career

HOW CEH Certification can add VALUE to your RESUME

Certified Ethical Hacker (CEH) is a globally recognised qualification, which an individual obtains by proving his or her skillset of assessing the security of IT applications and networks by verifying the vulnerabilities or loopholes of the target systems, using the same methodologies, tools and techniques as a hacker, but in a lawful and legitimate manner with a due permission of IT system owners.

Information technology is an integral part of almost every business nowadays and so do Cyber Security. Using technology gives ease of access and fast processing of data, at the same time is also gives exposure to many risks which could harm the business and even lead to severe impacts sometimes. Information Technology and Cyber security going hand on hand now a days. Certified Ethical Hacker is one of the most popular certification which could help an individual to start or migrate their career in cyber security.

An IT of any organisation comprises of Network and Application, companies need to monitor and  secure both of these in order to safeguard their critical data. CEH gives a comprehensive overview of a Hacker’s mind set and methodology. We can replicate the same steps in our environment and find out loopholes which could attract any malicious user and patch them before they can get exploited.

 

 

Security Assessments has following steps:

Reconnaissance: Generally known as Recce or information gathering, of the target network or application.  This phase you collect the targets information from various public and private domains.

Network Scanning: Here we scan the networks or applications to find out the vulnerabilities or weakness in it and remember you need to do this in stealth mode else the target can identify the scan and can block your connection.

Gaining Access. Once we get the vulnerabilities you are good to enter or penetrate into the system by exploiting it and you can have even the Administrator or root access.

Maintaining Access: Here we learn how we can hide ourselves into the system by migrating to system files and then can have access for a longer time.

Covering Tracks: Once all the necessary information is captured now you would like to remove all your footprints or logs from the system so that you cannot get traced back.

Skillset of a CEH certified candidate:

  • A Certified Ethical Hacker knows multiple techniques of information gathering through different resources like publically available information, websites, social media and thus identifying the publically available weak link or the basic information of the tools and techniques used by the organisation.
  • A CEH knows various techniques to scan the network using customised commands and thus can identify the unnecessary ports or exploitable version of services present on company’s server and network
  • A CEH knows how a web application can be exploited for different kinds of vulnerabilities like SQL injection, privilege escalation, command injection, Cross site scripting (XSS), weak passwords, weak sessions etc.
  • A CEH knows how to identify vulnerabilities in Wi-Fi network and how to exploit it
  • A CEH is aware of different kinds of malwares and working methodologies of malware and also knows how to detect hidden malwares in files or software by performing reverse engineering
  • A certified CEH have a good knowledge of Cloud Computing and Internet of Things (IoT) hacking. Since IoT and Cloud Computing both are most used technologies now a days, and a CEH having good knowledge of security assessment of these can identify loopholes in these systems prior to getting exploited by a malicious user.
  • A CEH knows the security assessment techniques for mobile applications both android and is.
  • A CEH knows how the network devices like firewall, IDS, Honeypots works and how it can be exploited.
  • A CEH knows different techniques of sniffing a network and how to capture critical information travelling through networks. In this way he or she can help the organisation to find out vulnerabilities present in the network and the organisation can patch it before getting exploited.
  • A Certified Ethical Hacker knows different techniques to identify vulnerabilities which could lead to session hijacking of any web application.
  • In addition to all above skillsets a CEH also knows different tools like Nessus, Burp Suite, Wireshark, NMap, ZenMap, Metasploit , Acunetix and many tools which are commonly used in Security assessments

Scope after getting CEH

  • You can work as a Security Tester or Security analyst who is performing Vulnerability Analysis and Penetration Testing (VAPT) on web application, mobile application and networks
  • One can work as network security analyst in Security Operations Centre(SOC), where the organisations network is constantly being monitored and subsequent actions are taken against any kind of malicious traffic.
  • If you have good knack in programming languages, you can work as secure code reviewer, which is again a very demanding job nowadays.
  • If you have good knowledge of programming skills with a knowledge of ethical hacking you can work as an exploit writer. Many companies are working on this.
  • Last but not the least one can work as a freelancer Bug Bounty Hunter and can get paid well.

Ethical Hackers or Security Testers are the professionals who has very good knowledge of networks and applications, at the same time they know how to maintain security of both so that it can be safeguarded from hackers. Ethical hackers constantly test organisations applications, network devices networks and find out vulnerabilities in it and ask the IT team to patch those vulnerabilities.

Attaining cyber security skillset of along CEH certification is definitely a very good credential for one which can help anyone to lend a good job in any organisation.

Now a days many renowned companies are developing their own Cyber Security team and they also get their Infrastructure tested by third parties just to ensure on their security. While hiring a Third Party organisations are very particular about the individual’s qualification and experience, CEH certification is answer for that because it provide assurance about the candidate’s skillsets. As a whole CEH certification holds a good reputation in the industry,

#Tags:   Jobs, Hacking, Career, CV,Certification,

#Keywords: Cyber Security, CEH, Certified Ethical Hacker, Security Testing, information Security, IoTHacking,Mobile Application Hacking, Web Application Hacking

Information security has become a very lucrative career now a days. Every organisation is trying to build their Information security team because of regulatory compliances, market competition and last but not the least increase of cyber security risk on information systems.

