Organization:EC-Council

From HandWiki
Short description: American cybersecurity training organization
EC-Council
EC-Council (2001-present)
TypeLimited liability company
Founded2001; 23 years ago (2001)
FounderJay Bavisi
Headquarters101 Sun Ave NE
Albuquerque
New Mexico, 87109, United States
Websiteeccouncil.org

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

History

Jay Bavisi is the Founder of EC-Council Holding Pte Ltd,[1][2] the parent company of all of EC-Council Group of Companies. The first organization of the group, International Council of Electronic Commerce Consultants (EC-Council) was founded in 2001 in response to the September 11 attacks to certify professionals who could protect against attacks on electronic commerce.

EQT Private Equity invested in EC-Council in September 2021[3] EC-Council is the creator of popular certification programs such as CEH,[4][5] CHFI, ECSA/LPT and the Certified Ethical Hacker (CEH) program for white hat hackers in 2003. EC-Council became a certifier of training courses and exams instead of founding entirely new schools, mobilizing entrepreneurs in the information security training business. CEH courses were offered in more than 60 countries by 2007, and the program expanded rapidly.[6]

As of 2023, the CEH certification is part of the possible certifications to some cyber-security functions within the United States Department of Defense, as part of its Directive 8140.[7][8]

In 2010, the EC-Council part of the organisations selected by the Pentagon to oversee training of Department of Defense employees who work in computer security-related jobs.[9]

Controversies, shortcomings and plagiarism

In May 2006, the website of the EC-Council was defaced,[10] and again in 2014, restored, then defaced, again, due to password reuse.[11] The attacker managed to exfiltrate sensitive data like passport pictures from the applicants, including notably Edward Snowden's.[12]

On at least two instances, the EC-Council's website has also been prone to Cross-site scripting vulnerabilities. In June of 2011, two vulnerabilities where discovered on, both on the "portal" subdomain.[13][14] An additional vulnerability was found in May 2013.[15]

During 2011, an EC-Council employee has been using comments spam to advertise the Certified Ethical Hacker certification. This was called a "fictional theory" by Jay Bavisi, President of EC-Council, despite evidences proving otherwise.[16]

The EC-Council has also been holding sexist discourse on several occasions:

  • In 2015, writing that "women should wear pants suit with heels" to be credible when doing pentesting.[17]
  • In 2021, publishing a survey about the challenges faced by women in cybersecurity, with "Only men can do this job" and "Women can't handle this job" and "women aren't encouraged enough" as sole possible answers, and explaining that "the post cannot be sexist coming from all women teams".[17]

In March 2016, the website of the EC-Council was serving the Angler exploit kit. It took several days for the issue to be resolved.[18][19]

In 2021, the EC-Council took its entire blog down due to apparent systematic copyright violations and plagiarism conducted by its marketing team.[20][21][16][22]

Certifications

EC-Council offers professional certifications for the IT security field, such as Certified Network Defender (CND), Certified Chief Information Security Officer (CCISO), and Computer Hacking Forensics Investigator (CHFI).[23] It also offers certifications in fields related to IT security, including disaster recovery, software security, digital forensics, and general IT security knowledge.

Services and products

EC-Council University (ECCU)

EC-Council University (ECCU) was licensed by the Wyoming Board of Education in 2006, despite major concerns from the state Education Department, including the lack of clarity whether the "school would offer substantive academic activity".[24] It offers bachelor’s and master’s degrees in cybersecurity and graduate certificate programs since 2015.[25][26]

EC-Council CodeRed

EC-Council CodeRed was launched in 2019 as a cybersecurity learning platform with a library of 4,000 video lessons.[27] It provides "microdegrees" on niche technical subjects.[28]

EC-Council Global Services

EC-Council Global Services (EGS) is the consulting services division of the EC-Council Group. It received CREST membership for its cyber incident response, penetration testing, and vulnerability assessment services in 2020.[29][30]

EC-Council Aware

EC-Council Aware is a cybersecurity training app that was launched in 2020 for iOS and Android.[31]

EC-Council CyberQ

EC-Council launched its CyberQ platform in 2020. It is a cloud-based cyber range platform that automates the process of using cloud technology to deploy cyber targets.[32]

EC-Council events

EC-Council hosts various IT security conferences including Hacker Halted, Global CyberLympics, TakeDownCon, and Global CISO Forum.[33][34][35]

