With cyberthreats escalating rapidly, the need for a robust incident response strategy has become more critical than ever. The EC-Council Certified Incident Handler (ECIH) certification plays a pivotal role in preparing aspiring professionals for defensive cybersecurity roles. To explore the impact of the ECIH on incident handling careers, EC-Council interviewed Lee Wan Jun, a certified cybersecurity professional. Lee emphasized that the ECIH certification was crucial for transitioning from a non-IT background into cybersecurity. It provided foundational knowledge in key areas such as incident response, risk assessment, and forensic investigation. Through expert-led instruction and hands-on labs, the program offered both theoretical knowledge and practical experience, enabling a deeper grasp of defensive cybersecurity strategies. According to Lee, the ECIH’s structured approach to incident handling has proven invaluable in real-world scenarios, reinforcing its relevance in today’s dynamic and evolving threat landscape. What follows is a detailed reflection from Lee on her experience with the ECIH certification.
What motivated you to pursue the EC-Council Certified Incident Handler Certification?
Coming from a non-IT and non-cybersecurity background, I was starting completely from scratch. The ECIH certification seemed like an ideal entry point, a way to begin learning the fundamentals of incident handling. Cybersecurity discussions often emphasize the importance of not just preventing incidents but also effectively managing and mitigating them when they occur.
How did the ECIH certification contribute to your career goals?
What aspects of the ECIH program did you find most interesting or valuable, and how have they contributed to your professional development?
Can you share a specific incident or scenario where the knowledge gained from the ECIH course was instrumental in effectively managing and responding to a cybersecurity incident?
I’ve already found the ECIH knowledge helpful in everyday situations. For example, when I first received an email invitation from EC-Council to participate in this interview, I was initially skeptical. I suspected it might be spam or a phishing attempt. However, by applying what I learned in the ECIH course, specifically regarding email security, I examined the SPF and DKIM records of the sender to verify authenticity. The records helped me confirm that the email was legitimate and from EC-Council, which is why I’m here today.
Have you completed any other cybersecurity courses or certifications? If so, how does the ECIH certification differ in terms of skills, knowledge, career advancement opportunities, and overall value?
Yes, I have completed other cybersecurity certifications, including CompTIA Security+ and some Microsoft Azure certifications. Security+ offers a broad overview of cybersecurity concepts and is great for building foundational knowledge across a wide spectrum. Azure certifications tend to be vendor-specific and highly technical, focusing on different areas depending on the certification track. What sets the ECIH apart is its deep focus on the defensive aspect of cybersecurity. It provides a comprehensive, end-to-end view—from pre-breach preparedness, such as documentation, assessments, and setup, to post-breach actions like incident response, forensic investigation, and evidence preservation.
How critical or helpful is the ECIH training for career development, particularly for those interested in incident handling, SOC roles, or cybersecurity in general?
I believe the ECIH certification is highly valuable for anyone aiming to work in incident handling, Security Operations Centers (SOC), or cybersecurity in general. The course emphasizes the defensive side of cybersecurity, equipping learners with knowledge of best practices, policies, and systematic approaches to handling incidents.
Even though the specific actions may vary from one incident to another, the core principles and response strategies remain the same. ECIH provides a solid foundation in these concepts, helping learners minimize downtime during incidents and respond effectively. In addition, the course’s hands-on labs give learners real-world exposure, allowing them to develop practical skills and understand what to expect in real job roles. This not only boosts confidence but also helps bridge the gap between theory and practice, making it a strong stepping stone for career progression in cybersecurity.
In your opinion, how does ECIH training align with the evolving threat landscape and the need for organizations to respond effectively to cyber incidents?
In my view, the ECIH course is well-aligned with the evolving threat landscape. While it may not cover every emerging threat—since the landscape changes rapidly, it does address many common and relevant attack scenarios, including web application threats, malware, and email security. What’s most important is that the course teaches core principles and systematic approaches to incident handling. Regardless of the type of attack, having a structured method for response is essential.
The ECIH course equips learners with actionable strategies to mitigate threats and minimize downtime, making it highly applicable in today’s dynamic cybersecurity environment.
Can you describe any specific challenges or gaps in your incident handling knowledge or skills that the ECIH course helped you overcome?
Before taking the ECIH course, I had no background in cybersecurity, so everything I learned was a major step forward for me. The course helped bridge multiple knowledge gaps by providing practical insights on:
- Setting up forensic labs
- Conducting vulnerability and risk assessments
- Understanding essential security policies
- Creating and using runbooks and playbooks
- Identifying key stakeholders during incidents
- Preserving digital evidence
- Reducing downtime during and after a breach
Tell us about your journey as a cybersecurity professional.
Previously, I worked in Quality Management Systems for a semiconductor company. My interest in cybersecurity began when I took an elective course on malware in college. However, it was during the pandemic that I truly decided to make a career shift. At the time, cyberattacks and scams were becoming more frequent, and I experienced a security vulnerability firsthand when one of our externally facing applications was found to be exploitable during an internal penetration test. These events made me realize how vulnerable the digital world is and how essential cybersecurity has become. I began reading more about the field and found it fascinating and diverse, with many areas to explore. A few years ago, I officially transitioned into cybersecurity through a career conversion program that combined classroom learning with on-the-job training.
Have you done other courses from EC-Council? If yes, how was the learning from those courses and how has the combination of skills gained from those courses and ECIH contributed to your skill-building and overall professional development?
Would you recommend the ECIH course and certification to others interested in incident handling and cybersecurity? If so, what would be your key reasons for the recommendation?
Absolutely. I would highly recommend the ECIH certification to anyone interested in incident handling or cybersecurity in general.
This is mainly because it is offered by EC-Council, a globally recognized authority in cybersecurity education, and the course content is practical, well-structured, and easy to understand, even for beginners. It also focuses on real-world defensive practices, providing knowledge that is directly applicable to professional roles. The hands-on labs and systematic approach to incident response make it ideal for those preparing for roles in SOC, incident response teams, or compliance-driven environments. Overall, ECIH provides an excellent starting point for building a career in cybersecurity and a solid stepping stone for further specialization.