I got 3 Promotions in 2 Years With No Security Experience.
Company: BigCommerce
Title: Infrastructure Security Engineer (Level 2)
Country: United States
Recently, Jordan Bodily, who started off as a junior analyst with little to no experience in cybersecurity, shared how obtaining his C|EH, helped him to rise through the ranks quickly. He was promoted three times in a two-year span, reaching the level of infrastructure security engineer. Jordan credits the C|EH certification to giving him the knowledge and confidence to influence decisions and change the outlook of his company’s security team.
I have been promoted three times after acquiring CEH. So that’s roughly in about a two-year span. I’ve had several salary adjustments within that same timeframe.
Tell us about your journey as a cybersecurity professional.
Hey everyone, my name is Jordan Bodily. I’m an infrastructure security engineer (level 2) with BigCommerce. I have been in cybersecurity for going on three years now. Originally got into it with almost no experience, really, and then, in terms of why I decided to get into cybersecurity was mainly because of always wanting to figure stuff out and honestly never being bored of the work.
If anyone’s familiar with the field specifically, you know, every day, there’s new vulnerabilities coming out, there’s something new to learn and being able to wake up, you know, every day and do something slightly different, is ultimately what intrigues me.
What caught your attention about the C|EH program?
The C|EH program attracted my interest because I already knew other security professionals that already had obtained it.
Given their experience in the cybersecurity industry, I knew that this was a certification that I first wanted to do as in order to advance, not only my career at work, but also advance my career in general, and we were lucky enough to be able to do this as my first major certification in the cybersecurity industry, and we got to do the in-person training at Hacker Halted.
How has the C|EH benefitted your career?
(4:33 mins to 5:11 mins)
So, after I got my C|EH, the first thing that I did was returned to work and I did my first formal penetration test. This was a week after I’d obtained the certification. It was an exercise that we had been planning on for months.
Going into training and being able to return to work and execute that was amazing. I was very nervous in doing it. But the result – the company was extremely happy with; I was extremely happy with and overall boosted my confidence in being able to perform these types of exercises moving forward.
How recognized is the C|EH in your organization and the industry?
(5:24 mins to 6:43 mins)
At my company, it was a hard sell at first. We had senior employees who doubted the value of the cert and advised other cert paths to go for. Again, because we already knew security professionals that had the C|EH already, I was able to use them as a reference in discussing this with executive leadership at our company.
Luckily, my colleague and I eventually persuaded our leadership to eventually let us go to Hacker Halted. As the result of that, we did get our certification. Coming back, we had learnt a tremendous amount and so now looking at the C|EH, at our company, it’s a lot more.
It’s a certification that people understand more and add a lot more value to. In terms of the industry, I personally feel that the C|EH is kind of 50-50 and what I mean by that is for most junior roles, the C|EH tends to be an HR checkbox. For more advanced roles, C|EH, I feel, is viewed in the light of – okay, cool, you have that but what else do you have?
And I don’t say this to downplay the C|EH at all and in fact, EC-Council does offer many certifications for advanced users. I feel specifically for junior roles, the C|EH is a cert that instantly makes you more attractive as a prospective employee.
Did the C|EH help you to get higher pay, a promotion, or a job that you wanted?
(6:58 mins to 8:16 mins)
So short answer, yes, yes, and yes. ‘I have been promoted three times after acquiring CEH. So that’s roughly in about a two-year span. ‘I’ve had several salary adjustments within that same timeframe.
When I went into the C|EH program, I was originally just a junior analyst, really, again, had
little to no experience in cybersecurity except simply the passion to want to do cybersecurity.
Coming out of the C|EH program, I was almost immediately promoted to a security engineer.
And then I’ve now since been promoted to do infrastructure security engineering, and then even more recently, was to be promoted to a level two. I’ve also been able to work with executive leadership to influence decisions and completely change the outlook of the security team.
Originally, before going into the C|EH, and some companies may even experience this today where a lot of companies know that the security teams exist, but there may be kind of an elusive veil, like how do I contact them? How do I know what to ask them too and one of the big projects that we had coming back was like we wanted our company to know that, hey, we have a security team and that we’re here to support you
How has the C|EH certification impacted you?
(8:27 mins to 10:47 mins)
The C|EH program itself, I’ll say in its simplest form, allows you to view problems differently because the program covers a variety of topics, you quickly start to think about how change attacks work in an environment.
If, let’s say for example, if service X is impacted by vulnerability, why depending on your stack, potentially service Z could also be impacted, as a by-product of service X. And that may sound like a lot but ultimately, as a security engineer, one of your responsibilities is understanding your environment.
Going through a program like the C|EH certification, you’ll also understand how attackers think,
how those attacks are working in your environment and then you can also build out more of a threat model in terms of okay, well, if this service is impacted, does that mean this other service is impacted.
