Put in for a CEH Waiver

the_Grinch

Well I submitted my package to be able to self-study for the CEH exam. I've taken a course that was closely related and have taken a ton of security courses as that is what my BS is in. Now the waiting game for them to get back to me!

the_Grinch

Boy is the EC-Council quick! Waiver has been approved I can self-study! For those of you with educational experience and looking for the certification I'd send in a copy of your transcripts and course descriptions!

ULWiz

Very Nice congrats.

darkerosxx

Congrats!

Can you expand on the level of courses and how many hours you submitted to EC-Council? That way others will have an idea. I don't think we've heard of what anyone else submitted and had approved so far.

dynamik

Hm, I thought /usr got it waived as well.

Didn't someone recently say it took them a month or so to get an answer back? It seems like they've really streamlined things. Maybe I'll put my letter together tomorrow...

the_Grinch

Sure no problem posting what I took course wise:

Certifications: Security+ and CCENT

Courses Taken with Descriptions

IT Security I & II - This class is a hands-on introduction of key security concepts such as authentication, malware and attacks, security in transmissions (including wireless). Cryptography, PKI and security analysis and planning (including risk management). Security policy, law on computer security violations. / This course focuses on network security. Students will gain hands-on experience in the areas of Internet vulnerabilities, analyzing intrusion signatures, risk analysis, designing and configuring firewall systems, router security, Attack and Defense Techniques, IP and Packet structure and analysis, creating a security policy, operating system security for Windows and Linux.

Security & Information Warfare - This course presents the theory and methodology of Information Warfare and Security. Topics covered include: intellectual property crimes; computer fraud; harassment; embezzlement; eavesdropping; sabotage; surveillance; identity theft; incident handling; terrorism; and the protection of critical infrastructure. The course requires critical thinking and analysis of topics.

Applied Cryptology - This course presents the theory, methods, strengths, weaknesses, and effective strategies necessary for students to acquire a fundamental knowledge of Cryptography and Stenography. This is a hands-on course utilizing several tools and software programs. Emphasis is placed on formulating effective strategies, such as when and how to protect computer data.

Computer Forensics - This course presents the theory, methodology and hands-on labs necessary for students to become competent in the basics of computer forensics. Topics covered include: Understanding Computer Investigations; The Investigators; Laboratory; Current Computer Forensic Tools; Digital Evidence Controls; and a Processing Crime.

IP Security and VPN Technology - Technological components of IP Security and underlying architecture. Theory of symmetric-key cryptographic algorithms, including AES, CAST, Blowfish, IDEA, RC2, RC5, and Skipjack. Understanding of PKI infrastructure and the managed certificate protocol. Implementing VPN solutions in a variety of scenarios.

Defensive Counter-Measures - Theory, methodology and hands-on labs relating to Defense Countermeasures. Understanding the reasons that lead to system vulnerabilities and how criminals exploit those vulnerabilities. Labs that utilize security software to conduct penetration testing, audits, and system vulnerability tests will be taught.

IT Policies - This course presents the theory and legal issues necessary for students to acquire fundamental knowledge of Computer Policies for information Security. Topics covered include: E-mail, Employee Privacy, Labor Organization Activities (Fair Use), Avoiding Discrimination and Harassment, Copyright, Defamation, Spamming, Trade Secrets & Confidential Information, Attorney-Client communication via E-mail, Computer Security, Preventing Waste of a Computer Resources, Essentials for Good Policy, and Ensuring Compliance.

IT Risk Assessment - This course addresses risk management methodology, the specific procedures for determining assets valuation, vulnerabilities, and threats. Risk migration methods that security professional use to protect valuable IT assets will also be studies. Issues, designed to foster critical thinking, are explored, as well as the standardized approaches to risk management.

Disaster Recovery - Disaster Recovery & Continuity Planning specific to Emergency Recovery Procedures. Techniques for development of disaster recovery plans, procedures and testing methods. Strategies used by businesses to assure that sensitive data will not be lost in the event of a disaster. Techniques used to manage potential risk within multiple environments.

Network Security I II - This class focuses on the security aspects of networks. Topics covered: Intrusion detection, VPN, and Firewalls. This course is designed to provide students with the necessary skills and information to pass the Securing Cisco IOS Networks (SECUR). / Theory, methodology of Security firewalls, Topics include: firewall models, user interfaces, feature sets, interfaces, routing, IP addressing services, IP multicast support, monitoring with SNMP, authentication, authorization, and accounting, address translation, traffic content filtering, application inspection, traffic shunning, and firewall failover.

IT Security Audits - This course presents the theory, methodology, procedures and hands-on labs necessary for students to acquire a fundamental working knowledge of IT System Audits. Students learn how to discover system vulnerabilities with proper audit procedures, and how to document their findings properly for upper management.

Access Controls and Intrusion Detection Technology - Fundamental theory and methodology of intrusion detection systems. Using intrusion detection systems to secure corporate and personal networks against attacks. Hands-on laboratory experience using an in-depth, open-source network intrusion detection system. (Used SNORT)

Security Management - Managerial issues involved in the daily operations of an IT Security department. Topics include staffing, budgets, job descriptions, long term planning, resource allocation, training of security personnel, motivational techniques, interaction with other departments including upper management.

OS Security Arch I - This course provides requisite knowledge to perform network security within a Windows based computing environment. Topics include: how Assets are Attacked and Secured, Trusted Computing Bases, Cryptography, Protecting Web Servers, Security for Web Browsers, Database Security, Protecting DNS, Security Policies and Procedures.

Incident Response Best Practices - Theory and legal issues necessary for students to acquire fundamental knowledge of how to design an effective Incident Response Policy. Topics include forming and Incident Response Team, types of responses, legal issues, training employees, selecting tools, honey pots, computer attacks, and the cost of an incident.

3.45 GPA and nothing lower then a B in any of the above courses, mostly A's or A+'s

My Defensive Countermeasures course is probably the biggest help as it is exactly like the Certified Ethical Hacker training and after completing the test I think I will talk to the head of my program about gearing it more towards CEH. All the courses required hands-on labs and projects (mostly long written papers). Incident Response had use write a 3 day and week long plan in response to natural disasters. Security Management had us develop a budget and training for a security department. Risk Assessment and Disaster Recovery required we do both for our company and in my case I was selected to do it for my college. Security Audits had us preform an audit on Windows Server 2003 and detail not only the holes, but the fixes for them. Hope this helps!

Oh yeah and I submitted my resume, which has some limited security experience on it!

darkerosxx

Hah, you probably don't even have to study much of anything!

the_Grinch

LOL probably not, but not risking $250 on it. Got two books and the CBT Nuggets for it so I will be more then prepared. It will be nice to take the break from Cisco for a little bit. Might look into CHFI after I finish this! But I really enjoyed every course I took and have been successful on a couple of security interviews.

shednik

Thats nice to hear, I haven't taken any security courses at the grad level but I had one in my undergrad, have about 18 months experience in tasks relating to security. So I'm hoping that will be enough to take the exam. Where did you get your BS from thats an intense program.

the_Grinch

Drexel University they had just started their Security program about two years after I got in so I was able to jump right in. It was a large course load, but when you enjoy it there are no issues. Just waiting on my Calc grade and I will be the third person to graduate from the program (with the Security concentration).