EC-Council

Last updated
EC-Council
EC-Council (2001-present)
Company type Limited liability company
Founded2001;23 years ago (2001)
FounderJay Bavisi
Headquarters101 Sun Ave NE
Albuquerque
New Mexico, 87109, U.S.
Website eccouncil.org

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

Contents

History

Jay Bavisi is the Founder of EC-Council Holding Pte Ltd, [1] [2] the parent company of all of EC-Council Group of Companies. The first organization of the group, International Council of Electronic Commerce Consultants (EC-Council) was founded in 2001 in response to the September 11 attacks to certify professionals who could protect against attacks on electronic commerce.

EQT Private Equity invested in EC-Council in September 2021 [3] EC-Council is the creator of popular certification programs such as CEH, [4] [5] CHFI, ECSA/LPT and the Certified Ethical Hacker (CEH) program for white hat hackers in 2003. EC-Council became a certifier of training courses and exams instead of founding entirely new schools, mobilizing entrepreneurs in the information security training business. CEH courses were offered in more than 60 countries by 2007, and the program expanded rapidly. [6]

As of 2023, the CEH certification is part of the possible certifications to some cyber-security functions within the United States Department of Defense, as part of its Directive 8140. [7] [8]

In 2010, the EC-Council part of the organisations selected by the Pentagon to oversee training of Department of Defense employees who work in computer security-related jobs. [9]

Controversies, shortcomings and plagiarism

In May 2006, the website of the EC-Council was defaced, [10] and again in 2014, restored, then defaced, again, due to password reuse. [11] The attacker managed to exfiltrate sensitive data like passport pictures from the applicants, including notably Edward Snowden's. [12]

On at least two instances, the EC-Council's website has also been prone to Cross-site scripting vulnerabilities. In June of 2011, two vulnerabilities where discovered on, both on the "portal" subdomain. [13] [14] An additional vulnerability was found in May 2013. [15]

During 2011, an EC-Council employee has been using comments spam to advertise the Certified Ethical Hacker certification. This was called a "fictional theory" by Jay Bavisi, President of EC-Council, despite evidences proving otherwise. [16]

The EC-Council has also been holding sexist discourse on several occasions:

In March 2016, the website of the EC-Council was serving the Angler exploit kit. It took several days for the issue to be resolved. [18] [19]

In 2021, the EC-Council took its entire blog down due to apparent systematic copyright violations and plagiarism conducted by its marketing team. [20] [21] [16] [22]

Certifications

EC-Council offers professional certifications for the IT security field, such as Certified Network Defender (CND), Certified Chief Information Security Officer (CCISO), and Computer Hacking Forensics Investigator (CHFI). [23] It also offers certifications in fields related to IT security, including disaster recovery, software security, digital forensics, and general IT security knowledge.

Services and products

EC-Council University (ECCU)

EC-Council University (ECCU) was licensed by the Wyoming Board of Education in 2006, despite major concerns from the state Education Department, including the lack of clarity whether the "school would offer substantive academic activity". [24] It offers bachelor’s and master’s degrees in cybersecurity and graduate certificate programs since 2015. [25] [26]

EC-Council CodeRed

EC-Council CodeRed was launched in 2019 as a cybersecurity learning platform with a library of 4,000 video lessons. [27] It provides "microdegrees" on niche technical subjects. [28]

EC-Council Global Services

EC-Council Global Services (EGS) is the consulting services division of the EC-Council Group. It received CREST membership for its cyber incident response, penetration testing, and vulnerability assessment services in 2020. [29] [30]

EC-Council Aware

EC-Council Aware is a cybersecurity training app that was launched in 2020 for iOS and Android. [31]

EC-Council CyberQ

EC-Council launched its CyberQ platform in 2020. It is a cloud-based cyber range platform that automates the process of using cloud technology to deploy cyber targets. [32]

EC-Council events

EC-Council hosts various IT security conferences including Hacker Halted, Global CyberLympics, TakeDownCon, and Global CISO Forum. [33] [34] [35]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

Certified Ethical Hacker (CEH) is a qualification given by EC-Council and obtained by demonstrating knowledge of assessing the security of computer systems by looking for vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system. This knowledge is assessed by answering multiple choice questions regarding various ethical hacking techniques and tools. The code for the CEH exam is 312–50. This certification has now been made a baseline with a progression to the CEH (Practical), launched in March 2018, a test of penetration testing skills in a lab environment where the candidate must demonstrate the ability to apply techniques and use penetration testing tools to compromise various simulated systems within a virtual environment.

A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.

<span class="mw-page-title-main">Ankit Fadia</span> Indian author and speaker

Ankit Fadia is an Indian self-proclaimed white-hat computer hacker, author, and television host. He is considered to be a security charlatan. His work mostly involves OS and networking tips and tricks and proxy websites.

Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT Security. The event is currently in its 14th year. Also present at Hacker Halted is EC-Council's H@cker Halted | Academy, trainings and workshops led by EC-Council instructors and trainers.

Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.

A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts.

Michael Gregg is an American computer security specialist, businessman, author and co-author of several books, including Build Your Own Network Security Lab and Inside Network Security Assessment. He has also served as an expert witness before a congressional committee on cyber security and identity theft.

A brief history of computer hacking in South Africa.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

<span class="mw-page-title-main">Trishneet Arora</span> Indian entrepreneur

Trishneet Arora was born on 2 November 1993 in Ludhiana, Punjab, India. He is the founder and chief executive officer of TAC Security, a cyber security company. He was named in Forbes 30 Under 30 2018 Asia list and Fortune India 40 Under 40 2019 List of India's Brightest Business Minds.

Phil Agcaoili is a technologist, entrepreneur, and cyber security, information security, and privacy expert.

<span class="mw-page-title-main">Matt Zemlin</span>

Matthias "Matt" Zemlin is a German manager, cyber security and online expert, former film distributor, producer, director and actor.

Offensive Security is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni, and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.

William "Chuck" Easttom II is an American computer scientist specializing in cyber security, cryptography, quantum computing, and systems engineering.

Jack Cable is an American computer security researcher and software developer. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.

<span class="mw-page-title-main">John Jackson (hacker)</span> Security researcher

John Jackson also known as Mr. Hacking, is an American security researcher and founder of the white-hat hacking group Sakura Samurai.

Phil Venables is a computer scientist who has been the chief information security officer (CISO) at Google Cloud since 2020. He specializes in information and cyber security, as well as enterprise risk and technology risk. Previous to Venable's position at Google, he held a number of roles at Goldman Sachs and served on the Board of Goldman Sachs Bank. Since 2021, he has also been a member of the President’s Council of Advisors on Science and Technology (PCAST).