So, being able to think about that broader makes you a lot more attractive, again, not only for your own, like not only for the company that you may currently be at, but any companies that you go to in the future, and then adding more to this is simply understanding what logs are telling you?
Because of my history with the C|EH and other programs I can look at logs, and I get the logs that tell me a story versus telling me a sentence on page 50 of a 100-page novel. Because of this, when I look at log events, I’m able to make a lot more sense out of it.
Again, understanding how attacks are working, how services are interacting together, and just generally, being able to provide more insight into an event that happens within our own company as well.
And then lastly, I’d also like to add to this is confidence, whether it’s being pulled in for an audit, where an auditor may ask you, “Hey, what credentials do you have? Why do I trust that what you’re doing is satisfactory, or meets our requirements?”
But not only from audits, but it’s also being able to perform day-to-day task or going into a meeting with executive leadership, and having that confidence to go in and also, they have confidence in me that I have built up over time as well too where I can go into a meeting fully prepared, and anything that I have to say from a security perspective, is taken seriously. And then we figure out what the course of remediation is.
Did the C|EH help you give back to the community in any way whatsoever?
(11:11 mins to 12:36 mins)
It has. So, I’m sure a lot of people are familiar with different cybersecurity, whether it’s Discord or LinkedIn, or just groups in general. I was fortunate enough to join a cybersecurity Discord about a year ago.
And there’s these two channels in that Discord. One is specifically for seeking mentors. The other one is specifically seeking mentees. I felt at the time I was better suited to be seeking a mentee versus seeking a mentor.
This again started about probably about a year ago. And as a result, I did take a mentee underneath my wing, helped them go through several certifications, in fact, C|EH being one of them and over the course of nine months, as of a month ago, now he officially has his first cybersecurity role.
And being able to see that is amazing too in the C|EH program, again, given all the topics that you will discuss and, also, understanding multiple attack vectors, the terminology, being able to take that knowledge and then apply it to someone who’s, you know, really looking to get into cybersecurity has been awesome.
And ultimately, I got to make a friend out of it. I mean, we stay in constant contact with each other. We’re always updating each other now on, like, cybersecurity trends. So, it’s been awesome.
What was your favorite part of the C|EH program? Please explain why.
(14:32 mins to 15:18 mins)
My favourite part of the C|EH program is a 100% the labs.
Some people can learn by reading a book or reading a slide deck. While I can gain initial understanding that way myself, I find it very hard to take that knowledge and apply outside-the-box-thinking until you go do a lab.
Luckily, because I did the in-person event, I think we did it in four days – three days was training and the fourth day was testing versus the five-day program now. While I don’t feel like the current training is completely overwhelming, you’re right to assume it is a lot of content.
Could it go past five days? Sure. Does it need to? I don’t necessarily think so. That’s also assuming you have absolutely nothing else to commit to and you can commit to those five days of training.
Do you attribute any part of your success to EC-Council? If so, do you have a message for the EC-Council team?
(15:35 mins to 17:12 mins)
Yeah, no, a great question. Absolutely. I can say from the very beginning of interacting with the EC-Council team – I believe we interacted with someone named Johanna. If she’s still with you, a big shout out to her.
She answered a lot of difficult questions for us, when it came to providing or offering this to our executive leadership at that time. And she was able to answer all the questions, and she was Johnny on the spot with us. She was very quick to reply and so ultimately, I want to say thank you to her again, if she’s still there.
In terms of my success because of EC-Council, absolutely. Again, I’ve had several promotions because of it.
My career has only skyrocketed because of it. I’m also able to go again into meetings with like executive leadership,
or many, many titles above me and be taken seriously.
Two and a half years ago, before I had the C|EH, it was much harder to go into those meetings and I would often sweat going into meetings like that, because I’m like, man, what if they, you know, what if they doubt me?
Or what if they asked me something that I don’t have an answer to. And being able to go through a program like the C|EH has given me the confidence to do that and, also genuinely just be taken more seriously.
And then a general message to everyone at EC-Council – thank you all for everything you do. And again, thank you for all the hard questions that I’ve had to ask you all in the past. It means a lot. And being able to go to the training like this, again, is invaluable for someone trying to get into the cybersecurity world.
and it starts to make sense. That’s why you must prove competency in those areas to demonstrate that you can deal with these problems.
in learning and getting ready for the test. I like to learn by example and by doing.
So, several experiments are performed in Sandbox environments, capturing the flag and things like that. Those little tricks and techniques you learn are what stuck with me.
Become a
Certified Ethical Hacker (C|EH)
"*" indicates required fields
Certified Ethical Hacker
WE DON’T JUST TEACH ETHICAL
HACKING WE BUILD CYBER CAREERS