In this fireside chat episode, DDLS Cybersecurity Lead Jeremy Daly and DDLS Technical Instructor Louis Cremen discuss the Certified Ethical Hacker training course including what to expect in terms of content and labs and the types of students who take the course.
You can even get insights on penetration testing and the next steps you can take along your career development in cyber security.
Who is a Certified Ethical Hacker?
A Certified Ethical Hacker is a specialist typically working in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems. A C|EH® understands attack strategies, and the use of creative attack vectors, and mimics the skills and creativity of malicious hackers.
Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take all precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert ethical hackers who use their attack skills to uncover vulnerabilities in the systems.
In September 2022. EC-Council launched a new and exciting update to CEH (Certified Ethical Hacker) and that is V12.
What is C|EH® v12?
The Certified Ethical Hacker has been battle-hardened over the last 20 years, creating hundreds of thousands of Certified Ethical Hackers employed by top companies, militaries and governments worldwide.
In its 12th version, the Certified Ethical Hacker provides comprehensive training, hands-on learning labs, practice cyber ranges for engagement, certification assessments, cyber competitions, and opportunities for continuous learning into one comprehensive program curated through our new learning framework:
What does the CEH course material include?
The EC Council CEH certificate is the most trusted ethical hacking certification and accomplishment recommended by employers globally. What can you expect when you work on gaining the Certified Ethical Hacker (CEH) credential?
It covers about 20 different domains, with the first few two days focusing on different kinds of attacks. It also includes labs to help students hone their skills.
Louis and Jeremy also discuss the next steps after CEH along the cyber security or defence career development path.
Access CEH and other cyber security training
DDLS aims to enable you and your teams to thrive in the digital landscape of tomorrow. This means making training and certifications accessible. Enquire about our delivery modalities via DDLS Anywhere. We offer instructor-led, virtual instructor-led and self-paced learning for the certified ethical hacker course across our campuses: Sydney, Perth, Canberra, Adelaide, Brisbane, Melbourne in Australia, Auckland, Wellington and Christchurch in New Zealand and in BGC in the Philippines.
You can find information on the cybersecurity training that we deliver - including CEH - in partnership with EC-Council, ISACA and CompTIA when you access our brochure. You can also reach out to our team to discuss your cybersecurity training requirements.
Video Transcript on CEH Training Fireside Chat
Jeremy: Welcome to another fireside chat where I invite our cyber security technical instructors to join me to talk about individual cyber security courses we offer through DDLS.
Today we're going to be discussing what I think is a pretty cool course. it certainly has one of the coolest titles out of all the cyber security courses that we offer -- EC-Council's Certified Ethical Hacker.
And joining me to discuss this course once again is Louis Cremen. Louis, thanks for coming today.
Louis: I'm going to be here - just let me get into the hacking hoodie just give me a moment. This is also on fire but this is someone else on fire uh so rather than me. So let me just also get in the mood here, there we go. I can't be a hacker without a hoodie so, it’s important that I make this as cringeworthy as possible.
Jeremy: Excellent! So, the Certified Ethical Hacker. I mean, the title says it all but what is this course about? What are students actually sitting on this course going to learn?
Louis: I love this course; this is a really good course. So it's a certified ethical hacking class and whenever I use the phrase "ethical hacking" people always ask me, "Does that mean you're hacking Russia and China?" I'm like, "No, that's not what ethics are."
Please go read an ethics book. But in this case, the ethics that EC-Council pushes is really quite simple. It really is, "Are we doing, performing an attack with permission?" That is really the main focus.
And so, whenever an organisation deploys a new piece of software or a new system or a new something, they want to make sure it's secure.
And yeah, you can do that through ticking boxes and going "Oh, did we do this? Yeah, we did."
But a really good way to get a good level of assurance is to actually, try to attack it like an attacker. You know, perform the same things that an attacker would actually perform in order to breach the network, breach the system, breach the security and get access to a database or to users or to personal information or sensitive data, whatever it may be.
And so, the certified ethical hacking class has about 20 different domains. The first you know, two days, really heavily focusing on sort of network attacks.
And then, a lot of other attacks including where it would take web location attacks, denial of service, sniffing packets, doing man-in-the-middle and then the new one looks at things like IoT hacking, OT hacking like looking at industrial control systems, SCADA (supervisory control and data acquisition) systems, power plants.