References

  1. "Jay Bavisi, Founder and CEO of EC-Council". https://www.businesswire.com/news/home/20220907005072/en/EC-Council-to-Increase-Development-of-Ethical-Hackers-to-Address-Mounting-Shortage-of-Cybersecurity-Professionals. 
  2. "EC-Council President and CEO Jay Bavisi". https://markets.businessinsider.com/news/stocks/ec-council-president-and-ceo-jay-bavisi-to-announce-the-next-big-thing-in-cybersecurity-in-a-live-webinar-on-september-16-1029547141. 
  3. "EQT Private Equity invests in EC-Council". https://www.bloomberg.com/press-releases/2021-09-27/eqt-private-equity-invests-in-ec-council-a-global-leader-in-cybersecurity-training-and-certification. 
  4. "EC- Council empowers Students through a Seminar on Cyber Security". 12 September 2013. https://www.eccouncil.org/cyber-security-seminar-empowering-students/. 
  5. "EC-Council organizes a seminar on cyber security". 2 September 2013. https://www.indiainfoline.com/article/news-business/ec-council-organizes-a-seminar-on-cyber-security-113110817403_1.html. 
  6. Slayton, Rebecca (2017-02-14). "Limn: The Paradoxical Authority of the Certified Ethical Hacker". https://limn.it/articles/the-paradoxical-authority-of-the-certified-ethical-hacker/. 
  7. "Persectives on Building a Cyber Force Structure". https://ccdcoe.org/uploads/2018/10/Starr-Perspectives-on-Building-a-Cyber-Force-Structure.pdf. 
  8. "DoD Approved 8570 Baseline Certifications – DoD Cyber Exchange". https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/. 
  9. "Pentagon trains workers to hack Defense computers". http://www.cnn.com/2010/TECH/03/10/pentagon.hacking/index.html. 
  10. "EC-Council.org Defaced in 2006". http://zone-h.org/mirror/id/4100630?hz=1. 
  11. ""The Plague" returns to deface EC Council website | CSO Online". 2015-09-24. http://www.csoonline.com/article/2137027/malware-cybercrime/-the-plague--returns-to-deface-ec-council-website.html. 
  12. McCormick, Rich (2014-02-24). "Ethical hacking organization hacked, website defaced with Edward Snowden's passport" (in en-US). https://www.theverge.com/2014/2/24/5441386/ethical-hacking-organization-website-defaced-with-snowden-passport. 
  13. Nulled Byte. "Double nibble URI decoding XSS Vulnerability on EC Council website" (in en). https://thehackernews.com/2011/06/double-nibble-uri-decoding-xss.html. 
  14. "EC-Council Web Site Vulnerable to Several XSS". https://attrition.org/errata/charlatan/ec-council/eccouncil-xss.html. 
  15. "Charlatan: EC-Council Found Vulnerable to 2nd XSS". https://attrition.org/errata/charlatan/ec-council/eccouncil-xss-2.html. 
  16. 16.0 16.1 "Who on earth would be trying to promote EC-Council University via comment spam on my website?" (in en-GB). 2022-07-19. https://grahamcluley.com/ec-council-university-comment-spam/. 
  17. 17.0 17.1 Dallaway, Eleanor (2021-04-11). "The Story of the EC-Council Gender Survey Scandal: Survey Creator Says "It Was Written by Women so it Can't be Sexist"". https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/. 
  18. "Website of security certification provider spreading ransomware" (in en-US). 2016-03-24. https://blog.fox-it.com/2016/03/24/website-of-security-certification-provider-spreading-ransomware/. 
  19. Goodin, Dan (2016-03-24). "Certified Ethical Hacker website caught spreading crypto ransomware" (in en-us). https://arstechnica.com/information-technology/2016/03/certified-ethical-hacker-website-caught-spreading-crypto-ransomware/. 
  20. "Security training org EC-Council pulls blog over copyright violations, promises editorial improvements" (in en). 2021-06-28. https://portswigger.net/daily-swig/security-training-org-ec-council-pulls-blog-over-copyright-violations-promises-editorial-improvements. 
  21. "Ethics in Cybersecurity Marketing – Principles of Value Contribution" (in en-US). 2021-06-23. https://alyssasec.com/2021/06/ethics-in-cybersecurity-marketing-principles-of-value-contribution. 
  22. "Errata: Charlatan - EC-Council (ECC)". https://attrition.org/errata/charlatan/ec-council/. 
  23. "The Case for Cybersecurity Certifications". 13 January 2018. https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-case-for-security-certifications.html. 
  24. Gruver, Mead (January 10, 2006). "State licenses online school". https://trib.com/news/state-and-regional/state-licenses-online-school/article_13f10c1d-9212-55a3-b10d-501b2aad84d3.html. ""Despite an ongoing push among state education officials to rein in unaccredited colleges and universities, the Wyoming Board of Education on Monday granted a state license to EC-Council University, an unaccredited school that will provide online computer technology degrees from an office in Laramie."" 
  25. "About Us | Cybersecurity University". https://www.eccu.edu/about-eccu/. 
  26. "Directory Of Accredited Institutions". https://www.deac.org/Student-Center/Directory-Of-Accredited-Institutions.aspx. 
  27. SemiColonWeb. "CodeRed | Stream Premium Cybersecurity Courses | Learn Anytime Anywhere". https://codered.eccouncil.org/. 
  28. SemiColonWeb. "CodeRed Microdegrees | Learn In-Demand Advanced Cybersecurity Skills". https://codered.eccouncil.org/Microdegrees. 
  29. "CREST Member Companies". https://service-selection-platform.crest-approved.org/member_companies/ec-council-global-services-sdn-bhd/index.html. 
  30. "EC-Council Global Services Receives CREST Membership". https://www.24-7pressrelease.com/press-release/476679/ec-council-global-services-receives-crest-membership. 
  31. CISOMAG (14 October 2020). "Looking for an End-user Training Program? EC-Council's Aware App is Just for You". https://cisomag.com/. 
  32. "CyberQ – Advanced Cyber Range Solution Provider | EC-Council". https://cyberq.eccouncil.org/. 
  33. "Finalists for EC-Council Foundation's 2019 Global Cyberlympics Announced". https://www.prweb.com/releases/finalists_for_ec_council_foundations_2019_global_cyberlympics_announced/prweb16559159.htm. 
  34. Goldmeier, Jeremy. "White-Hat Hackers: Meet the geeks who make computing safer by exposing its flaws". https://www.riverfronttimes.com/stlouis/white-hat-hackers-meet-the-geeks-who-make-computing-safer-by-exposing-its-flaws/Content?oid=2503818. 
  35. "Global CISO Forum". https://www.prweb.com/releases/timgrieveson/eccouncilcciso/prweb11233122.htm.