Are you interested in a career in cybersecurity? Then you may have heard of the CEH certification. This certification is highly sought after by professionals in the field, and for good reason.
In 2005, the US Department of Defense issued a directive requiring anyone who handles US government IT to have baseline IT certifications, including ethical hacking. This is one of the reasons why cybersecurity professionals pursue the CEH certification. It’s not only an industry standard, but it’s also internationally recognized and valid in IT industries across the world.
Having a CEH certification on your résumé is a valuable asset.
It demonstrates that you understand how hackers think, and with the recent rise in hacking incidents, professionals with this certification are in high demand.
So, who should consider obtaining a CEH certification? If you’re a cybersecurity officer in your company, a penetration tester, an internal or external auditor, a security professional, a standard administrator or consultant site administrator, or even just a tech-savvy home user who wants to know how secure their environment is, then this certification may be right for you.
But what does it take to become a CEH? There are standards to maintain, including skills, values, and ethics from the International Council of E-Commerce Consultants (EC-Council) Code of Ethics. You can find more information about these requirements at https://www.eccouncil.org/code-of-ethics. Some of the critical requirements include privacy, disclosure, area of expertise, unauthorized usage, authorization, project management, knowledge sharing, confidence, legal limits, and underground communities.
Let’s look at each of them in detail.
Privacy: Ethical hackers have access to sensitive information like social security numbers, customer databases, and intellectual property. It is their responsibility to protect this information and not use, steal, modify, change, or destroy it.
Disclosure: Ethical hackers may come across unsettling or uncomfortable information or content, but their duty is to report it to authorities or concerned people. They must disclose everything they discover, regardless of how grave or discomforting it may be.
Area of expertise: Ethical hackers should be honest about their level of knowledge, skill sets, and limitations. They should not misrepresent themselves and should ask for an expert’s help if they lack the necessary experience or training.
Unauthorized usage: Ethical hackers should avoid using illegal or unethically obtained software and hardware. They should also not accept bribes or join in for personal gain if they uncover evidence of unauthorized usage in a company.
Authorization: Ethical hackers must use resources, data, and information in authorized ways. They should let the company know how they intend to use the data and ensure they get consent where necessary.
Disclosure: Ethical hackers should verify with or notify the hardware manufacturer when they discover an issue in hardware or software before going public. If the manufacturer does nothing, they should blow the whistle to save users and share the solution if possible.
Project management: Ethical hackers need to have great management skills to be efficient and manage their projects effectively. They should set clear goals, have a reasonable project timeline, and communicate effectively.
Knowledge sharing: Ethical hackers commit to learning, keeping up with new developments, and creating public awareness by teaching or giving free lectures, spreading information on social media platforms, and enlightening the people they know about securing hardware and software.
Confidence: Ethical hackers should always present themselves in a professional, honest, and competent manner, even when competing with someone else for a project. They should be experienced with any software, tricks, or tools they utilize against a network and not fix issues outside the scope of their project.
Legal limits: Ethical hackers should only accept approved, authorized, and legal projects and follow the code of ethics in making decisions.
Underground communities: Ethical hackers should not engage in black-hat activities or associate with communities of black-hat hackers. They should not aid or help black-hat hackers advance their mission and only engage them to learn what’s new, what they know, what they do, and how they think.