ECIH as a Foundational Step into Cyber Defense: An Interview with Lee Wan Jun

July 25, 2025
| Lee Wan Jun
| Incident Handling

With cyberthreats escalating rapidly, the need for a robust incident response strategy has become more critical than ever. The EC-Council Certified Incident Handler (ECIH) certification plays a pivotal role in preparing aspiring professionals for defensive cybersecurity roles. To explore the impact of the ECIH on incident handling careers, EC-Council interviewed Lee Wan Jun, a certified cybersecurity professional. Lee emphasized that the ECIH certification was crucial for transitioning from a non-IT background into cybersecurity. It provided foundational knowledge in key areas such as incident response, risk assessment, and forensic investigation. Through expert-led instruction and hands-on labs, the program offered both theoretical knowledge and practical experience, enabling a deeper grasp of defensive cybersecurity strategies. According to Lee, the ECIH’s structured approach to incident handling has proven invaluable in real-world scenarios, reinforcing its relevance in today’s dynamic and evolving threat landscape. What follows is a detailed reflection from Lee on her experience with the ECIH certification.

What motivated you to pursue the EC-Council Certified Incident Handler Certification?

Coming from a non-IT and non-cybersecurity background, I was starting completely from scratch. The ECIH certification seemed like an ideal entry point, a way to begin learning the fundamentals of incident handling. Cybersecurity discussions often emphasize the importance of not just preventing incidents but also effectively managing and mitigating them when they occur.

The ECIH course gave me valuable insight into the defensive side of cybersecurity, teaching me what actions are necessary during and after an incident.
It played a key role in building my awareness, confidence, and ability to contribute meaningfully to incident response roles in the future.

How did the ECIH certification contribute to your career goals?

The ECIH certification has been an excellent foundation for understanding the core principles of cybersecurity.
It provided a thorough overview of essential topics like risk assessment, vulnerability management, incident response procedures, forensic evidence handling, and security policies. It also introduced me to various roles and career paths within the cybersecurity field, helping me discover areas I might want to specialize in. This foundational knowledge has made it much easier to explore more advanced concepts and has given me a clear direction for my professional development in cybersecurity.

What aspects of the ECIH program did you find most interesting or valuable, and how have they contributed to your professional development?

The two aspects of the ECIH course I found most valuable were the trainers and the hands-on labs.
The trainers were extremely knowledgeable and skilled at breaking down complex concepts into manageable, bite-sized lessons. They often provided real-world context and examples, which made the content much easier to understand and remember. Their teaching approach helped reinforce key incident handling principles in a way that felt practical and relatable. The hands-on labs were equally impactful. Although they followed step-by-step instructions, they offered a guided learning experience that helped solidify the course content. Performing these exercises created a sort of muscle memory, allowing me to gain practical experience that I can rely on in future scenarios. The labs not only validated my theoretical knowledge but also helped clear up any remaining doubts by allowing me to apply what I had learned in a simulated environment.

Can you share a specific incident or scenario where the knowledge gained from the ECIH course was instrumental in effectively managing and responding to a cybersecurity incident?

I’ve already found the ECIH knowledge helpful in everyday situations. For example, when I first received an email invitation from EC-Council to participate in this interview, I was initially skeptical. I suspected it might be spam or a phishing attempt. However, by applying what I learned in the ECIH course, specifically regarding email security, I examined the SPF and DKIM records of the sender to verify authenticity. The records helped me confirm that the email was legitimate and from EC-Council, which is why I’m here today.

This experience highlighted how the knowledge gained from ECIH can be applied in real-life situations, especially in identifying and verifying potentially suspicious communications—a common challenge in both personal and professional cybersecurity contexts.

Have you completed any other cybersecurity courses or certifications? If so, how does the ECIH certification differ in terms of skills, knowledge, career advancement opportunities, and overall value?

Yes, I have completed other cybersecurity certifications, including CompTIA Security+ and some Microsoft Azure certifications. Security+ offers a broad overview of cybersecurity concepts and is great for building foundational knowledge across a wide spectrum. Azure certifications tend to be vendor-specific and highly technical, focusing on different areas depending on the certification track. What sets the ECIH apart is its deep focus on the defensive aspect of cybersecurity. It provides a comprehensive, end-to-end view—from pre-breach preparedness, such as documentation, assessments, and setup, to post-breach actions like incident response, forensic investigation, and evidence preservation.

ECIH is both focused and in-depth, making it extremely valuable for those looking to specialize in incident handling and response.

How critical or helpful is the ECIH training for career development, particularly for those interested in incident handling, SOC roles, or cybersecurity in general?

I believe the ECIH certification is highly valuable for anyone aiming to work in incident handling, Security Operations Centers (SOC), or cybersecurity in general. The course emphasizes the defensive side of cybersecurity, equipping learners with knowledge of best practices, policies, and systematic approaches to handling incidents.

One of the key strengths of ECIH is that it teaches you how to respond to a wide variety of attack scenarios using a structured and repeatable methodology.

