New to Cybrary: Ken Underhill, Master Instructor
New to Cybrary: Ken Underhill, Master Instructor
One of the newest members to the Cybrary team is Ken Underhill, CEH, CHFI. You may have already seen his new Ethical Hacking course which launched a few weeks ago, but we want to introduce you to the SME behind the course.
The Master at Work
As a Master Instructor for Cybrary, Ken holds the Certified Ethical Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI) certifications from EC-Council, as well as a Master’s degree in Cyber Security and Information Assurance, with a Bachelor’s in Information Systems and Cyber Security Management. He has taught online courses since 2016; however, those courses were mostly in the health and business marketing verticals. In early 2018, Ken decided to follow his passion and began teaching cyber security topics. Soon thereafter, he became an Adjunct Professor of Digital Forensics.
As side projects, Ken reviews content for EC-Council on the Certified Ethical Hacker exam and writes questions for the Computer Hacking Forensic Investigator exam. To date, he has helped thousands of students around the world pass both certifications.
- What brought you to Cybrary, and what are your (personal) goals?
- What do you teach/want to teach on Cybrary?
- What is your job as a Master Instructor at Cybrary?
- Any advice you would give to people doing online training?
- What advice would you give to people pursuing certifications?
- What is the best learning path for an aspiring ethical hacker?
- What should students of your course(s) walk away with?
- What do you feel is the biggest threat to cybersecurity today?
"I set a 2018 goal to help over 100,000 cyber security professionals to pass the CEH and CHFI exams. By partnering with Cybrary, I was able to increase my goal to over 1,000,000 students and it’s actually happening!"
"I currently teach the Penetration Testing and Ethical Hacking (CEH prep) course that just launched (hint, hint, wink, wink- go view it!) and I am also producing a Digital Forensics (CHFI prep) course as well [release date, TBD]. I am enjoying the platform and hope to produce many more courses in areas like risk management, disaster recovery, and more!"
"As a Master Instructor, I am tasked with creating valuable, high-quality, and engaging content to help students learn more efficiently. I am also tasked with mentoring other instructors through the course creation process by using the skills I have learned [while] teaching online. This includes helping instructors map out their course content and tips regarding the actual filming of the course (i.e.- lighting/audio)."
"Stick with it and plan accordingly. I say stick with it because many online learners have a tendency to work hard for a week or two and then “life” gets in the way. I am guilty of this myself. That leads us into the “plan accordingly” aspect. I found that if I wrote out my study plans for the week on Sundays, I actually was able to get things completed. Using the Ethical Hacking course as an example, I would map out and plan to watch at least one lecture video per day minimum and to do one lab per day minimum. I would then calculate how many videos of each of these there are, so I could get an idea of when I would have the course completed. If that projected date matches my projected date for the exam, then I am all set to learn. If instead, I realize that the projected date of my exam is sooner than [when] I am projecting to be done with the course, then I know I have to work extra hard and maybe watch more videos daily, to reach my goal. I actually did both my undergraduate degree and Master’s this way by planning out what I had to do each week. It saved me time because I was able to focus on a few tasks each day [without overwhelming myself with] everything I needed to learn. I also used Cybrary as study material for both the CEH and CHFI exams and followed the same process in learning on the platform."
I would say to focus certifications in your interest, and in the job market for your area (or the area you want to move to). For example, where I currently live, Splunk is a tool in use by many of the top employers. So, even if I had a strong interest in CompTIA A+ topics, I would instead learn Splunk because that is where the jobs are. I suggest a similar approach for you (though this may not work for everyone). Also, remember you are studying to pass an exam, not to be “right” in the real world on the exam. You will find that many (depending on the cert) exam questions would not be realistic (they would likely not happen in real life). A good example is how EC-Council considers dumpster diving to be a “passive” form of footprinting. You can prove this wrong by jumping in a dumpster at the grocery store and seeing how long it takes for the police to come question you (i.e.- interaction = active footprinting).
Certifications do have some value, as do college degrees, but you have to have some focus on what your endgame is for either to be relevant to your career advancement.
Certifications do have some value, as do college degrees, but you have to have some focus on what your endgame is for either to be relevant to your career advancement. I also suggest not being a “jack-of-all-trades” in your certification journey, so if you want to focus on networking certs, then go all-in on networking and network security. If your goal is software engineering, then focus on various coding certs and learning multiple languages."
"I think anyone aspiring to be a penetration tester needs to understand the entire process at a high-level and then plan to specialize in a specific area (i.e.- web hacking or mobile hacking). Working as a penetration tester requires a solid knowledge of networking, operating systems, basic programming, etc… and is very hands-on. Labs are critical as is learning on your own. Cybrary has some of the top instructors in the industry, but it is still important to absorb as much knowledge as you can. For example, you take the Ethical Hacking course I teach, but then you should also look at other instructors on Cybrary, like one teaching nmap in-depth or one teaching how to write malware code, so you can take that “deeper dive” into a specialty area. And network, network, network. You would be amazed at how many jobs you hear about just because you are showing up to security conferences or going to local meetups. Also, look for hacker meetups in your area, so you can learn from more experienced individuals. I also recommend for people to teach on Cybrary. Everyone knows something that they think is easy, but that someone else wants to learn. An online course is a great way to brand yourself and get employers [to start] chasing you down."
Cheapness to some extent is going to be the biggest threat...second to the human element...
"Students in the course should walk away with an overview of penetration testing and be prepared for the CEH exam. I have also included all of my notes as a downloadable resource from when I passed my CEH exam."
"I think cheapness to some extent is going to be the biggest threat. I see many companies trying to save a nickel on the front end by either not having full-time security staff or by using offshore entities that are not up to par. This then costs them millions on the backend, when their data is breached. The second threat would be the human element, which is something no one can fully address. We can put technical measures in place to reduce risk, but if a user wants to click a malicious attachment, they still will do it. Security awareness can help keep users from clicking those attachments, but I also think cyber security professionals need to think of every user interaction as a “presentation.” It is an opportunity for you to “present” your position to the user in a format that then encourages them to spread the word. Just like marketing. For example, I have a bakery and make cakes. You come in and try my cake and realize it’s the best you have ever had. You will then go tell your friends, strangers, etc.. about the cake. This leads to more business for me. Think of security awareness [in] the same way. If we can get the users excited about it, we can reach people that we [wouldn't] normally interact with on a daily basis. [All] from that word-of-mouth advertising!"
- As an avid reader, what is your ‘go-to’ thing to read? I enjoy reading business books, primarily marketing strategy books. My favorite author for that would be Russell Brunson.
- Apple or Android? I have used both, but prefer Apple. My iPhone is just cooler than the Android devices I had in the past.
- Red team or Blue?Red Team all the way. I enjoy taking an offensive approach and seeing if I can get past the defenses.
One fun fact about me is I once built a maze for worms and the worms actually made it about halfway through the maze before the science fair ended.