E|CIH Certification: My Experience as an Incident Response Analyst

As an incident response analyst at Sophos Rapid Response in the UK, I have been working in IT and cybersecurity since 2008, and writing about cybersecurity, ethical hacking, DFIR, and OSINT since 2020. One of the key reasons why I decided to take the E|CIH course and exam was to progress in my career as an incident response analyst and gain a better understanding of broader aspects related to incident management.

Why Did I Choose E|CIH?

The UK government requires every company offering cyber incident response services to have at least one manager on their team with one of our nationally designated certifications. The E|CIH v2 maps 100% to this certification, which emphasizes the requirements of incident handlers in real-world situations. EC-Council's new version of the E|CIH is also 100% compliant with the NICE Cybersecurity Workforce Framework. This ensures that a trusted structure and language are maintained throughout the cybersecurity profession.

My E|CIH Experience

I chose to take the self-study training route over attending an in-person training center because it allowed me to learn at my own pace and revise things as often as I wished. The course included official EC-Council E|CIH course materials, official E|CIH lab access, and the EC-Council E|CIH exam.

Read More: 212-89: EC-Council Certified Incident Handler (ECIH)

It took me around five months to work through the course manual and labs, as I have three kids and work full-time, but that was good because I had 12 months of access to the program.

Coursework

The coursework was great and thorough, covering all aspects of incident handling across nine modules. Each module had a nice flow and was well-structured:

Module 1: Introduction to Incident Handling and Response

Module 2: Incident Handling and Response Process

Module 3: Forensic Readiness and First Response

Module 4: Handling and Responding to Malware Incidents

Module 5: Handling and Responding to Email Security Incidents

Module 6: Handling and Responding to Network Security Incidents

Module 7: Handling and Responding to Web Application Security Incidents

Module 8: Handling and Responding to Cloud Security Incidents

Module 9: Handling and Responding to Insider Threats

The program is a comprehensive specialist-level course that imparts knowledge and skills on how organizations can effectively handle post-breach consequences by reducing the impact of the incident, both financially and reputationally.

Lab Time

The lab time was fantastic, with access to over 50 labs, 800 tools, four operating systems, and a large array of templates, checklists, and cheat sheets. The materials were informative, with numerous new tools that I was unaware of, some I was aware of, and some I use daily. The lab setup was extremely good and takes you through each OS step by step, assuming you have some knowledge in networking, setting IP addresses, and such.

E|CIH Preparation Tips

If you are contemplating taking the E|CIH course, here are some tips I would recommend:

1. Manage your workload, like any other course.

2. Take notes, so you can remember the information better.

3. Pursue the E|CIH course if you work in incident response, but it probably would be better to take the C|EH course first.

Why Do I Recommend the E|CIH?

Overall, I am hugely impressed by EC-Council, and everything linked to the E|CIH course and exam. It is evident that a lot of work has gone into E|CIH v2, and it has been a pleasure to work through and get certified.