Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: LPT

EC-Council points

Over the last 6 months EC-Council have been implementing their new ECE points system for retaining your qualifications (ISC² style). Now I’ve blogged before a few times on the C|EH, ECSA and L|PT qualifications, so I don’t want to re-hash those view. However, the whole ECE points rollout has been one disaster after another. Although the system was meant to be released at New Year, nothing appeared. When the members on the forums asked questions, nobody answered. Emails where pretty much the same, with an occasional mindless response that made no attempt to even answer the question at all. However, we (the forum members) persevered, and were rewarded a few months late with the brand new ECE portal in all it’s glory. It was buggy, badly designed and the points were wildly disproportionate. If you did a course with EC-Council, or talked at an EC-Council event, you’d get 4 times the points than if you talked at something like DefCon. A truly WTF moment if I’ve ever had one. Anyway, things got better. To EC-Council’s credit, they took some of the comments from the forum users and actually made some changes to the points system. They added Security related Podcasts to the list, and changed the points allocations. Things were on the upturn.



Fast forward a few months and I’ve added a few things to the points list. After all, no matter what I think of the quality of the qualification it seems a waste to just not spend 5 minutes filling out the form to retain it. Well, maybe it is a waste, but that’s something I’ll consider in the future. Added to the points list are a number of security related books I’ve read, as well as the SANS GPEN course/exam and an article I’ve written for Linux Magazine about Snort IDS. No problems so far, everything is fine and dandy. That is until I write an article for Hakin9 magazine about security training. I added it to the ECE system yesterday while I was taking a 5 minute break from breaking a web-app.

I thought nothing of it… that is, until I get an email asking for a copy of the article. Suddenly EC-Council wants to see proof that I’ve written an article. They don’t want proof of the Linux Magazine article, the SANS course, or anything else I’ve done. However, an article on security training is something different it appears. I’m not so worried about loosing my C|EH/ECSA status (never bothered paying for the L|PT) if EC-Council dislike my article, but seems like they’re not a big fan of criticism when it comes to their courses.

I’ve replied asking them for clafficiation why they need proof for only this item and not the others. We’ll see what they give as a reason. Maybe they’re just getting their act together on checking these things, but I doubt it. If the article was about something else, I doubt they’d care to check. Things smell a little fishy to me.