Over the last 6 months EC-Council have been implementing their new ECE points system for retaining your qualifications (ISC² style). Now I’ve blogged before a few times on the C|EH, ECSA and L|PT qualifications, so I don’t want to re-hash those view. However, the whole ECE points rollout has been one disaster after another. Although the system was meant to be released at New Year, nothing appeared. When the members on the forums asked questions, nobody answered. Emails where pretty much the same, with an occasional mindless response that made no attempt to even answer the question at all. However, we (the forum members) persevered, and were rewarded a few months late with the brand new ECE portal in all it’s glory. It was buggy, badly designed and the points were wildly disproportionate. If you did a course with EC-Council, or talked at an EC-Council event, you’d get 4 times the points than if you talked at something like DefCon. A truly WTF moment if I’ve ever had one. Anyway, things got better. To EC-Council’s credit, they took some of the comments from the forum users and actually made some changes to the points system. They added Security related Podcasts to the list, and changed the points allocations. Things were on the upturn.
Fast forward a few months and I’ve added a few things to the points list. After all, no matter what I think of the quality of the qualification it seems a waste to just not spend 5 minutes filling out the form to retain it. Well, maybe it is a waste, but that’s something I’ll consider in the future. Added to the points list are a number of security related books I’ve read, as well as the SANS GPEN course/exam and an article I’ve written for Linux Magazine about Snort IDS. No problems so far, everything is fine and dandy. That is until I write an article for Hakin9 magazine about security training. I added it to the ECE system yesterday while I was taking a 5 minute break from breaking a web-app.
I thought nothing of it… that is, until I get an email asking for a copy of the article. Suddenly EC-Council wants to see proof that I’ve written an article. They don’t want proof of the Linux Magazine article, the SANS course, or anything else I’ve done. However, an article on security training is something different it appears. I’m not so worried about loosing my C|EH/ECSA status (never bothered paying for the L|PT) if EC-Council dislike my article, but seems like they’re not a big fan of criticism when it comes to their courses.
I’ve replied asking them for clafficiation why they need proof for only this item and not the others. We’ll see what they give as a reason. Maybe they’re just getting their act together on checking these things, but I doubt it. If the article was about something else, I doubt they’d care to check. Things smell a little fishy to me.
i wont rant how you shouldnt say you have a lifetime certification and then change that but on the article note…maybe they were just curious to read it and were too cheap to buy the magazine? for fun you should just send them the first page that has your name on it but not the full thing 🙂
I agree in part about the change from life-time to points based. However I support the move in general. It’s about the only thing that EC-Council have done right since I’ve been certified. It’s just the way they handle it that makes so many people mad. I know a business can’t survive without revenue, but EC-Council seem to think that everything they do needs to make more money for themselves. The points system was just another thing to prompt their events, webinars and training.
EC-Council sent a reply to my email and said that you only have to provide proof on request. The email is, as history has shown, not an answer to the question. At least not a direct one. As the article isn’t on the shelves yet, I told them they can wait. When it’s out in circulation, I’ll just send them the ISBN-number or a link to the subscription site I think 😉 I don’t need to points that much anyway.