In today’s digital landscape, where security breaches are inevitable, having a robust incident response plan is essential for security teams worldwide. This growing need has led to a surge in demand for skilled incident response handlers and analysts, encouraging both IT and non-IT professionals to pursue specialized training and certifications to build the expertise required to manage real-world cybersecurity incidents. This article explores Jay Anthony’s motivation for pursuing the EC-Council Certified Incident Handler (ECIH) certification and how it has significantly impacted both his and his team’s capabilities in managing real-world cybersecurity incidents. From malware containment to structured response strategies, the ECIH training enhanced Jay’s technical proficiency, reinforced standardized incident handling protocols, and bridged knowledge gaps with practical insights and hands-on experience. The following exchange captures Jay’s reflections on how the certification influenced his approach to incident response.
What motivated you to pursue the EC-Council Certified Incident Handler (ECIH) Certification?
I was motivated to pursue the ECIH certification due to the increasing number of security breaches we’re witnessing globally. We work with clients across the country and internationally, so we wanted to be fully prepared to respond effectively in the event of a breach.
How has the ECIH course influenced your professional development in incident handling and cybersecurity?
The course significantly influenced how we prepare our clients for incidents and respond to them. It offered both the technical knowledge and a comprehensive framework necessary for effective incident response. This has helped us ensure our clients are better protected and that we’re well-equipped to support them during a cybersecurity event.
Can you share a specific scenario where knowledge from the ECIH course helped manage a cybersecurity incident?
Yes. One particular incident involved a malware outbreak at a client site, which was detected through an EDR (Endpoint Detection and Response) solution. Multiple endpoints were compromised.
Have you completed any other cybersecurity courses or certifications? If yes, how does the ECIH certification differ in terms of skills gained, career advancement opportunities, and overall value?
Yes, several members of my team members and I hold various certifications. Most of us are Certified Information Security Auditors from ISACA. I also hold the Certified Cloud Security Professional (CCSP) and Certified Information Systems Security Professional (CISSP) credentials from (ISC)², as well as the Certified Information Security Manager (CISM) certification from ISACA.
In comparison, the ECIH certification fits well alongside these credentials. Each certification focuses on different areas of cybersecurity, but ECIH is uniquely focused on incident response. What stood out was its technical depth—comparable only to the CISSP in terms of complexity. This technical rigor was extremely valuable and differentiated the course from other certifications.
How does ECIH training align with the evolving threat landscape and the need for effective incident response?
The training is extremely relevant in today’s cybersecurity environment. Breaches are now occurring at an unprecedented rate, and attackers are becoming more aggressive and sophisticated. Their tools and scripts have improved significantly. Given this reality, it’s no longer a matter of if an organization will face an incident, but when. The ECIH training equips professionals with the necessary skills to respond swiftly and effectively in such scenarios.
Can you describe any specific challenges or gaps in your incident handling knowledge that the ECIH course helped you overcome?
Before taking the course, I was familiar with incident response frameworks like the one provided by NIST, so I had a good grasp of the overall methodology. However, ECIH filled important gaps, particularly in identifying the appropriate tools to apply at each phase of an incident. This practical insight significantly expanded my knowledge and enhanced my ability to respond effectively to real-world incidents.
Tell us about your journey as a cybersecurity professional.
My journey as a cybersecurity professional has spanned over 30 years. I began my career in 1991 as a financial auditor with Ernst & Young. Around 20 years ago, I transitioned into IT audits and have since held various Director-level audit roles, primarily with IT-centric companies that provide services to global corporations and handle large volumes of sensitive data.
This transition required me to gain in-depth knowledge of how IT and information security audits operate. Over the years, I’ve developed expertise in numerous compliance frameworks, including SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST, and even FedRAMP. Understanding the intricacies of these frameworks and their control requirements has been crucial to my development as a cybersecurity professional. This foundational knowledge has enabled me to deliver value-added security consulting services both internally and to clients.
Would you recommend the EC-Council Certified Incident Handler (ECIH) course and certification to others interested in incident handling and cybersecurity?
Yes, I would absolutely recommend the ECIH certification to anyone pursuing a career in cybersecurity, particularly those involved in incident response. Being able to effectively guide your organization or clients during a cybersecurity incident is invaluable in today’s threat landscape.
Moreover, it offered guidance on managing various stakeholders—clients, internal teams, and affected end users—during a breach.
In summary, the ECIH certification is a vital resource for any cybersecurity professional. I strongly encourage anyone with an interest in incident response to pursue this training. It’s not a question of if you’ll need these skills—it’s a matter of when.
Conclusion
The EC-Council Certified Incident Handler (ECIH) certification stands out as a key qualification for professionals involved in cybersecurity and incident response. It goes beyond theory, equipping individuals with practical frameworks, technical depth, and situational readiness needed to handle sophisticated attacks effectively. For those working in SOCs, audit roles, or frontline response teams, ECIH provides actionable knowledge that translates directly to real-world value. In a climate where security events are increasing in frequency and complexity, the ability to act swiftly and decisively during an incident is not just beneficial—it’s essential. This certification has not only elevated the capabilities of one professional and their team but has also reinforced the importance of structured, continuous learning in the fight against cyberthreats.
About the Interviewee
Jay P Anthony is a seasoned cybersecurity expert with extensive experience in security operations, threat intelligence, and risk management. His current focus lies in cybersecurity governance, specializing in cloud security, and audit support for frameworks such as SSAE 18 (SOC 1 & SOC 2), ISO 27001, PCI DSS, FISMA-FedRAMP, HIPAA, and HITRUST.