Firstly I must apologize for not writing something earlier this month. I have been rather busy working on a few projects. As this situation develops with regards to EC-Council, I thought that I would add something more substantial to the conversation aside from comments on various social media.
So, from where shall I begin? Perhaps some definitions would be useful, especially for EC-Council as they apparently are in need of a refresher on this particular knowledge. They should also take note of how to link to other sources when quoting information as apparently, it’s something that also needs refreshing.
Irony. From the Wikipedia entry we can learn this:
Irony (from Ancient Greek εἰρωνεία eirōneía ‘dissimulation, feigned ignorance’), in its broadest sense, is a rhetorical device, literary technique, or event in which what on the surface appears to be the case or to be expected differs radically from what is actually the case.https://en.wikipedia.org/wiki/Irony
Ethical is defined as:
conforming to accepted standards of conducthttps://www.merriam-webster.com/dictionary/ethical
Plagiarism is defined as:
To steal and pass off (the ideas or words of another) as one’s ownhttps://www.plagiarism.org/article/what-is-plagiarism
This now leads us to the reason for this blog post, EC-Council and their recent lack of ethical behavior.
For those of you who are not members of the InfoSec industry and/or community, EC-Council provides training, certifications and degree programs. CEH or Certified Ethical Hacker is one of their offerings and was considered a “gold standard” credential to obtain. It’s a effective gatekeeper requirement that for those who hold this certification, are affirmed to be ‘Ethical Hackers’.
EC-Council has had it’s share of controversy over the years, but within this past month, it seems they have
and succeeded in becoming a living, breathing example of irony; through repeated acts of plagiarism, not quoting/misquoting sources and behaving in a most unethical fashion in their interactions on various social media. It’s been so abhorrent that the leading members of the industry are calling them out for their actions.
One of those leaders and victims of their acts of plagiarism, Alyssa Miller, has very eloquently written an open letter to EC-Council on Twitter. It’s put together rather nicely at Theadreader: https://threadreaderapp.com/thread/1408120698573316104.html, I highly recommend that everyone, especially EC-Council, reads it.
If you wish to become more aware of EC-Council’s behavior, just head over to Attrition.org and review their page on EC-Council (https://attrition.org/errata/charlatan/ec-council/). This will allow to understand how bad things have become.
When I began to make the shift into a career in Information Security, I had researched obtaining the CEH. Many people told me it was one of the starting places for everyone in InfoSec. Get your Security+, maybe your CYSA+, then get the the CEH and then you should look into other things like OSCP or eJPT.
I began to change my mind a few months into my studies as I had heard of issues with exam questions and learned that the training didn’t really help one learn how to do anything, just tested your general knowledge.
Regardless I still had it on my list as in theory, the CEH would help me move past the HR walls to get the interview. Having the OSCP or eJPT would show the hiring manager that I could do the work.
Over the past year I had begun to question more if the CEH was worth the money. Hearing more and more about EC-Council’s dirty history was becoming a real concern. Every company makes mistakes. It’s going to happen. How you respond to those mistakes expresses externally to the world what you host as your internal culture, ethics and ideals.
This is really not a good situation. EC-Council so far, has not responded in a fashion that instills confidence in the brand or their leadership. I feel badly for everyone who has worked hard and obtained their certifications. Those who hold these credentials are wronged by these actions.
If you hold the CEH or any of EC-Council’s certifications, congratulations on your achievements. It reflects positively on all your hard work.
For me, at this point, I want nothing to do with them. I am an ethical hacker without their certification.
UPDATE 28 June 2021:EC-Council has published a statement concerning the plagiarism issues on their blog posts. TLDR; We screwed up with the blog, some people have resigned, we won’t do this again. You can read the full statement: https://www.eccouncil.org/plagiarism-investigation/
Until next time, #BeCyberAware, #BeCyberSmart, #BeCyberSafe!