty-three percent of IT decision-makers worldwide say cybersecurity jobs are the hardest to fill. This means there is high demand for qualified security professionals, who have proven skills to fulfill job requirements.
You should always ground your next certification based on the job you have or toward the job you want. If you’ve heard of concepts such as “certified ethical hacking,” “cyber forensics,” “penetration testing,” or “network defense” and these interest you, you should consider EC-Council certifications.
EC-Council’s mission is to “create a better, safer world through awareness and education.” They create courseware and certifications in a variety of security topics including the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), EC-Council Certified Security Analyst (ECSA) and Licensed Penetration Tester (LPT) programs.
This quick reference guide will highlight the various certification tracks to help you find your path through the EC-Council programs.
EC-Council breaks their certification programs up into six tracks, each one focusing on a different element of cybersecurity.
The six tracks are:
- Vulnerability Assessment and Penetration Testing
- Cyber Forensics
- Network Defense and Operations
- Software Security
The Foundation Track was designed for computer users. It provides foundational training on cybersecurity awareness and basic security knowledge. It consists of three certifications. The Foundation Track was designed for computer users. It provides foundational training on cybersecurity awareness and basic security knowledge. It consists of three certifications.
CSCU is an introductory certification to basic security awareness and fundamental security knowledge. It will help prove that you can limit your exposure to the common threats that users face online like identity theft, e-mail hoaxes, hacking and social engineering attacks, among others.
ECSS continues where CSCU left off by testing your knowledge of information security. Specifically, you will be expected to understand how to protect data against confidentiality, integrity and availability attacks as well as utilizing proper access control to keep data secure.
ECES will prove your knowledge of the field of cryptography. You will be expected to demonstrate your understanding of the various encryption algorithms as well as how these ciphers are used in Information Technology such as disk encryption and VPNs. With the knowledge gained from studying for this certification, you will be better prepared to select and deploy appropriate encryption technology for your organization.
Vulnerability Assessment and Penetration Testing certifications
This track is one of the most well-known EC-Council tracks. These certifications focus on the defensive and offensive sides of security testing to reduce your attack surfaces. This track consists of four certifications.
- CND - Certified Network Defender
- CND is designed for network administrators to learn how to make their networks more resilient against attacks and to detect and respond to intrusions. Essentially, this is a defensive security certification.
- Related training: CND - Certified Network Defender
- CEH - Certified Ethical Hacker
- CEH is designed for security experts to learn the hacking techniques of real threat actors so they can better prepare for the threats and identify the vulnerabilities before they are exploited. Essentially, this is an offensive security certification. Once you achieve the CEH certification, you can pursue the title of CEH Master by completing a practical evaluation that tests your skills in real-world situations.
- Related training: CEH - Certified Ethical Hacker v11
- CPENT – Certified Penetration Testing Professional
- CPENT is designed to test your penetration testing expertise. With this certification, you prove that you have what it takes to bypass the perimeter security of an enterprise network, pivot into other subnetworks, design exploits, and ultimately defend your enterprise from these attack techniques. Successfully passing this certification at a 90% or higher also gives you the LPT Master certification.
- LPT - Licensed Penetration Tester
- This 18-hour long practical examination is designed to separate the masters from everyone else. You will be required to demonstrate mastery in advanced pen-testing techniques and tools in real-life scenarios. It is an intensive exam designed to push you and prove that you have what it takes to do penetration testing in the real world.
Cyber Forensics certifications
The Cyber Forensics track is designed to train and certify professionals to investigate cyberattacks and collect evidence securely, often to present in a court of law to prosecute a cybercriminal. This track starts with Core certifications CND and CEH (see above). You would then proceed with the following advanced certifications.
- CTIA - Certified Threat Intelligence Analyst
- CTIA is a “comprehensive, specialist-level program that teaches a structured approach for building effective threat intelligence” including planning and reporting on threat intelligence as well as addressing all stages of the Threat Intelligence Life Cycle.
- ECIH - EC-Council Certified Incident Handler
- ECIH requires a strong understanding of the nine stages of incident handling to minimize the impacts and loss following security incidents in the enterprise.
- CHFI - Computer Hacking Forensic Investigator
- Whether your goal is to work for law enforcement or to help an organization with internal investigations and audits, CHFI will prove your knowledge of the forensic process, including evidence gathering, data recovery and analysis.
- Related training: CHFI - Computer Hacking Forensic Investigator v9
Network Defense and Operations certifications
The Network Defense and Operations track is focused on the ability to defend the network from threats by doing proper incident response and disaster recovery. The Core of the NDO track includes CND (see above) but also has advanced-level certifications, including CTIA and ECIH (see above).
- CSA - EC-Council Certified SOC Analyst
- The SOC is one of the most important teams in an enterprise security program. They are on the front lines of incident response monitoring and triaging alerts to catch security incidents before they do any damage. This certification, perfect for Tier 1 and Tier 2 analysts, shows that you have the know-how to function in a dynamic enterprise-level Security Operations Center with an entry-level or intermediate-level skillset. A good candidate for this exam will understand log management and correlation, SIEM deployment, advanced incident detection, and incident response.
- EDRP - EC-Council Disaster Recovery Professional
- When disaster strikes your organization, you must rely on skilled execution of Business Continuity and Disaster Recovery plans. EDRP is a certification that validates a candidate’s ability to plan, strategize, implement, and maintain a BCP and DRP.
Software Security certifications
In today’s world where everything is available online, it’s never been more important than it is now to secure web applications. However, there is a significant drought of security-focused application developers. In this track, emphasis is given to the importance of developing applications with security as part of the design rather than as an afterthought or add-on.
To complete this track, you would start with CND and CEH (see above), and end with CPENT and LPT (see above). In between are two certifications focused specifically on two common web application technologies, Java and .Net.
- CASE Java - Certified Application Security Engineer Java
- The CASE Java certification tests the knowledge and skills of a developer to implement security throughout the Software Development Life Cycle (SDLC), specifically with the Java application platform.
- CASE .Net - Certified Application Security Engineer .Net
- Like CASE Java, CASE .Net tests the knowledge and skills of a developer to implement security throughout the SDLC, specifically with the .Net application platform.
The governance track is focused on security leadership through the CCISO-Certified Chief Information Security Officer.
This certification is broken into five domains:
- Security Risk Management, Control, and Audit Management
- Security Program Management and Operations
- Information Security Core Competencies
- Strategic Planning, Finance, and Vendor Management.
The goal of this certification is to give the security executive the skills to strategically lead the security efforts of his or her organization and ensure that those security efforts stay in line with the overall business strategies and objectives.
Popular EC-Council Training
Enrolling in formal training classes immerses you in a learning environment designed to help you rapidly develop the critical skills and concepts, as well as certification prep. As a multi-time EC-Council Training Center of the Year award winner, our class quality is recognized by EC-Council. Our courses are led by expert instructors with real-world experience. You practice applying what you learn with virtual, hands-on labs and collaborate with fellow IT professionals.