EC-Council (2001-present) | |
Company type | Limited liability company |
Founded | 2001 |
Founder | Jay Bavisi |
Headquarters | 101 Sun Ave NE Albuquerque New Mexico, 87109, U.S. |
Website | eccouncil |
EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.
Jay Bavisi is the Founder of EC-Council Holding Pte Ltd, [1] [2] the parent company of all of EC-Council Group of Companies. The first organization of the group, International Council of Electronic Commerce Consultants (EC-Council) was founded in 2001 in response to the September 11 attacks to certify professionals who could protect against attacks on electronic commerce.
EQT Private Equity invested in EC-Council in September 2021 [3] EC-Council is the creator of popular certification programs such as CEH, [4] [5] CHFI, ECSA/LPT and the Certified Ethical Hacker (CEH) program for white hat hackers in 2003. EC-Council became a certifier of training courses and exams instead of founding entirely new schools, mobilizing entrepreneurs in the information security training business. CEH courses were offered in more than 60 countries by 2007, and the program expanded rapidly. [6]
As of 2023, the CEH certification is part of the possible certifications to some cyber-security functions within the United States Department of Defense, as part of its Directive 8140. [7] [8]
In 2010, the EC-Council part of the organisations selected by the Pentagon to oversee training of Department of Defense employees who work in computer security-related jobs. [9]
In May 2006, the website of the EC-Council was defaced, [10] and again in 2014, restored, then defaced, again, due to password reuse. [11] The attacker managed to exfiltrate sensitive data like passport pictures from the applicants, including notably Edward Snowden's. [12]
On at least two instances, the EC-Council's website has also been prone to Cross-site scripting vulnerabilities. In June of 2011, two vulnerabilities where discovered on, both on the "portal" subdomain. [13] [14] An additional vulnerability was found in May 2013. [15]
During 2011, an EC-Council employee has been using comments spam to advertise the Certified Ethical Hacker certification. This was called a "fictional theory" by Jay Bavisi, President of EC-Council, despite evidences proving otherwise. [16]
The EC-Council has also been holding sexist discourse on several occasions:
In March 2016, the website of the EC-Council was serving the Angler exploit kit. It took several days for the issue to be resolved. [18] [19]
In 2021, the EC-Council took its entire blog down due to apparent systematic copyright violations and plagiarism conducted by its marketing team. [20] [21] [16] [22]
EC-Council offers professional certifications for the IT security field, such as Certified Network Defender (CND), Certified Chief Information Security Officer (CCISO), and Computer Hacking Forensics Investigator (CHFI). [23] It also offers certifications in fields related to IT security, including disaster recovery, software security, digital forensics, and general IT security knowledge.
EC-Council University (ECCU) was licensed by the Wyoming Board of Education in 2006, despite major concerns from the state Education Department, including the lack of clarity whether the "school would offer substantive academic activity". [24] It offers bachelor’s and master’s degrees in cybersecurity and graduate certificate programs since 2015. [25] [26]
EC-Council CodeRed was launched in 2019 as a cybersecurity learning platform with a library of 4,000 video lessons. [27] It provides "microdegrees" on niche technical subjects. [28]
EC-Council Global Services (EGS) is the consulting services division of the EC-Council Group. It received CREST membership for its cyber incident response, penetration testing, and vulnerability assessment services in 2020. [29] [30]
EC-Council Aware is a cybersecurity training app that was launched in 2020 for iOS and Android. [31]
EC-Council launched its CyberQ platform in 2020. It is a cloud-based cyber range platform that automates the process of using cloud technology to deploy cyber targets. [32]
EC-Council hosts various IT security conferences including Hacker Halted, Global CyberLympics, TakeDownCon, and Global CISO Forum. [33] [34] [35]
Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.
The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.
Certified Ethical Hacker (CEH) is a qualification given by EC-Council and obtained by demonstrating knowledge of assessing the security of computer systems by looking for vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system. This knowledge is assessed by answering multiple choice questions regarding various ethical hacking techniques and tools. The code for the CEH exam is 312–50. This certification has now been made a baseline with a progression to the CEH (Practical), launched in March 2018, a test of penetration testing skills in a lab environment where the candidate must demonstrate the ability to apply techniques and use penetration testing tools to compromise various simulated systems within a virtual environment.
A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.
Ankit Fadia is an Indian self-proclaimed white-hat computer hacker, author, and television host. He is considered to be a security charlatan. His work mostly involves OS and networking tips and tricks and proxy websites.
Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT Security. The event is currently in its 14th year. Also present at Hacker Halted is EC-Council's H@cker Halted | Academy, trainings and workshops led by EC-Council instructors and trainers.
Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.
A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts.
Michael Gregg is an American computer security specialist, businessman, author and co-author of several books, including Build Your Own Network Security Lab and Inside Network Security Assessment. He has also served as an expert witness before a congressional committee on cyber security and identity theft.
A brief history of computer hacking in South Africa.
A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).
Trishneet Arora was born on 2 November 1993 in Ludhiana, Punjab, India. He is the founder and chief executive officer of TAC Security, a cyber security company. He was named in Forbes 30 Under 30 2018 Asia list and Fortune India 40 Under 40 2019 List of India's Brightest Business Minds.
Phil Agcaoili is a technologist, entrepreneur, and cyber security, information security, and privacy expert.
Matthias "Matt" Zemlin is a German manager, cyber security and online expert, former film distributor, producer, director and actor.
Offensive Security is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni, and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.
William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.
Jack Cable is an American computer security researcher and software developer. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.
John Jackson also known as Mr. Hacking, is an American security researcher and founder of the white-hat hacking group Sakura Samurai.
Phil Venables is a computer scientist who has been the chief information security officer (CISO) at Google Cloud since 2020. He specializes in information and cyber security, as well as enterprise risk and technology risk. Previous to Venable's position at Google, he held a number of roles at Goldman Sachs and served on the Board of Goldman Sachs Bank. Since 2021, he has also been a member of the President’s Council of Advisors on Science and Technology (PCAST).
Despite an ongoing push among state education officials to rein in unaccredited colleges and universities, the Wyoming Board of Education on Monday granted a state license to EC-Council University, an unaccredited school that will provide online computer technology degrees from an office in Laramie.