Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

EC-Council Courses certified by the NSA !!!

eccYes, this isn’t a mistake, and I’ve not been drinking. I received a nice email from the people at EC-Council letting me know that the “EC-Council Courseware certified to have met the CNSS Standards by the United States National Security Agency (NSA) and the Committee on National Security Systems (CNSS)”. The press release goes on to detail the EC-Council courses (including CEH, ECSA and LPT) that have been been certified to meet the training requirements for information security professionals in federal government.

My first reaction was that this must be come kind of scam. I was waiting for the part where they ask me for my credit-card number so I can receive a new certificate and security level. Alas, this was not to be. Those who’ve read my blog or my articles know that my view on EC-Council and in particular their CEH, ECSA/LPT track isn’t a good one. I’ve been through the training and to this date (maybe for not much longer) I’m still certified as a CEH and ECSA. I’ve refused to pay the $500 a year required to be an LPT however, as, well, it’s a farce. Still, back to the point. I’m not sure what changes EC-Council have made since my experiences with version 5 of the CEH course, but from what I’ve heard and read, they’ve only increased the size of the course and done nothing to improve the low quality of the training and material.

I’m not sure what the thinking behind this certification was, however I’d love to hear your opinions. Does this change your view on the quality of CEH candidates ? or has it just lowered your opinion of the technical competence of the NSA. I know where my feelings on the matter lie.

EC-Council Press Release –> HERE

4 responses to “EC-Council Courses certified by the NSA !!!

  1. Tomasz Miklas June 6, 2009 at 13:32

    It doesn’t change anything about candidates or the courseware (but surely questions NSA’s vetting process). It just means that EC-Council’s marketing works better than many others and now they have something they can show around and say “look how cool we are”.

  2. Pingback: ctrl-alt-del.cc

  3. CG June 14, 2009 at 03:45

    its simple… they are requiring CEH to do just about anything IA related for .gov/.mil. i’d expect to see it in the updated 8570 whenever that comes out.

    to justify it, they are certifying it

  4. ChrisJohnRiley June 21, 2009 at 08:31

    I understand the reasoning from the government side, but it still raises the question of why pick the EC-Council to train their workers in information security (management and technical). I can think of a number of better companies to offer this service that would actually make people respect the knowledge learned for these jobs.

    Still, as you said, it’s .gov/.mil, so who knows what they’re thinking. I just hope that the US Cyber Defense doesn’t consist of people purely with CEH qualifications. That would be bad for everybody involved.

%d bloggers like this: