Business News Daily receives compensation from some of the companies listed on this page. Advertising Disclosure


EC-Council Certification Guide: Overview and Career Paths

Ed Tittel and Kim Lindros

EC-Council offers some of the best-known ethical hacking and penetration testing certifications. This guide will help you get started with EC-Council's popular CEH and LPT credentials as well as other information security certs and career paths.

EC-Council certifications

The International Council of Electronic Commerce Consultants (EC-Council) is a professional organization headquartered in Albuquerque, New Mexico. The organization is known around the world as a leader in information security education, training and certification. Many people recognize EC-Council as the creator of the Certified Ethical Hacker (CEH) and Licensed Penetration Tester (LPT) certifications, but the non-profit organization offers numerous other well-recognized credentials.

The EC-Council certification program focuses on vendor-neutral security certifications, covering topics such as ethical hacking, penetration testing, encryption and forensics, plus incident handling and response. Passing a single test and completing a set of agreement forms are required to achieve most EC-Council certifications, although a few certifications also impose additional and strict work experience and prerequisite requirements.

EC-Council certification program overview

Candidates just starting in the field of computer security and who wish to add certifications to their resumes could start with the entry-level EC-Council Certified Secure Computer User (CSCU) certification, and then move on to the Certified Security Specialist (ECSS) credential.

If your ultimate goal is ethical hacking, the next step is to acquire the Certified Ethical Hacker (CEH). EC-Council considers the CEH a core certification to prepare candidates to advance to more advanced or specialized credentials but it is not a formal prerequisite. For penetration testing, a candidate must achieve the EC-Council Certified Security Analyst (ECSA) and finally the Licensed Penetration Tester (LPT) certifications. The EC-Council maps out its entire Career Path designations on its Career Path page, where it breaks its offerings into Fundamental, Intermediate, Advanced, Specialist and Expert levels.

A few of the specialized security career paths and related EC-Council certifications include:

  • Senior security forensics: Computer Hacking Forensic Investigator (CHFI)
  • Disaster recovery specialist: EC-Council Disaster Recovery Professional (EDRP)

We provide an overview of these and a few other notable EC-Council certifications in the following sections.

EC-Council entry-level certifications

Certified Security Computer User

The Certified Security Computer User (CSCU) is an entry-level certification aimed at individuals with a basic understanding of protecting information assets. A CSCU candidate can recognize social engineering and identity theft tactics, understand how to secure operating systems, as well as protect systems using antivirus applications and data encryption. A CSCU certified professional performs data backup and disaster recovery, applies internet security techniques, and secures network connections, online transactions, e-mail communications and mobile devices.

As with most EC-Council credentials, a single exam is required to earn this certification. The CSCU is a good alternative to the CompTIA Security+ certification, especially for candidates interested in following the EC-Council career paths.

As depicted on its Career Path page, the EC-Council offers no certifications beyond the CSCU at the Fundamental level. It does, however, offer fundamental courses on a variety of topics, including network security (FNS), information security (FIS), computer forensics (FCF) and secure programming (FSP). These first three courses fall under the Information Security heading, with the last under Applications Security.

CND: Certified Network Defender

The Certified Network Defender (CND) certification aims at network and IT administrators, based on a job task analysis and cybersecurity education framework created by the National Initiative on Cybersecurity Education (NICE), under the supervision of the U.S. National Institute of Standards and Technology (NIST). CND candidates must be well-versed in the "protect, detect and respond" approach to network security. They must also possess an in-depth understanding of physical and network security, and security standards and policies. Additionally, CND candidates understand network threats, intrusion detection and prevention, firewalls, troubleshooting, hardware and OS hardening techniques, log analysis, application and web security, e-mail security, authentication, encryption and cryptography. A single exam is required to earn this certification.

CEH: Certified Ethical Hacker

The Certified Ethical Hacker (CEH) is perhaps the best-known certification from EC-Council. CEH candidates must be able to think and act like a hacker (but always, behave like a good guy, in keeping with the organization's ethical standards). A CEH knows how to use hacking techniques against wired and wireless networks, web applications, web servers and mobile platforms. In addition, a CEH professional knows about Trojan threats, denial of service attacks, SQL injection and other threats, and is comfortable performing penetration tests. Of course, he or she also knows how to counter such threats, and can provide information and assistance to do so.

To obtain the CEH, candidates must pass a single exam. Exam details are available on the EC-Council website, along with a relevant Exam/Cert FAQ.

ECSA: EC-Council Certified Security Analyst

Aimed at information security analysts, network server administrators, risk management professionals and system administrators, the EC-Council Certified Security Analyst (ECSA) certification recognizes individuals who understand penetration testing methodologies, plan penetration tests and analyze their outcomes. The ECSA is a professional-level certification and sufficient in its own right but also serves as the penultimate stepping stone on the way to Licensed Penetration Tester (LPT) certification. To achieve the ECSA, candidates must pass both a performance-based exam, for which they perform penetration exercises and then submit a written report, plus a written exam.

