The benefits of the CEH certification
The US Department of Defense (DoD) issued the directive 8570.1 in 2005 instructing everybody that handles US government IT to have baseline IT certifications, including ethical hacking. This is one of the most important reasons cybersecurity professionals pursue the CEH certification.
Besides being an industry standard, the CEH certification is internationally recognized, making it valid and valuable in IT industries across the world.
It is also a valuable certification on any IT résumé. It means a candidate understands how hackers think, and with everything that's been going on recently as far as hacking and technology are concerned, IT experts with this certification are, and will remain, in high demand.
Is the CEH certification right for you?
You will get the most out of this certification if you are a cybersecurity officer within your company or if you are a penetration tester, internal or external auditor, security professional-standard administrator or consultant site administrator, or a techie home user who wants to know how secure your environment is.
The requirements and the skills you need to become a CEH
There are standards to maintain as a CEH. This includes skills, values, and ethics from the International Council of E-Commerce Consultants (EC-Council) Code of Ethics, which you can find at https://www.eccouncil.org/code-of-ethics. The most critical of these requirements include the following:
- Privacy
- Disclosure
- Area of expertise
- Unauthorized usage
- Authorization
- Disclosure
- Project management
- Knowledge sharing
- Confidence
- Legal limits
- Underground communities
Let's look at them in detail.
Privacy
Ethical hackers come across information they are not allowed to use, steal, share, modify, change, or destroy. From security numbers to customer databases and intellectual property, their access is unlimited. It is their responsibility to guard that information at all times.
Disclosure
It is not uncommon for ethical hackers to uncover things that are uncomfortable to see, watch, or talk about. If they stumble upon such information or content, their duty is to report it. They owe it to the authorities or the concerned people to disclose everything they discover, however unsettling, gross, grave, or discomforting.
Area of expertise
An ethical hacker should not misrepresent themselves, feigning to know more than they do. Ethical hacking demands honesty about what an ethical hacker can and cannot do and openness about their level of knowledge, skill sets, and limitations. If you lack the necessary experience or training to handle something that's outside your realm, it is ethical to ask the company or employer to get an expert to handle it.
Unauthorized usage
An ethical hacker is to avoid using illegal or unethically obtained software and hardware. Also, if they uncover evidence of unauthorized usage in a company, they should not accept bribes to keep their lips sealed or join in for personal gain.
Authorization
An ethical hacker needs to limit themselves to using resources, data, and/or information in authorized ways. Also, when working, an ethical hacker lets the company know how they intend to use data or information. They should also ensure that they get consent where necessary and avoid cutting corners.
Disclosure
When an ethical hacker discovers an issue in hardware or software, they verify with or notify the hardware manufacturer that their product is faulty before going public with information about the vulnerability. If the manufacturer does nothing about it, they blow the whistle to save users and share the solution if possible. Some folks would refer to this as a zero-day vulnerability, meaning that the vulnerability has been discovered before the vendor has any idea that it exists.
Project management
Ethical hackers need great management skills to be efficient and to manage their projects effectively. They need to set clear goals, have a reasonable project timeline, and communicate.
Knowledge sharing
Ethical hackers commit to learning, keeping abreast with new developments, sharing new discoveries, engaging fellow EC-Council members, and creating public awareness. They do this by teaching or giving free lectures, spreading information on social media platforms, and enlightening the people they know on securing hardware and software and how to use this knowledge.
Confidence
Confidence, as an ethical hacker, means you should always present yourself in a professional, honest, and competent manner. This means even when you're competing with someone else for a particular project. In layman's terms, no backstabbing, folks. Now, as we go through the chapters in this book, we're going to be introducing some tools that can be extremely dangerous to networks. As an ethical hacker, you need to make sure that you have experience with any software, tricks, or tools you utilize against a network. An engagement is not the time or place to learn a new tool or technique. You need to be extremely careful. Do not fix issues you discover that are not within the scope of your project. Even if you think you know what's best for your company or their company, you always get guidance and permission for any action. There is no compromise. What we mean by this is that you are in no way going to purposely compromise or cause a company or organization's system to become compromised through the process of your professional dealings with them.
Legal limits
Whatever project an ethical hacker accepts needs to be approved, authorized, and legal. The code of ethics informs all their decisions. They always know what they are doing and what's expected of them; they are aware of their limitations, know what they can and cannot do, and know what's considered fair play and what's malicious.
Underground communities
Ethical hackers commit to not engaging in black-hat activities or associating with communities of black-hat hackers. They don't aid or help black-hat hackers advance their mission; they only engage them to find out what's new, what they know, what they do, and how they think.
