Professional development

The Ultimate Guide to EC-Council Certifications: Overview & Career Paths

Susan Morrow
April 17, 2018 by
Susan Morrow

Of the top ten most valuable companies, four of them are in technology and the rest are based on technology. Out of this explosion of tech and the digitization of industry, we have also had the digitization of crime. Cybercrime is the scourge of the 21st century. The latest report from Cybersecurity Ventures shows cybercrime will cost the world around $6 trillion every year by 2021. This is a strong indicator there is a serious problem and someone has to fix it — could it be you?

The cybersecurity industry is rapidly becoming the place to focus your career aspirations. But techniques and practices in cybersecurity are fast-moving and often highly sophisticated. Cybersecurity is an exciting and challenging industry to work in with a continuous need for education to keep up with changes.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

As a result, organizations need the best people to deal with this rapidly advancing situation. Any person who likes a challenge and is good at solving problems is an asset to the industry.  And the industry is calling out for good cybersecurity folks. In the report mentioned earlier, it was also found organizations are struggling to recruit people into cybersecurity. By 2021, there are expected to be 3.5 million unfilled positions in the industry. This vacuum will drive salaries upwards; the current U.S. median salary for a cybersecurity analyst, at entry-level, is around $75,000.

Cybersecurity is the great equalizer. It offers an interesting and stimulating career for both men and women. Driven by unfilled posts and the incentives of high pay, interesting career paths and often flexible working, cybersecurity is a job for all.

Breaking Into the Information Security Industry

When discussing modern-day threats, Warren Buffett recently stated, “I don’t think that nuclear probably is quite as likely as either primarily biological and maybe cyber.”

With this sobering thought, the security industry has an urgent need for knowledgeable people to take on the growing pressures of cybersecurity threats. The EC-Council formed following the 9/11 attacks. Founder Jay Bivisi predicted the next biggest threat facing organizations and countries would come in the form of cybercrime — and he was spot on with his prediction.

To build the security task force needed by organizations across the globe, EC-Council developed a series of certifications and a degree program to train and ready cybersecurity specialists. The certifications and accreditations were developed to help build your knowledge base and credentials. EC certification gives you the knowledge you need to boost your career pathway in cybersecurity.

How to Select the Best EC-Council Certification for Your Career Stage & Goals

There are a number of certifications to choose from. You might find yourself thinking “Where should I start?” To help you make your choice, we’ve pulled together a quick guide to EC-Council certifications. Each certification is grouped by professional level to help you make the best certification choice for your career stage and goals.

Entry-Level EC-Council Certifications

The following are starter courses that will give you a baseline understanding of cybersecurity. If you don’t have any experience in cybersecurity, or you haven’t worked in the area for a while, these offer a great way to gain or refresh your security skills.

1. Certified Secure Computer User (CSCU)

Who is this certification for? Cybersecurity Ventures stated 2018 will be the “Year of Security Awareness Training.” Security awareness is your first step toward understanding the vast array of security threats, how they are carried out and what to do to mitigate those threats.

How will this certification help me in the real world? Security awareness training is a really good place to start because it covers a broad area. It will give you the knowledge to spot cybersecurity threats, as well as strategies to mitigate them. Use this certification to kick-start your experience in cybersecurity.

2. Certified Encryption Specialist (ECES)

Who is this certification for? When you think of cybersecurity, you often first think of encryption. Encryption techniques have been the foundation stone of many security methodologies including data security and secure online communications. This course from the EC-Council teaches you the fundamentals of encryption, what is it and what can you do with it.

How will this certification help me in the real world? The course gives you hands-on training in setting up a VPN and using cryptographic algorithms such as AES. This sort of training is a good foundation for understanding where to apply encryption, which type of encryption to use and how to practically configure systems to implement encryption measures.

3. Certified Security Specialist (ECSS)

Who is this certification for? This is a short, three-day course that lays out the foundations of cybersecurity.

How will this certification help me in the real world? This is the perfect starter course to give you a grounding in cybersecurity concepts and terminology. It is a good starting point for those wanting to enter the profession. It is also useful for people who may work in a small organization to provide enough information to put simple security best practices in place.

Mid-Level EC-Council Certifications

Once you have mastered the basics, you are ready to move into the core EC-Council certification programs.

1. Certified Network Defender (CND)

Who is this certification for? Knowing how to secure a corporate network is a key requisite of cybersecurity training. This exam is based on security threats a modern enterprise network must withstand and the methods used to mitigate those threats. In addition to learning practical solutions, you will also be taught about security policy and strategy.

How will this certification help me in the real world? This course is ideal for network administrators. It is a practical course with job-task-type exercises. It is based on the cybersecurity education framework from NIST’s National Initiative for Cybersecurity Education (NICE).

2. Certified Ethical Hacker (CEH) & CEH (Practical)

Who is this certification for? Hackers, especially ethical hackers, are men and women of all ages. Passing the CEH exam shows you have the right skills and knowledge to be an ethical hacker. An ethical hacker is much like a malicious hacker in that they want to find where the vulnerabilities and weaknesses in a system are. However, a malicious hacker uses those vulnerabilities to infect networks with malware, steal data or shut down core processes. Ethical hackers instead use these vulnerabilities to show an organization where to focus security attention. 

To augment a CEH, the EC-Council also supports a Certified Ethical Hacker (practical) exam. This is a next-step exam after sitting the CEH exam. It is a hands-on, task-based exam where you are expected to put your CEH knowledge to use in twenty real-life scenarios.

How will this certification help me in the real world? An ethical hacker is an asset to a company, but can also go it alone. The skills afforded by a deep understanding of how to test a system are valuable in their own right. Ethical hackers often work for penetration testing companies who carry out valuable services for organizations that need to harden their systems against cybercrime.