Information security is associated in every field of organisation and at least basic awareness is expected from everybody, however a skillset is required to govern and drive the whole Information Security within an organisation.

One can jump into information security at different levels of his/her career, irrespective of his/her educational background. To make it more clear let’s consider few scenarios here

 

SCENARIO ONE

  1. Anyone who is planning to get into Information Security can start their planning from higher secondary level. In this case the student needs to opt for subjects like Physics Chemistry, Mathematics and IT/IP. Then he/she needs to opt for BTech in Computer Science of IT or BCA(Bachelors of Computer Applications).You can start preparing during your graduation, start formal trainings like on Networks and Servers, and make your fundamentals strong. Gradually by the end of your graduation you can go for CEH(Certified Ethical Hacker), which is an introductory course in Cyber Security.With all these expertise and certifications one can definitely start their career in InfoSec.

Tip: If you are planning for any certification during your graduation do it in the last year because a certification has an expiry date(mostly 3 years from the date of issue)

 

SCENARIO TWO

  1. If you are not an IT graduate, say you are pursuing B.Sc. or B.Com or B.A., even then you can work in information security. You need to do go for basic trainings network and server trainings like Scenario One. A lot of hard work, dedication and perseverance can make anything possible. A CCNA, Red Hat Linux, Server Administrations and CEH certification will definitely be helpful.

SCENARIO THREE

  1. If you are a working in IT (Information Technology) and now like to switch to information security first generate skill sets in networks, servers and basic cyber security skillset like network security or application security. Once you have good knowledge of Cyber Security, now you can pursue ISO/IEC 27001 Internal Auditor or ISO/IEC 27001 Lead Auditor or Lead Implementer training. After successful completion of training and certification one can start career as an Internal Auditor, Lead Auditor or Lead implementer respectively. You can also work as an Information Security Risk Assessor or a third party auditor.

SCENARIO FOUR

  1. If you are a senior level executive having basic skillsets of cyber security and you want a complete migration to Information Security domain, you can start with ISO 27001 Lead Auditor or ISO 27001 Lead Implementer, then gradually you can obtain CISA (Certified Information System Auditor) and CISSP (Certified Information System Security Professional). Certifications like CISA and CISSP are of very high value and one can be a top level information security executive like CISO(Chief Information Security Officer) of any organisation, however these position also requires managerial skill set along with technical skill sets.

SCENARIO FIVE

  1. If you are working at a senior position in any organisation in Sales, procurement or any other non IT department and you are fascinated with Information Security and want to pursue your career in it. Yes, you still have chance. What all you need to do is generate a basic skillset in Network and IT infrastructure and you are good to go.

Later on you can learn basics of Cyber Security like Ethical Hacking and can pursue different Information Security Certifications like ISO 27001, PCI-DSS, GDPR etc.

SCENARIO SIX

  1. If you are an IT graduate then you can also pursue Masters in Information Security, after this you can directly start your career in Information Security as a Consultant. MBA with Information Security is a good way to start your career in Information Security. Organisations hire these candidates because they can work both in technical and not technical domains.

SCENARIO SEVEN

  1. One with a non-technical background and having interest in Information Security can opt for a career in Cyber Laws. After pursuing this one can work as a Legal Consultant with any organisation. This job is also in demand because organisation faces many legal challenges pertaining to Information Security every other day and they need consultants and experts who can guide them in different scenarios.

SCENARIO EIGHT

  1. If you are a programmer in your existing job profile, you can learn secure coding techniques and hence you enter in information security domain. Now a days many attacks are happening at application level, because of flaws in existing source code. Knowledge in secure coding will definitely be an extra edge for your career and can give you a smooth entry in information security domain.

SCENARIO NINE

  1. If you have an investigative mind set then Computer forensics is a good option for you. This role comes into picture when any Cyber Security incident happens in any organisation. A Computer Forensics investigator check the systems and finds out the root cause of the problem, and later on organisation can patch or implement another corrective action on the issue and can prevent recurrence. CHFI (Computer Hacking Forensic Investigator) is a popular certification for this career.

SCENARIO TEN

  1. If you have a good knack of teaching, you can start your career as Information Security Trainer after completion of your graduation and basic Information Security training. Training is very lucrative career among many experienced professionals as well. There are many professionals who are involved into part time training and thus can start their career in Information Security.

 

From all the above scenarios we can clearly see that Information Security is a path, one cannot attain it overnight. Moving ahead step by step will ease your journey. All the steps in this are equally important. One needs a strong dedication and determination. With our changing business scenario, where the aspect of threat and risk is changing every other day one needs to be updates with the current regulator and statutory requirements.

Tags: BTech, BSc, Cyber laws, career, jobs in cyber security

Keywords : Information Security, Cyber Security, Forensics Investigator, ISO 27001, CISA,CISSP, CHFI, CEH, CCNA.

Visit Us On FacebookVisit Us On TwitterCheck Our FeedVisit Us On Linkedin