I'm Matthew Setter. I'm an experienced software engineer and a security researcher. I’ve been developing software since 2000 and I started this blog to help you write simpler, cleaner, and more secure software, with less effort.
Reflections on Ethical Hacking: Understanding Ethical Hacking and Other Certifications Newscareer October 16th, 2017
Recently, after four days of a harsh flu, I finished the Ethical Hacking: Understanding Ethical Hacking course, by Dale Meredith. So I wanted to blog about it.
Here's a shortened version of the description from Pluralsight:
This course will start you down the path of becoming an Ethical Hacker, or in other words; become a "Security Profiler." You will learn to start thinking and looking at your network through the eyes of malicious attackers. You will learn to understand the motivation of an attacker. We will cover the terminology used by attackers, the difference between "hacking" and "ethical hacking", the phases of hacking, the types of attacks on a system, what skills an Ethical Hacker needs to obtain, types of security policies, why Ethical Hacking is essential, how to be in the "know" of what's happening in the hacking world, who a "hacker" is, what are the biggest security attack vectors, and more.
Oh, what a find it is! Here's why. Dale has a very sagely, mature, yet relaxed style, that should put you at ease as you work through each module. No, he's not paying me to say this.
It was clear, from how comfortably Dale spoke and the depth of both his knowledge and past professional experience, that he is very knowledgeable and wasn't just reading a book as he was going along.
What's more Dale's sense of humour really gelled with me, as did his affection for comic superheroes, such as Batman. However, Thor and Ironman (as well as the short-lived Starman) were my favourites, but Batman was a close runner-up.
If I had a critique, it would be that, while the course had a very smooth flow and pace to it, intermittently it seemed to drag. This was a little distracting. However, perhaps it was also just my enthusiasm to race through as much as possible that needed to be held in check just that much more.
As for the course content. It was an excellent introduction to the certification, and the follow-on courses to come. I gained a broad understanding of threats, hacking phases (such as reconnaissance, scanning, and clearing your tracks), hacking concepts (such as pen testing), and attack types.
As I've been writing software for around 20 years, a lot of the terminology was familiar. However, as my focus has never been on security, thus far, it was good to begin going more in-depth in the concepts that I do know and to start filling in the gaps of what I don't know, or don't understand that well.
If you want to get an appreciation for what it takes to be an ethical hacker, if you want to an appreciation of what's involved in the certification, or if you want to get a better appreciation of why security in the modern age is essential, take this course.
What's Up Next
As this course was the first in a set of nineteen, there's so much more to do — in addition to fulfilling the other certification eligibility criteria, which includes having two years of information security experience.
Given that, I'm not going to be able to take the certification until the end of 2019 at the earliest. However, when you think about it, having to prove existing security experience is an excellent motivation, along with a unique way of ensuring that those who have the certification genuinely know what they're doing.
It's often been argued in tech circles as to the validity of certifications. Some question if they prove anything other than being able to memorise a set of information for a short period, only to be able to regurgitate it in an exam, likely to forget it afterwards.
Personally, I see significant value in certifications, including that they show you're willing to dedicate time to learn, and then to put up your own money to sit an exam with the intent of proving that knowledge.
However, having to prove real-world experience should take away any questions that someone might have. Additionally, having to have at least two years of experience means that I have lots of time to learn the skills and techniques, and to put them to the test in a practical environment.
In fact, I've already begun. Well, not with the information learned in this course, but the follow-on one: Ethical Hacking: Reconnaissance/Footprinting. I decided to start applying what I was learning to start improving the security of my own servers. However, that's a story for another day.
How Am I Going To Complete The Training?
Given that there are nineteen courses in the training path and that each course lasts for about 3 hours, it's going to take some time to complete the path.
On top of that, I only have an hour per/day, six days per/week, able to be set aside for training — I have a family, and a freelance business to run as well. Given that, if I were to complete each course back-to-back, it'd take around six months.
However, ripping through one course after another would be of questionable learning value. I wouldn't have sufficient time to apply all the techniques, tips, tools, and services that each course teaches. As a result, what would I genuinely learn? Answer: not nearly as much.
So I'm planning to progress as quickly as possible, yet also as slowly as I need to. It's odd, but I find this lack of a hard deadline quite inviting. It's almost liberating even.
What's more, with the festive season rapidly approaching, there's not going to be as much free time available until early January 2018.
Can you feel the enthusiasm coming through? On the one hand I want to tear through each one without a break. However, I also know that that's neither practical nor truly beneficial.
What's more, all work and no play makes Matt a dull boy, right? However, as always, after I complete each course, I'll be blogging about my experiences.
I'm not going to give away things in the course that I shouldn't. However, I'm planning to share enough so that you get a good understanding of what is on offer, should you be keen to take the course as well.
During the course, Dale mentioned that he has a host of certifications, and even refreshed twelve in one year alone, and it got me to thinking.
As I'm getting right back into active software development, what about other certifications, besides the Certified Ethical Hacker. So I began reflecting on the ones that I have; I'm a Zend Certified (PHP) Engineer and completed the LPIC-1.
I began thinking about whether I should refresh and extend those, and whether I should get confirm existing knowledge by getting some others.
I don't want to over-commit, but I've decided to go after at least two, these are:
The Zend Certified Engineer 2017-PHP exam costs 170.00 Euros and the Zend Framework 2 Certified Architect costs 195.00 USD (I've yet to find the price in Euros).
These make sense as PHP's been my main software language since 2000, and I've been both blogging about Zend Framework and developing software with it for the last seven years. What's more, as a freelancer, it never hurts to have certifications that vouch for the skills that you have.
Given my existing experience with PHP and Zend Framework, I'm anticipating completing both certifications by the end of June at the latest. I might push to have them done before the end of April to get them in before my birthday. However, time will tell. Is that giving away too much, Dale?.
That's It For Now
That's it for the time being. I'll keep you posted on how things go. I expect the next couple of posts to be back on technical topics, rather than reflections on recent experiences and decisions.
Join the Email List
If you enjoyed this post, why not join the email list and get all future posts straight to your inbox? In addition, you'll get background information, extra research, and other content that's only available on the list. I promise I'll NEVER spam you. And you can unsubscribe at any time.