7 hours 6 minutes
Hey, everyone, welcome back to the course. So in this video, I just wanted to talk about the EEC Council certified ethical hacker certification just a little bit to get you familiar with that particular exam. So in this video, we're gonna talk about why you might want to take the CH exam. Also, talk about some of the job roles and job titles that
having the CH can qualify you for or at least
the job description entitles that you'll find CH listed in.
And we also talk about the exam blueprints. We'll talk about what areas They're kind of waited the most on the exam, and we also talk about here in the US the general salary range you can expect for this particular certification. Keeping in mind that this salary range we show will vary based off your location,
very based off your experience, your skill set as well as theatrical
job role you're going for.
So what is the C E. H? Well, it stands for certified ethical hacker. It's an examination and certification from E. C Council.
Now, the one that this course can help you with is gonna be the what we call the didactic one. So this one is 100 and 25. Question multiple choice examination. You have four hours to do it in. There's also a hands on C E H, which easy council also does offer. But since the labs in this course are considered an optional component,
if you don't take those labs and you won't really be prepared without hands on experience for that other version of C eight, So this course specifically can help you prepare for the more didactic the multiple choice question examination.
So why should you take the C E h exam?
Well, number one if you're looking for the junior entry level penetration testing rolls CH is a good fundamental certification to get. So if you're looking to get past those HR filters, this is a good one to get to help you get your first job as a junior pan tester.
C H is also listed under D O D 85 70. So what does that mean if you're outside the U. S. Not a whole lot, unless you're planning to get a government job with the U. S. Government. But for those here in the U. S. D. O d 85. 70
Specify certain certifications that qualify you for specific job role. So, for example, CSS P analyst
C S SP infrastructure support incident responder
as well as auditors. So all of these, if you have ch you can qualify for these different job roles with the U. S. Government.
H R teams around the world actually love ch. You'll see it in a lot of job description. So just having it could get you past those 80 s or application tracking system
automation Softwares and get you your resume in front of ah, live human being. Plus, it's pretty cool when you go out to networking events and say You're a certified ethical hacker. Just a great conversation start.
And, of course, the salary right, depending on the job, will you choose
having the CH can help you get a bump in salary on again. Depending on that job role, it might be a really big bump or just a minor bump. But in any event, there's really nothing wrong with getting more salary right. We all like more money.
So speaking of jobs around having the CH, let's talk about some of the job roles you might see on different job board platforms for people that have ch. So, for example, Information Security analyst junior pen tester, which I mentioned before Web pen testers. A lot of times you'll see the more junior pen tester roles.
Many times they'll be open for Web application pen testing. So just keep that in mind
that you might wanna really hone your Web apps pen testing skills because that might be your way to get in to that first job as a pen tester,
cyber security analyst,
security engineer, red team engineer. In some instances, you'll see CH listed there as well as, well, a cyber threat analyst and again keeping in mind that
just because you have CE eight, it doesn't mean you qualify for that job, right. You need to look at the actual skills we're looking for.
But C E. H is mentioned in a lot of these different job roles as one of the certifications that they do prefer that you have.
So let's talk salary. So this is just a rough baseline salary range for here in the United States now, depending on the country in things maybe a much, much less
it might be much higher. It just kind of depends where you are. Even here in the United States, this is gonna very based off the job you're trying to do the location. You're in the ability of you to negotiate your salary because just because this is a range doesn't mean that everyone has good salary negotiation skills. So
this is very fluid thing. I would say
if you're looking at more analyst roles and your entry level realistically, you're probably looking in like a 40 to $60,000 US range. And that's again thes salary ranges air just for the United States individuals out there. But that's kind of the range you might be looking for form or the analyst rolls your junior pen tester roles,
maybe 60 0. Sometimes you get this 70,000
realistically, the six figure stuff that's for experienced individuals. So whether it's experience as a as an analyst or incident responder or is ah, cyber security engineer
or as a pen tester, it's usually if you've got some skills and in a few years, at least of experience. Now, that being said, 120 K is not a cap. There's many pen testers I know making multi six figures working in public sector as well as critical infrastructure. Acela's general environment. So
it's just such a fluid rain. Just really tough with this particular certification toe lock something in but just know
it's gonna very based off your location, your job title, the skills listed in the job. So the actual skills you have your your years of experience as well as again going back to your ability to really negotiate your salary.