And then also looking at cloud hacking and then looking at cryptography -- another very popular topic in securities, cryptography.
But yeah looking at sort of a whole bunch of different topics and giving people labs, slides and knowledge to perform these attacks.
Again, the ethical part is really that they are doing it with permission of the owners of the infrastructure they are uh they are performing the attack on.
Jeremy: Excellent! So, it sounds like a chocka block full of content and labs as well to practice their skills on. So, if we think of people who are wanting to sit the certified ethical hacker.
Yeah who are they and what kind of professionals are coming into the courses that you deliver and why are they there?
Louis: Yeah so, I get a lot of people. I get a lot of different types of people.
If I'm honest, the main bulk has probably been in that system admin or network admin group that wants to take their already existing knowledge and then get into the cyber security field but do it in a way that doesn't sound boring. That's really the first step.
There is that like [group of] "This course sounded interesting, I've done a lot of configuration, I've done a lot of uh you know, risk, or a little bit a lot of controls, a lot of things. I want to see what an attacker can do. And so, knowing what an attack he can do, I can then look into putting up the right defences.
That's probably the most common student I get in this class, "I want to know how attacks happen so I can create better defences."
The other side of the coin I get is people who want to learn how to do the attack so they can get into that penetration testing area.
Penetration testing is basically similar to the idea of ethical hacking, but with a lot more methodology and a lot more report writing, a lot more professional. And so they want to go down this path.
And this course is a really good foundation course for them to do that because there's just a lot of knowledge that is sort of passed across this class.
So those are sort of the two main types of people. But I have had others I have had people who have development backgrounds, like web development backgrounds and go, "Okay, I want to know how web attacks work." As opposed to system and network engineers. I've had, people who, you know, want to understand how you know information security works and they want to know from the attack perspective.
Because understanding the attacks is a great way to then focus on defences or at least to sort of know what's out there. So, I do get a lot of different types of people.
But again, two main focuses are the people who want to go from their current field into the security field via a sexy topic like a CEH or the people who want to get into penetration testing using this as their first stepping stone to a greater certification or into a position in that area.
Jeremy: So, this course runs for five days. There's a lot of labs included as well. When do they do these labs? Like, we understand that they won't necessarily do them during the five days but are the labs there for them to go back and try different attack vectors, different systems, different methodologies? And I guess to build on those skills.
And is having these labs, is it a requirement to actually do them all if they are going to sit the exam? Or is this more to help them hone their skills and understand, you know, what each step does to achieve the end result?
Louis: It's a really good question. So when we look at the labs - I think the EC-Council gives us over 75 labs. I think I run about maybe 40 or 50 then throughout the week. So, I do get through a pretty good chunk of them. But I certainly don't go through all of them. In fact, I basically hand-pick some and go "I like these ones, don't worry too much about these.
And so, we go through a lot of content and then we go through labs for five days. And they get access to those labs for six months.
So, once they have, well once they're done using it throughout the class, they can continue their studies for six months or they can just set it up as a sandbox. They can just play around try things, do it again, because we, you know, went through a bit quite quickly in the class or they can really download their own tools in this sandbox, again, have a play around rather than setting up their own environment.
Do they need to use this to pass their exam? No, it is not a necessity to go through all 75 labs certainly. It helps, certainly helps to go through the lab content.
They get an exam voucher from us. The exam voucher is for the multiple-choice exam. You know, getting through a lot of content is good enough for the multiple-choice exam. Obviously, labs will always help.
There is a practical exam, and the labs will certainly help the practical exam if they want to go on that path. We don't give them a voucher for that one.
If they do both, they get what is called a "CH Master," which is something I've got and that means you have passed both the EC-Council exams.
But the majority of people go down just the multiple-choice path because they get the CEH certification.
Jeremy: Excellent! So once they've sat CEH, what would be next for them? What would you recommend as the next steps after CEH?
Louis: It depends on the type of person. I've had students that have used this to get into the security fields but not stay in the ethical hacking space, not staying in the penetration testing space. They've stayed in the defence space.
And if they do that, I've had a few students do this, they've sat with me in CEH and then a year or two years later, have come to start a CISSP class with me because they're now at a more senior level.