This level of practical examination is highly valuable to an organization. If you are interested in online hacker training, Infosec's Ethical Hacking Boot Camp provides in-depth ethical hacking training sessions and teaches you all the tricks of the trade to become an ethical hacker.

3. Certified Security Analyst (ECSA)

Who is this certification for? Being analytical about a problem is a discipline that can be taught. Holding this EC-Council certification shows that you are able to look at a problem, work out the mechanisms of the problem and then develop a solution.

How will this certification help me in the real world? This course is designed to follow the CEH course. It takes the knowledge given to you from that course and shows you how to apply it. It also demonstrates your ability to penetration test.

4. Certified Network Defense Architect (CNDA)

Who is this certification for? This is a course designed specifically for government and military agencies. As such, it is restricted to those who work for those organizations.

How will this certification help me in the real world? Government and military employees in the role of a network administrator, security professional and auditor benefit from the knowledge gained from this course.

Expert-Level EC-Council Certifications

So you’ve made it through the various challenges of becoming a security professional. But, as in any other sphere of work, you need to improve your skills and keep up to date. To help you achieve this, the EC-Council offers a number of advanced courses.

1. Advanced Penetration Testing

Who is this certification for? This is a hands-on course designed to hone your skills in penetration testing. It takes you through the full pentesting cycle, from information gathering and testing to analysis and reporting.

How will this certification help me in the real world? The dedicated penetration tester and network administrator can benefit from this course.

2. Advanced Network Defense

Who is this certification for? Infosecurity is no longer just about technology, it is about the human beings behind the technology, both those who defend against attacks and those who carry them out. This course focuses on teaching you to think like a hacker and use this as a defense method.

How will this certification help me in the real world? This is a great exam to have under your belt because it gives you an insight into how cybercrime works. It is ideal for all types of security professionals.

3. Securing Windows Infrastructure

Who is this certification for? This is focused specifically on Windows security infrastructure. It is a deep dive into all aspects of Microsoft Windows security. This includes analysis of the Windows infrastructure and hardening methodologies.

How will this certification help me in the real world? Anyone who works as an IT or security professional in an environment that utilizes Windows will benefit from this exam.

4. Hacking and Hardening Corporate Web App/Web Site

Who is this certification for? Web-based attacks are a massive issue for any organization. In Q3 of 2017, Kaspersky labs dealt with 277,646,376 attacks against online resources. This exam gives you the knowledge to code your website or web app against these threats. The course requires some understanding of software logic.

How will this certification help me in the real world? The exam is designed for IT professionals, including software developers.

5. Advanced Mobile Forensics and Security

Who is this certification for? More people now use a smartphone than a desktop to access the Internet. This means the security professional has to pay particular attention to mobile technology. This exam is all about the forensic analysis of mobile threats, common attacks and exploits, and how to deal with them.

How will this certification help me in the real world? This is a useful exam for a mobile forensic practitioner as well as the general security professional.

Management & C-Level EC-Council Certifications

Cybersecurity as a profession has the top management role of chief information security officer (CISO). This is the pinnacle of the security professional career ladder and a much-revered job. The EC-Council offers a specific program to certify the CISO.

Certified CISO (CCISO)

Who is this certification for? The content of the exam has been adjudicated by a team of top security professionals. The exam is about more than just having the right technical knowledge, it is also about knowing how to implement that knowledge on the corporate level.

How will this certification help me in the real world? It will help give you the skills needed to become a CISO and to prove your value as a prospective CISO.

Specialist-Level EC-Council Certifications

The EC-Council offers a number of exams allowing you to specialize your skills. Having a specialty is a great way to show commitment to the industry and make you stand out from the crowd.

1. Computer Hacking Forensic Investigator (CHFI)

Who is this certification for? This exam shows you have the skills to forensically detect breaches and gather evidence.

How will this certification help me in the real world? A CHFI is able to work with law enforcement to gather the evidence needed to prosecute a cybercriminal.

2. Certified Incident Handler Program (ECIH)

Who is this certification for? The exam captures the skills required for effective cybersecurity incident response. In addition to teaching you how to handle incidents, it also sets out the laws, regulations and policies that need to be adhered to.

How will this certification help me in the real world? Any incident response team member would benefit from this exam.

3. Certified Secure Programmer (ECSP)

Who is this certification for? Security begins at the code level. Software vulnerabilities are a hacker’s delight because they allow computers and systems to be compromised. This exam focuses on creating programmers with the right skills to use secure coding techniques.

The EC-Council also offers a Java-specific course.

How will this certification help me in the real world? Anyone who writes application code or designs software should consider this exam.

4. Disaster Recovery Professional (EDRP)

Who is this certification for? The EC-Council started out as a reaction to a disaster, so it is fitting we end with their exam dedicated to managing cyber disasters. This exam gives the individual a deep understanding of the principles of disaster recovery and how to ensure business continuity.

How will this certification help me in the real world? This is suitable for IT professionals and will give a boost to the career of anyone working in the industry in an IT role.

How to Earn Your Next EC-Council Certification

Infosec offers one of the industry’s best Certified Ethical Hacker training courses. Their Ethical Hacking Boot Camp is a five-day course packed with hands-on labs and engaging lectures. 93% of students enrolling in this course pass EC-Council's Ethical Hacking exam the first time they take it.

Infosec also offers a penetration testing course that will put you in the top 5 to 10% of professionals with ethical hacking and pentesting skills. This course will prepare you for several of the EC-Council exams, including the CNDA.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.


The EC-Council offers a wide range of exams that can be used to demonstrate your skills, making you a valuable candidate and employee. Infosec, in parallel, has developed a series of training programs to give you the right knowledge for EC-Council exam success.


Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.