LPT: Licensed Penetration Tester

The Licensed Penetration Tester (LPT) is considered the most rigorous and prestigious of all penetration testing certifications — a master-level certification in the EC-Council program. An LPT certified professional understands best practices for penetration testing and is familiar with related regulatory and organizational compliance requirements. LPT candidates are thoroughly familiar with all aspects of the LPT penetration testing framework, and can successfully perform multiple types of penetration tests. Including SQL injection, cross-site scripting and exploiting LFI and RFI vulnerabilities in web applications.

To achieve the LPT, candidates must first document one of these prerequisites: a current ECSA certification, at least two years of penetration testing experience or another approved industry certification (see the FAQ for details). In addition, all candidates must pass a rigorous, in-depth background check. Then, the candidate must apply to sit for the LPT exam, after signing onto the EC-Council's Code of Conduct. Only then can testing proceed, as explained in detail on the EC-Council website.

CHFI: Computer Hacking Forensic Investigator

The Computer Hacking Forensic Investigator (CHFI) certification recognizes individuals who understand computer forensic and analysis techniques, such as foot printing, reconnaissance, scanning, evidence collection and preservation. A CHFI professional can also determine the value of data as potential legal evidence. This certification is geared toward system administrators, security professionals and law enforcement and military personnel, among others. Earning the CHFI requires passing a single exam.

EDRP: EC-Council Disaster Recovery Professional

The EC-Council Disaster Recovery Professional (EDRP) certification aims at security professionals who spend most of their time identifying and detecting threats and vulnerabilities to IT systems, assessing risks and fine-tuning a disaster recovery plan. Such security pros are also prepared to dive in when a security breach occurs. A person with an EDRP certification understands the entire disaster recovery and business continuity process. Thus, they know how to perform risk assessments, and take a leadership position during a security incident or crisis. Here again, earning an EDRP requires passing a single exam (see the EDRP page for details, including exam and training information).

More EC-Council Security Certifications

EC-Council offers several other upper-level security certifications including:

Of special note, the CNDA is available only through certain government agencies and requires the CEH certification along with a CNDA application. The CCISO requires five years of information security and management experience in each of the CISO domains, as well as a passing score on the CCISO exam.

Information security professionals who earn EC-Council certifications will find themselves eligible for a variety of jobs. To some extent, those depend on the actual EC-Council credential or credential they might earn. The EC-Council's base level credential for practicing information security professionals is the ECND, or EC-Council Certified Network Defender. This certification identifies its holders as able to install, configure, manage and maintain an organization's security infrastructure, including firewalls, endpoint security, intrusion detection and other typical protection technologies.

Another important EC-Council certification is the Incident Handler (ECIH) credential, which identifies individuals who can deal with security breaches, and see them through analysis, diagnosis, and identification phases, and provide recommendations for their mitigation or correction. This job tackles security events and problems in real time as they occur in companies and organizations.

Though most of the other EC-Council certifications fit broadly into the area of information security, its various credentials clearly target such job specializations as ethical hacking (CEH), encryption (ECES), security analysis (ECSA) and forensics (CHFI). Penetration testing is an important part of maintaining a proper security posture and required in many compliance regimes, so the Licensed Penetration Testing (LPT) credential has significant value for specialists and full-time practitioners in this arena. These are most likely to pop up in the context of boutique security firms that specialize in penetration testing, or in information security arms of larger consulting companies. Only occasionally does one find opportunities to conduct penetration testing as an employee of the firm or organization to be tested: most simply aren't big enough to fund such positions internally.

Other specialty or niche certifications from the EC-Council also target specific job roles. The various Secure Programmer credentials (in Java and .NET programming) target software developers and teaches them how to design, build and maintain secure applications and services. The Chief Information Security Officer (CCISO) credential targets the chief security executive position in large companies and organizations and is surely a pinnacle position for most individuals who occupy that job.

The Certified Network Defense Architect (CNDA) credential targets ethical hackers in government agencies rather than those in the civil sector. And the Disaster Recovery Professional (EDRP) identifies IT professionals who can help companies or organizations plan, implement and maintain safe and effective disaster recovery systems and procedures for their employers or clients.

EC-Council certifications are well-recognized and respected in the IT sector. And while the CEH may enjoy the biggest name recognition among the dozen-plus credentials that the EC-Council offers, all of them offer valuable skills and knowledge to IT professionals pursuing their various fields of coverage.

Training and resources

Associated training is available for most of its certifications, and the EC-Council highly recommends training before attempting any of its certification exams. Candidates who decide to forgo official training must complete an eligibility form, prove minimum work experience and pay $100. Some exams are administered through Prometric and Pearson VUE testing centers, but many come from EC-Council's own online Exam Portal. Check the certification web page for whichever EC-Council certification you wish to pursue.

Outside official channels, aftermarket coverage of EC-Council certifications varies by credential. Thus, you can find dozens of books on the CEH, and an equal number of practice tests and video- or classroom training materials. But for lesser-known or less-popular credentials – the CCISO or the EDRP, for example – coverage falls under a "slim to none" description (one book for the EDRP, none for the CCISO, and similar results for practice tests and training outside official EC-Council outlets).

Image Credit: