Hello,
So, as mentioned previously I have started EC-Council Certified Incident Handler (ECIH) Version 2 self-study last week and so I thought I would share with you my initial thoughts and what I have done so far.
Who am I and why this course?
Since stating this site and journeying into cybersecurity I have taken a load of courses in different subjects looking for what I want to veer into and the path I want to take.
I decided around a year ago I wanted to take the DFIR (Digital Forensics and Incident Response) path and so focused more on this, I have been SO LUCKY to start a role in incident response in October of last year and it is hands down the best job I have ever had and hands down the best employers I have ever worked for and my bosses, team mates and stuff are all pretty awesome and so knowledgeable and so I really wanted to up my knowledge in IR.
Although I have learnt loads since starting and am still learning every day, I wanted to get a known, good certificate that will give me some good grounding and theory with a direct learning path and as amazing learning on the job is I wanted stuff to get stuck into outside of working hours and this course looked PERFECT.
And so here we are, first week done on the course and another 11 and a half months to go before I try my exam.
Other than interviews these are pretty much the only posts you will get on the site for the next year (sorry).
Now onto the post…
When you first log in to the system you are met with a page that has five options/buttons which are ‘Training’, ‘Evaluation’, ‘Exam’, ‘Certificate’ and ‘N/A’.
Training, Exam and Certificate are pretty self-explanatory, and I am assuming that ‘Evaluation’ is like a mock exam to see if you are exam ready but not going to lie, I have no idea what the ‘Ece Status’ is about but I am sure i will find out at some point soon.
Not going to lie and I messed up a little as in training you are greeted with these options.
I started to work through the table of contents, module 1 and then module 2 before realising there is a section in the courseware, Lab Setup Guide and Labs Manual so I went back and am currently setting up the lab for module 1 and after that I will redo courseware for module 1 and then straight onto the lab for said module.
I’ve party finished my ‘Windows Server 2016’ machine and then need to do a ‘Windows 10’, ‘Ubuntu’ and then ‘AlienVault OSSIM’.
Being only halfway through creating the labs I will screen record some of it and make a video for YouTube in another week or two and show you all what I mean.
As you can see, week 1 has been more about familiarising myself with how I am working, setting up stuff and the like.
This week my plan is to have the lab for module 1 built and be finished re-reading the coursework taking any notes as I go, I really do work better reading my task and then re-reading taking notes knowing what is coming up.
So far module 1 Is a mixture of stuff you would expect like ‘Elements of Information Security’, ‘Elements of Information Security’ and loads more like that but also good amount of information and really going in depth on the likes of ‘Vulnerability Management Life Cycle’ and ‘Threat Contextualization’.
Looking forward to getting stuck into the labs and really hope to see a good balance of theory and practical.
Regards
Alex
Can you give me the document ” EC-Council Certified Incident Handler (ECIH)” for self-study?
Its not a document, its a course that you work through.