References

  1. "Jay Bavisi, Founder and CEO of EC-Council". Business Wire . Retrieved 7 September 2022.
  2. "EC-Council President and CEO Jay Bavisi". Business Insider . Retrieved 31 August 2020.
  3. "EQT Private Equity invests in EC-Council". Bloomberg . Retrieved 27 September 2021.
  4. "EC- Council empowers Students through a Seminar on Cyber Security". 12 September 2013.
  5. "EC-Council organizes a seminar on cyber security". India Infoline. 2 September 2013. Retrieved 27 July 2021.
  6. Slayton, Rebecca (2017-02-14). "Limn: The Paradoxical Authority of the Certified Ethical Hacker". Limn. Retrieved 27 July 2021.
  7. "Persectives on Building a Cyber Force Structure" (PDF). Retrieved 27 July 2021.
  8. "DoD Approved 8570 Baseline Certifications – DoD Cyber Exchange". public.cyber.mil. Retrieved 2023-05-18.
  9. "Pentagon trains workers to hack Defense computers". CNN . CNN . Retrieved 27 July 2021.
  10. "EC-Council.org Defaced in 2006". zone-h.org. Retrieved 2023-05-17.
  11. ""The Plague" returns to deface EC Council website | CSO Online". 2015-09-24. Archived from the original on 2015-09-24. Retrieved 2023-05-17.
  12. McCormick, Rich (2014-02-24). "Ethical hacking organization hacked, website defaced with Edward Snowden's passport". The Verge. Retrieved 2023-05-17.
  13. Nulled Byte. "Double nibble URI decoding XSS Vulnerability on EC Council website". The Hacker News. Retrieved 2023-05-17.
  14. "EC-Council Web Site Vulnerable to Several XSS". attrition.org. Retrieved 2023-09-13.
  15. "Charlatan: EC-Council Found Vulnerable to 2nd XSS". attrition.org. Retrieved 2023-05-17.
  16. 1 2 "Who on earth would be trying to promote EC-Council University via comment spam on my website?". Graham Cluley. 2022-07-19. Retrieved 2023-05-17.
  17. 1 2 Dallaway, Eleanor (2021-04-11). "The Story of the EC-Council Gender Survey Scandal: Survey Creator Says "It Was Written by Women so it Can't be Sexist"". Infosecurity Magazine. Retrieved 2023-05-17.
  18. "Website of security certification provider spreading ransomware". Fox-IT International blog. 2016-03-24. Retrieved 2023-05-17.
  19. Goodin, Dan (2016-03-24). "Certified Ethical Hacker website caught spreading crypto ransomware". Ars Technica. Retrieved 2023-05-17.
  20. "Security training org EC-Council pulls blog over copyright violations, promises editorial improvements". The Daily Swig | Cybersecurity news and views. 2021-06-28. Retrieved 2023-05-17.
  21. "Ethics in Cybersecurity Marketing – Principles of Value Contribution". Alyssa Miller. 2021-06-23. Retrieved 2023-05-17.
  22. "Errata: Charlatan - EC-Council (ECC)". attrition.org. Retrieved 2023-05-17.
  23. "The Case for Cybersecurity Certifications". www.govtech.com. 13 January 2018. Retrieved 27 July 2021.
  24. Gruver, Mead (January 10, 2006). "State licenses online school". Casper Star-Tribune. Archived from the original on February 7, 2023. Retrieved February 7, 2023. Despite an ongoing push among state education officials to rein in unaccredited colleges and universities, the Wyoming Board of Education on Monday granted a state license to EC-Council University, an unaccredited school that will provide online computer technology degrees from an office in Laramie.
  25. "About Us | Cybersecurity University". EC-Council University. Retrieved 27 July 2021.
  26. "Directory Of Accredited Institutions". www.deac.org. Retrieved 2023-05-17.
  27. SemiColonWeb. "CodeRed | Stream Premium Cybersecurity Courses | Learn Anytime Anywhere". CodeRed. Retrieved 27 July 2021.
  28. SemiColonWeb. "CodeRed Microdegrees | Learn In-Demand Advanced Cybersecurity Skills". CodeRed. Retrieved 27 July 2021.
  29. "CREST Member Companies". service-selection-platform.crest-approved.org. Retrieved 27 July 2021.
  30. "EC-Council Global Services Receives CREST Membership". 24-7 Press Release Newswire. Retrieved 27 July 2021.
  31. CISOMAG (14 October 2020). "Looking for an End-user Training Program? EC-Council's Aware App is Just for You". CISO MAG | Cyber Security Magazine. Retrieved 27 July 2021.
  32. "CyberQ – Advanced Cyber Range Solution Provider | EC-Council". cyberq.eccouncil.org. Retrieved 27 July 2021.
  33. "Finalists for EC-Council Foundation's 2019 Global Cyberlympics Announced". PRWeb. Retrieved 27 July 2021.
  34. Goldmeier, Jeremy. "White-Hat Hackers: Meet the geeks who make computing safer by exposing its flaws". Riverfront Times. Retrieved 27 July 2021.
  35. "Global CISO Forum". PRWeb. Retrieved 16 October 2013.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.