eCIR Certification

doo108doo108 Member Posts: 16 ■■■□□□□□□□
Has anyone taken this exam? I know it is not a popular certification but I think the material (speaking from taking the eJPT). Can someone speak to their experience, especially after the rebrand under INE?

Comments

  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    edited November 2020
    I took the course and exam earlier this year. I really enjoyed the materials and learned a lot. I also thought the exam was very challenging. Using Splunk and ELK, could you find all traces of the adversary? How they entered the network, how they laterally moved, did they obtain any credentials off any hosts? did they compromise the DC?

    I had a lot of experience in blue team with ELK but little to non with Splunk. So I picked up a lot and learned many tactics to investigate and perform a proper incident response. Truthfully I was honest with myself and realized prior to this course, I could NOT confidently tell you if there was an intruder at my employer I could find all traces of the malicious actor. After this course, I could confidently say I have a better approach and a methodology on how perform better as a blue teamer. 

    As you mentioned it is not a popular exam, it is not very recognized or sought after for job postings. However the goal is respectable and could be a talking point for any interview or any curious engineers wanting to improve their skills. 
    I took the exam before the INE transformation, I don't think the exam has changed. I believe the INE courses do have more video content.

    If I ran into anyone telling me they had eCIR, with confidence I would assume they know how to search for malicious adversaries using Splunk and ELK. This is a huge plus for any employer, not just for the specific SIEMs but for the mindset. 
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
Sign In or Register to comment.