Even though the specific actions may vary from one incident to another, the core principles and response strategies remain the same. ECIH provides a solid foundation in these concepts, helping learners minimize downtime during incidents and respond effectively. In addition, the course’s hands-on labs give learners real-world exposure, allowing them to develop practical skills and understand what to expect in real job roles. This not only boosts confidence but also helps bridge the gap between theory and practice, making it a strong stepping stone for career progression in cybersecurity.

In your opinion, how does ECIH training align with the evolving threat landscape and the need for organizations to respond effectively to cyber incidents?

In my view, the ECIH course is well-aligned with the evolving threat landscape. While it may not cover every emerging threat—since the landscape changes rapidly, it does address many common and relevant attack scenarios, including web application threats, malware, and email security. What’s most important is that the course teaches core principles and systematic approaches to incident handling. Regardless of the type of attack, having a structured method for response is essential.

The ECIH course equips learners with actionable strategies to mitigate threats and minimize downtime, making it highly applicable in today’s dynamic cybersecurity environment.

Can you describe any specific challenges or gaps in your incident handling knowledge or skills that the ECIH course helped you overcome?

Before taking the ECIH course, I had no background in cybersecurity, so everything I learned was a major step forward for me. The course helped bridge multiple knowledge gaps by providing practical insights on:

  • Setting up forensic labs
  • Conducting vulnerability and risk assessments
  • Understanding essential security policies
  • Creating and using runbooks and playbooks
  • Identifying key stakeholders during incidents
  • Preserving digital evidence
  • Reducing downtime during and after a breach
The hands-on labs were particularly helpful. They allowed me to apply what I was learning in a guided, real-world-like environment. This experience gave me greater confidence in my ability to handle incidents independently in the future.

Tell us about your journey as a cybersecurity professional.

Previously, I worked in Quality Management Systems for a semiconductor company. My interest in cybersecurity began when I took an elective course on malware in college. However, it was during the pandemic that I truly decided to make a career shift. At the time, cyberattacks and scams were becoming more frequent, and I experienced a security vulnerability firsthand when one of our externally facing applications was found to be exploitable during an internal penetration test. These events made me realize how vulnerable the digital world is and how essential cybersecurity has become. I began reading more about the field and found it fascinating and diverse, with many areas to explore. A few years ago, I officially transitioned into cybersecurity through a career conversion program that combined classroom learning with on-the-job training.

Have you done other courses from EC-Council? If yes, how was the learning from those courses and how has the combination of skills gained from those courses and ECIH contributed to your skill-building and overall professional development?

Yes, I have completed the Certified Ethical Hacker (CEH), Certified Security Analyst (CSA), and ECIH certifications. These three courses complement each other very well.
CEH focuses on attack methodologies, offering deep insights into how adversaries operate, while CSA builds on CEH by emphasizing application and practical assessment of those attack techniques. ECIH, on the other hand, provides a comprehensive overview of defensive strategies, covering everything from pre-incident setup and policy design to post-incident response and evidence handling. Together, these certifications gave me a well-rounded perspective—from understanding how attackers breach systems to learning how defenders respond, recover, and secure those systems. This holistic view has been incredibly valuable for building a solid cybersecurity foundation.

Would you recommend the ECIH course and certification to others interested in incident handling and cybersecurity? If so, what would be your key reasons for the recommendation?

Absolutely. I would highly recommend the ECIH certification to anyone interested in incident handling or cybersecurity in general.

This is mainly because it is offered by EC-Council, a globally recognized authority in cybersecurity education, and the course content is practical, well-structured, and easy to understand, even for beginners. It also focuses on real-world defensive practices, providing knowledge that is directly applicable to professional roles. The hands-on labs and systematic approach to incident response make it ideal for those preparing for roles in SOC, incident response teams, or compliance-driven environments. Overall, ECIH provides an excellent starting point for building a career in cybersecurity and a solid stepping stone for further specialization.

Conclusion

The ECIH certification has been instrumental in shaping Lee Wan Jun’s cybersecurity journey, especially as someone starting from scratch. It helped bridge critical knowledge gaps, build confidence, and provide practical skills essential for incident handling and response roles. The course’s emphasis on structured methodologies, real-world labs, and expert instruction made complex topics approachable and actionable. Compared to other certifications, ECIH stands out for its depth of focus on defensive cybersecurity. It aligns well with the demands of modern security operations and equips learners to respond effectively to cyberthreats. Overall, the ECIH certification has laid a strong foundation for my continued growth and specialization in cybersecurity.

About the Interviewee

Lee Wan Jun is a cybersecurity professional whose current work is focused on cybersecurity governance and risk management in the financial services sector. She was a mid-career changer who previously had experience in quality management systems in the semiconductor industry.
Share this Article
Facebook
Twitter
LinkedIn
WhatsApp
Pinterest
You may also like
Recent Articles
Become a EC-Council Certified Incident Handler (E|CIH)

"*" indicates required fields

Name*
Address*