- 1 EC-Council Helps Terry Cutler Become Local Media’s “Ethical Hacker Guy”
“Having this certification from EC Council has brought me great credibility. They have helped me gain a great foundation of knowledge that I can build on for the future.”
Premium Services Engineer
Master CNE, CDE, CLP 9/10, CEH
Today, you can’t open a newspaper or magazine, watch a TV show, or listen to a radio program without eventually receiving a message regarding computers security. Identity theft, online predators, organizational security breaches, and corporate data compromises make for interesting subject matter. And when the media needs an expert opinion or comment, journalists in the Montreal, Canada area seek out Terry Cutler.
Prior to contacting EC Council and receiving his Certified Ethical Hacker (CEH) certification in 2005, Terry had worked in a number of IT-related jobs, starting with Bell Canada and ending with his current position as a Premium Services Engineer for one of the world’s largest infrastructure and software services companies, Novell.
Today, Terry is the “go-to guy” not only for some of his company’s largest and most important clients, but also for local media and the public at large, when the issue of security in our technology-saturated world arises.
Terry’s early career included positions which covered a wide range of technology jobs: database work for Bell Canada, software for the stock market at Finance Research Institute, training coordination at Drake International, front-line support at Hewlett-Packard.
After settling into his position at Novell, Terry began to see that security as a vital issue was on the horizon. “I begged my boss to let me go to EC Council’s Ethical Hacker Boot Camp,” said Terry. “I was influenced by the shows “24” and “CSI”, and I really wanted to see how the offensive hacking was done. I knew security was going to be hot, and I wanted to be in on this knowledge transfer as early as possible. I knew EC Council’s program was the course to take.”
An OK from the boss allowed Terry to travel to Washington where his training with EC Council partner Intense School included hands-on experience with people from the FBI, Navy Seals and Lockheed Martin, among others. He passed the test and got his CEH, and since then Terry’s career has become hot, too.
Sharing knowledge with clients.
“Right away I wanted to be able to share what I learned in the course with others,” said Terry. “I decided to write an article about how identity theft happens. Before I knew it, a few local newspapers did a story on me, and I was featured on the front page of Canada.com. I started getting hundreds of emails, asking me to do presentations and appear on TV and radio. I love to promote the awareness -- how individuals and companies can better secure their computer environments.”
At Novell Canada, Terry lends his expertise to some of the largest clients in the Montreal area, from those with a minimum of 100 servers to those with up to 20,000 users. He is particularly helpful to individuals he sees more and more often: the typical overworked IT administrator or staff that’s responsible for all of an organization’s servers – as well as setting up security for the entire computing environment. “I go in and show them how easy it is to get into their system, and their eyes open wide. Then I share with them what to look for and how to set things up so an outsider can’t break in and wreak havoc with their system.”
According to Terry, the most common security problems companies face can be solved in two main ways: better communication and security software. “In large corporations a lot of the different divisions don’t communicate well with each other. In order for them to undergo an overall security initiative and lock the environment down, all of the groups have to be talking to each other.”
“Secondly, the company should commit to an investment in a centralized software program that will take a good look at all of the millions of alarms that go off in the network daily. There are programs available to examine all of these error messages and tell you which ones are worth addressing. It’s definitely a great way to be proactive against any threat.”
In addition to applying his CEH knowledge in his career position, Terry takes his expertise into the community to help the average person, especially parents, become better acquainted with computer security. In addition to his monthly radio shows and other media appearances, this work takes the form of seminars and presentations Terry holds within his region’s communities.
“I do ‘Internet Safety for Kids’ presentations for parents,” said Terry. “I show them what their kids are doing online, and how it can be very easy for a predator to gain a lot of information about their child -- and even their household finances – if their home computer is not properly secured.”
Terry’s main advice to parents? “Leave the PC in an open area, so you can monitor what’s going on with your kid online. It’s important for parents to participate with their kids when they are on the computer. That way, kids will come to them, and be more open about showing them things. If a parent becomes too pushy or restrictive, the kid will be secretive, or worse, bring all of their chat activities offline and on to their cell phone, for example.”
Terry hopes to continue to utilize his CEH knowledge and is working on gaining three other certifications through EC Council: Computer Hacking Forensics Investigator (CHFI), EC Council Certified Security Analyst (ECSA), and Licensed Penetration Tester (LPT). “Having this certification from EC Council has brought me great credibility,” said Terry. “They have helped me gain a great foundation of knowledge that I can build on for the future.”
- 2CEH from EC Council Helps Patriot Tim Hoffman Keep National Defense Secure
“The certification has led to my recent promotion to the Corporate IAM. My company recognized the value of the CEH/CNDA and has moved me forward.”
Corporate Information Assurance Manager
ITT Corporation, Systems Division
Tim Hoffman’s patriotic – and technology -- roots go all the way back to the 1960’s, when he first entered the Navy. He began in the military as a radioman, then eventually served as a cryptologic officer for satellite systems, signals and National Security Administration-related work. After spending several years at the NSA and holding command for a few years, Tim retired from the Navy in 1990.
Wanting to continue with his technological career on the civilian side, Tim took a job doing contracting work for the Defense Information Systems Agency, the large organization involved with military systems. At that time he realized that security would an exciting field for the future, and his work for DISA allowed him the opportunity to help create the original draft of what would be the Defense Information Technology Certification and Accreditation Process (DITCAP).
The next decade saw Tim gain further experience in a variety of capacities: engineering support for a systems integrator, network design and architecture for American International Group (AIG), a stint of self-employment, and then a position with the company he works for today, ITT.
Tim began his career at ITT as an information assurance consultant and got his CEH through EC Council in 2007. “I had been around the industry a long time and I knew that EC Council was the organization to get my certification from,” said Tim. “They are the ones to have confidence in, and the ones that are recognized by the industry as the place to go to get the CEH certification.”