So let's talk real quick about our C E H domains that are listed on the Easy Councils CH. Blueprint 3.0
Background makes up about 22% of the exam Questions Analysis assessment. About 13% security, roughly 24% tools and systems is about 29% and then we drop our numbers in procedures methodology. About 9% regulation and policias Wells Ethics air right around the 2% range. So you notice
some heavy focus on background tools and systems and security.
We're gonna talk about just some of the topic areas that are involved in these domains
and one thing to keep in mind is that as we discuss thes many of these topic areas are covered broadly throughout the course. What does that mean? That means that we don't just focus in one area, and then you can forget about it later on. In the course, we keep bringing these topics back up throughout the course that are relevant to really help you understand how things
So let's talk about background first. This is gonna involve things like our mobile technology. So just the mobile infrastructure, architectures
of the devices, some common terminology, etcetera. So it's sort of that the high level view of mobile devices,
this domains also gonna cover our network infrastructure. Right? So our devices, our hardware infrastructure
of our network is gonna cover things like cloud. So focusing on things like the general Cloud deployment models cloud computing terminology so that very high level cloud stuff, as well as covering things like malware and vulnerability assessments.
So next we have our analysis and assessment phase, this one's gonna cover things like sniffing so sniffing that network traffic,
as well as things like scanning and enumeration of the network and things like information gathering or foot printing slash, reconnaissance and finally system hacking So this is where we're cracking passwords. We're talking about things like privilege escalation and how can we Actually, once we've identified targets,
how can we actually attack those targets and gain access to the network
and achieve our objectives as the hacker? Next, we have the security domain again, a heavier domain here, 23 to 24% coverage.
We're gonna talk about things like General Security controls. Weaken. Do we'll talk about DDOS attacks and protection against them. We also talk about ways to evade ideas, systems or intrusion detection systems and firewalls. And we also talk about some countermeasures or protection against our defense against Web attacks.
Next, we have our tool systems and programs domain. So this is where we'll talk about things like DNA's.
We'll also talk about a lot of the tools that are in use. And as I mentioned before, this stuff is gonna be spread across the course so we don't just focus on one section and call it tools. As we go through each section, I'll name off different tools that you can use and these air tools that you'll want to know going into the EEC Council CEO exam if you decide
that is something that you want to take after taking this course
Next, we have our procedures and methodology domain. So this one again is a kind of a light one. This one's about 9% of the exam questions. So we've already covered sort of the heavier ones before this. So here we're gonna be talking about things like cryptography. So for the CH specifically, you don't need a deep dive into cryptography at all.
It's really just understanding some high level terminology. So things like symmetric versus asymmetric
photography as well as understanding PK I or public key infrastructure, and we'll cover that in this particular course.
We're also gonna talk about things like Web attacks. We'll talk about some of the most common Web attacks that we see out there, as well as mobile hacking for regulation in policies. This is in standards, and this is where we kind of talk about things like P. C. I. D. S s socks. We talk about C c. P. A. The California Consumer Privacy Act. So we kind of covered these at a high level
again. This one's only about 2% of the questions on the exam. It's
really only a couple of questions. You'll see, uh, normally on the exam for this. But it is good to know
these types of laws and regulations as you move MAWR into a pen tester role or even in a defensive role, because you can understand things from a compliance perspective.
And then finally, we have our ethics domain again. This one's a very light one, about 2% to 23 questions on the exam. Roughly that you'll see. This is where we really focus on the code of conduct, right, making sure that we have permission to actually attack systems. And what does that actually look like? What kind of permission do we actually need?
So in this video, we just talked about why you might want to take the CH exam from EEC Council to get that certification.
We also talked about some of the job roles and job titles you'll see on various job boards for somebody that may have ch so again, these air jobs where CH is listed in the description is not. There's not an actual title called C E H Engineer or something like that. You won't see that out there, but you will see these job titles, and in the description you'll find
C E. H is listed.
We also talked about the exam blueprint. So we talked about the areas you need to focus on for the exam sort of the areas where the most questions will be coming from. And we talked about the general salary range here in the US for someone with ch again. That's gonna very on your job. Title location, job description, job skills, experience. You know, just a myriad of factors
will play into what your actual salary is gonna be.