Why I Recommend the Certified Incident Handler Certification (E|CIH)
I work as an incident response analyst at Sophos Rapid Response in the UK. I have been working in IT and cybersecurity since 2008 and writing about cybersecurity, ethical hacking, DFIR, and OSINT since 2020.
I decided to take the E|CIH course and exam to progress in my career because I had already started working as an incident response analyst (my first year in the role), and I wanted to pursue a course that covered broader aspects related to incident management.
Why Did I Choose E|CIH?
The UK government requires every company offering cyber incident response services to have at least one manager on their team with one of our nationally designated certifications.
The E|CIH v2 maps 100% to this certification, which emphasizes the requirements of incident handlers in real-world situations.
EC-Council’s new version of the E|CIH is also 100% compliant with the NICE Cybersecurity Workforce Framework. This is the USA’s national cybersecurity framework, which ensures that a trusted structure and language are maintained throughout the cybersecurity profession.
My E|CIH Experience
I chose to take the self-study training route over attending an in-person training center because I have ADHD, and this option allows me to learn at my own pace and revise things as often as I wish.
What was included in the course?
- Official EC-Council E|CIH course materials
- Official E|CIH lab access
- EC-Council E|CIH exam
It took me around five months to work through the course manual and labs between working and family time (I have three kids), so that was good, as you get 12 months of access to the program.
Considering that I work in the incident response industry, the E|CIH course was in-depth and more difficult than I had anticipated. While it did cross my mind that it might be a little bit easier than it was, I was wrong.
The coursework was great and thorough, covering all aspects of incident handling across nine modules:
- Module 1: Introduction to Incident Handling and Response
- Module 2: Incident Handling and Response Process
- Module 3: Forensic Readiness and First Response
- Module 4: Handling and Responding to Malware Incidents
- Module 5: Handling and Responding to Email Security Incidents
- Module 6: Handling and Responding to Network Security Incidents
- Module 7: Handling and Responding to Web Application Security Incidents
- Module 8: Handling and Responding to Cloud Security Incidents
- Module 9: Handling and Responding to Insider Threats
There is a nice flow in each module. It is a comprehensive specialist-level program that imparts knowledge and skills on how organizations can effectively handle post-breach consequences by reducing the impact of the incident, both financially and reputationally.
The lab time was great. You will have access to over 50 labs, 800 tools, four operating systems, and a large array of templates, checklists, and cheat sheets.
I found the materials informative with numerous new tools I was unaware of, some I was aware of, and some I use daily, so it was a good set of labs to get stuck into.
The lab setup was extremely good and takes you through each OS step by step, assuming you have not too little knowledge in networking, setting IP addresses, and such.
I was pleasantly surprised by a few tools and am looking to integrate them into my workflow, which is a bonus. The tools vary depending on the module, and I enjoyed getting familiar with the AlienVault OSSIM, an open-source Security Information and Event Management (SIEM), as I had neither seen nor used it before.
E|CIH Preparation Tips
I pursued the E|CIH because, as I’ve already mentioned, I work in incident response, but there weren’t any other noteworthy courses, so I just joined the course with experience. It probably would have been better to take the C|EH course first, but we all live and learn. I still want to take the C|EH and C|HFI, but I think with the right experience—say, 6+ months in incident response.
You do need to manage your workload like any other course, but I found the E|CIH course content to be thorough and had some fun labs too to work on.
Each module was well thought-out and structured. One tip I would want to give here is take notes. I never did to start with and soon realized it was a mistake; take them, so they sink in better.
Why Do I Recommend the E|CIH?
If you are contemplating taking the E|CIH course, I highly recommend it, in part because many others can be quite expensive. Overall, I am hugely impressed by EC-Council, and everything linked to the E|CIH course and exam. It is evident that a lot of work has gone into E|CIH v2, and it has been a pleasure to work through and get certified.
I definitely recommend the E|CIH for any budding incident handlers or others with an interest in this area. I am happy with the course, content, labs, and exam. This is my first time using the EC-Council platform to pursue any kind of certifications, but I can tell you now, it will not be my last.
About the Author
Alexander Giles is an incident response analyst at Sophos Rapid Response. Alexander has been working in IT and cybersecurity since 2008 and writing about cybersecurity, ethical hacking, DFIR, and OSINT since 2020.