Tim has also gone on to add a Certified Network Defense Architect (CNDA) certification through EC Council to his credentials. “Having these certifications is the only way to let your employer and clients know that you really know how to do something,” said Tim. “Their certificates have validity in the IT community, and in the Information Analysis community, as well. The bottom line is, once you have that certificate, people know they are dealing with someone who can do the job in accordance with the way the community recognizes how it has to be done. Anyone can fix a computer. Anyone can attack a computer. But can they do it ethically? Correctly? Can they do it without disturbing things? Without harming the target? Those are questions that only someone who is certified can answer. Now, someone might luck out and get it right – but what the certification says is that it’s not a matter of luck. It’s insurance that the person is doing things correctly each and every time they do it – that there’s a consistency and quality to the work. That’s what the EC Council certifications bring to the table.”
The consistency and quality of Tim’s work has been recognized by his employer, ITT. He was moved up a level in January 2008 to become the Corporate Information Assurance Manager, reporting to the Chief Security Officer of the global high-technology engineering and manufacturing company with approximately 40,000 employees operating in 55 countries. “Now, I have a lot of involvement in a lot of different programs, each in support of a military customer. We design, develop, implement and then do operations and maintenance for large systems for government customers. I travel around the world to ITT offices that often support an entire military base. I need to ensure that very close attention is being paid to the security practices. I have to ask, ‘Are we as tight as we need to be?’”
Tim’s CEH comes into play when he feels a penetration test or a vulnerability scan is necessary. Tim’s patriotism comes into play and motivates him to work hard to ensure all the operations under his authority are done right. “What drove me to get into this field and what keeps me going every day is that I’m working on sensitive national defense systems. I feel that it is both my duty as a citizen and in my job. It is very important that these things be very solid, and the certification from EC Council gave me the skill to allow me to test and evaluate, and train others to do the same and pay attention to all of the details they need to be paying attention to.”
In the coming months, Tim’s job will take him around the globe, from Kauai, Hawaii, to Kuwait, Germany, Kosovo, Bosnia, Italy, and back to Hawaii. “It’s certainly an adventure to be looked at as someone who is technically sound and capable of doing the work. I’m constantly being asked to consult on different projects.”
Part of Tim’s plans for the future include adding to his credentials with the next level of security certifications through EC Council. “Eventually, I’d like to get the EC Council Certified Security Analyst (ECSA), and then the Licensed Penetration Tester (LPT).”
- 3Tim Everson Uses EC-Council Certification to Help Novell Win, Keep Security Clients
“The Certification I received through EC Council has helped to promote an atmosphere and awareness of security both within Novell, as well as within the Fortune 500 Novell clients that I work with.”
Primary Support Engineer
Novell Premium Services
Tim Everson believes in being proactive when it comes to computer security. And that’s why, after receiving his Certified Ethical Hacker certification through EC Council, he takes every opportunity both within his employer, Novell, and with Novell’s Fortune 500 clients, to play up the importance of being prepared rather than reactive once a situation occurs. This mindset has helped him and Novell win, keep and continue to win new clients who need help with their technology security.
“Very often I’ll be looking at security holes that our customers have, or understanding from them that they are seeing something that doesn’t quite look right in their environment,” said Tim. “As I start to look, I see that there are holes and things being exploited through their network, application and servers firewalls, for example. I see things that happen and help them reactively deal with those things. But on a daily basis I’m also proactively testing my customer’s environment, and my company’s product, running through the gamut of tests and finding out where there are issues. I help our clients get those issues resolved before rather than after someone exploits the situation, and causes problems.”
Tim joined Novell almost a decade ago. From the beginning, Tim was interested in emphasizing to both his employer and Novell’s customers that he was interested in helping them through his security knowledge. He felt that he could do that through adding to his resume of technical certifications, which at the time included Master Certified Novell Engineer (CNE) Novell’s Certified Linux Engineer (CLE) and the Cisco Certified Network Associate (CCNA).
He knew at the time the valued security certification to achieve was the Certified Ethical Hacker (CEH). And he knew that EC Council was the premier organization that hosted and developed that certification. “I knew that the EC Council CEH was really the high-quality certification I was looking for,” said Tim. “I wanted to be more proactive than reactive; I didn’t want to discuss theory, I wanted to participate in hands-on situations and actually apply the knowledge.”
Once Tim achieved EC Council’s CEH through EC Council partner Intense School, he found himself more in demand by Novell clients than ever. “I do security work for them, penetration testing, just in general helping them tighten things down. I also helped promote within Novell how useful this knowledge is to our customers, and several of my associates have received the CEH as well. I really enjoy being able to use that knowledge to benefit my employer as well as our customers. I’d really like to stay in the security realm and help Novell develop an even stronger security product and service offering for our customers.”
Tim’s not going to stop gaining security knowledge anytime soon. “There are follow-up certifications to the CEH that I’d like to get from EC Council to further my knowledge: the Certified Security Analyst (CSA) and the Licensed Penetration Tester (LPT) – I’m working on those now. I’m also working on my Certified Hacking Forensics Investigator (CHFI) certification – that’s more for what to do after an issue has occurred, to help investigate and follow up.”
Tim’s advice to companies in regard to securing their computing environments? Words of wisdom so, ironically, he won’t have to use the knowledge gained from his CHFI. “Take a closer look now, and be more aware of the benefits of proactive security rather than reactive measures,” said Tim. "Too often customers are seeing web server logs, application logs, and reports from their people, internally, that they are finding security holes. I would urge them to use a professional to investigate those things before the fact, and deal with them now, before the rest of the world knows about it. That way, they can keep all of their valuable information safe.”