Mastering Incident Response with ECIH Certification: An Interview with Jay P Anthony

June 27, 2025

| Jay P Anthony

| Incident Handling

In today’s digital landscape, where security breaches are inevitable, having a robust incident response plan is essential for security teams worldwide. This growing need has led to a surge in demand for skilled incident response handlers and analysts, encouraging both IT and non-IT professionals to pursue specialized training and certifications to build the expertise required to manage real-world cybersecurity incidents. This article explores Jay Anthony’s motivation for pursuing the EC-Council Certified Incident Handler (ECIH) certification and how it has significantly impacted both his and his team’s capabilities in managing real-world cybersecurity incidents. From malware containment to structured response strategies, the ECIH training enhanced Jay’s technical proficiency, reinforced standardized incident handling protocols, and bridged knowledge gaps with practical insights and hands-on experience. The following exchange captures Jay’s reflections on how the certification influenced his approach to incident response.

What motivated you to pursue the EC-Council Certified Incident Handler (ECIH) Certification?

I was motivated to pursue the ECIH certification due to the increasing number of security breaches we’re witnessing globally. We work with clients across the country and internationally, so we wanted to be fully prepared to respond effectively in the event of a breach.

How did the ECIH certification contribute to your career goals?

The ECIH certification was incredibly beneficial—not just for me, but for my entire team. I invested in both the training and the exam for several team members,

and over half of them are already certified. The course provided us with a solid framework for incident response and introduced us to a range of tools relevant to each phase of handling an incident. This structure has been especially useful in standardizing our approach.

How has the ECIH course influenced your professional development in incident handling and cybersecurity?

The course significantly influenced how we prepare our clients for incidents and respond to them. It offered both the technical knowledge and a comprehensive framework necessary for effective incident response. This has helped us ensure our clients are better protected and that we’re well-equipped to support them during a cybersecurity event.

What aspects of the ECIH program did you find most valuable, and how have they contributed to your professional development? The most valuable aspects for me were the modules on incident identification and mitigation, particularly in the context of malware and different data-breach scenarios. The training highlighted the importance of specific tools and capabilities, such as collecting and analyzing audit logs. This has greatly improved our confidence and competence in managing incidents.

The course essentially gave us a professional-level understanding of what forensic investigators and security professionals do during a breach.

Can you share a specific scenario where knowledge from the ECIH course helped manage a cybersecurity incident?

Yes. One particular incident involved a malware outbreak at a client site, which was detected through an EDR (Endpoint Detection and Response) solution. Multiple endpoints were compromised.

Using the knowledge gained from the ECIH training, we quickly worked with the vendor and the client to identify the root cause

what you could call “patient zero.” We then isolated affected systems, notified users of scheduled maintenance, and eradicated the malware.

Thanks to the structured approach and best practices we had learned, we brought the digital infrastructure back online within a few hours. The ECIH training provided the foundation we needed to respond effectively and professionally, ensuring minimal disruption and a swift recovery.

Have you completed any other cybersecurity courses or certifications? If yes, how does the ECIH certification differ in terms of skills gained, career advancement opportunities, and overall value?

Yes, several members of my team members and I hold various certifications. Most of us are Certified Information Security Auditors from ISACA. I also hold the Certified Cloud Security Professional (CCSP) and Certified Information Systems Security Professional (CISSP) credentials from (ISC)², as well as the Certified Information Security Manager (CISM) certification from ISACA.

In comparison, the ECIH certification fits well alongside these credentials. Each certification focuses on different areas of cybersecurity, but ECIH is uniquely focused on incident response. What stood out was its technical depth—comparable only to the CISSP in terms of complexity. This technical rigor was extremely valuable and differentiated the course from other certifications.

How critical or helpful is the ECIH training for career development, particularly for those interested in incident handling or cybersecurity?

The ECIH certification is highly valuable and provides a competitive edge, especially for those pursuing roles in SOCs or serving as information security managers.

For professionals actively engaged in analyzing and responding to incidents, particularly in 24/7 SOC environments, the ECIH certification provides essential knowledge and practical tools that are directly applicable to their responsibilities.

How does ECIH training align with the evolving threat landscape and the need for effective incident response?

The training is extremely relevant in today’s cybersecurity environment. Breaches are now occurring at an unprecedented rate, and attackers are becoming more aggressive and sophisticated. Their tools and scripts have improved significantly. Given this reality, it’s no longer a matter of if an organization will face an incident, but when. The ECIH training equips professionals with the necessary skills to respond swiftly and effectively in such scenarios.

Can you describe any specific challenges or gaps in your incident handling knowledge that the ECIH course helped you overcome?

Before taking the course, I was familiar with incident response frameworks like the one provided by NIST, so I had a good grasp of the overall methodology. However, ECIH filled important gaps, particularly in identifying the appropriate tools to apply at each phase of an incident. This practical insight significantly expanded my knowledge and enhanced my ability to respond effectively to real-world incidents.

Tell us about your journey as a cybersecurity professional.

My journey as a cybersecurity professional has spanned over 30 years. I began my career in 1991 as a financial auditor with Ernst & Young. Around 20 years ago, I transitioned into IT audits and have since held various Director-level audit roles, primarily with IT-centric companies that provide services to global corporations and handle large volumes of sensitive data.

This transition required me to gain in-depth knowledge of how IT and information security audits operate. Over the years, I’ve developed expertise in numerous compliance frameworks, including SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST, and even FedRAMP. Understanding the intricacies of these frameworks and their control requirements has been crucial to my development as a cybersecurity professional. This foundational knowledge has enabled me to deliver value-added security consulting services both internally and to clients.

Would you recommend the EC-Council Certified Incident Handler (ECIH) course and certification to others interested in incident handling and cybersecurity?

Yes, I would absolutely recommend the ECIH certification to anyone pursuing a career in cybersecurity, particularly those involved in incident response. Being able to effectively guide your organization or clients during a cybersecurity incident is invaluable in today’s threat landscape.

The ECIH course prepared my team and me very well. It provided a structured framework for incident response, including a step-by-step methodology and insights into the technologies appropriate for each phase of an incident.

Moreover, it offered guidance on managing various stakeholders—clients, internal teams, and affected end users—during a breach.

In summary, the ECIH certification is a vital resource for any cybersecurity professional. I strongly encourage anyone with an interest in incident response to pursue this training. It’s not a question of if you’ll need these skills—it’s a matter of when.

Conclusion

The EC-Council Certified Incident Handler (ECIH) certification stands out as a key qualification for professionals involved in cybersecurity and incident response. It goes beyond theory, equipping individuals with practical frameworks, technical depth, and situational readiness needed to handle sophisticated attacks effectively. For those working in SOCs, audit roles, or frontline response teams, ECIH provides actionable knowledge that translates directly to real-world value. In a climate where security events are increasing in frequency and complexity, the ability to act swiftly and decisively during an incident is not just beneficial—it’s essential. This certification has not only elevated the capabilities of one professional and their team but has also reinforced the importance of structured, continuous learning in the fight against cyberthreats.

Jay P Anthony is a seasoned cybersecurity expert with extensive experience in security operations, threat intelligence, and risk management. His current focus lies in cybersecurity governance, specializing in cloud security, and audit support for frameworks such as SSAE 18 (SOC 1 & SOC 2), ISO 27001, PCI DSS, FISMA-FedRAMP, HIPAA, and HITRUST.