In Certified Ethical Hacker, Cybersecurity, Videos

Certified Ethical Hacker and Offensive Security Certified Professional

Accellis Technology Group recently sat down with our on-staff Certified Ethical Hacker (CEH) and Offensive Security Certified Professional (OSCP), Stephen Smith. What is a CEH and an OSCP, and why is it beneficial for an MSP to have an employee with these certifications on staff?

MSPs who staff security professionals that hold CEH, OSCP, CISSP, and other certifications are able to recreate security breaches, identify gaps in security posture, remediate gaps, and instill a security culture at both the MSP and its clients. Today, security and IT management pretty much refer to the same thing. -Michael O’Neill

Certified Ethical Hacker:

What is it? A qualification obtained by demonstrating knowledge of assessing the security of computer systems by looking for weaknesses and vulnerabilities in target systems, using the same experience and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system.

Certifications Prerequisites: Forty-five hour training course including a 5-step hacking methodology through EC Council covering such topics as footprinting and reconnaissance, scanning, gaining access, maintaining access, and covering tracks.

ceh-logo

Offensive Security Certified Professional

What is it? An OSCP is a hands-on penetration testing certification professional that understands the concepts of successfully attacking and penetrating various live machines in a safe lab environment in a timed environment. An OSCP is considered more technical than other ethical hackers and is one of the few certifications that requires evidence of practical penetration testing skills.

Certifications Prerequisites: OSCP certification takes an average of 1.5 years and 227 hours of training. The exam is 24 hrs practical hacking  and then 24 hrs to compile and submit a report.

untitled-design-8

Real World Example

In a recent pen test, we were able to create a spoof landing page mimicking a password recovery site for Office 365 login credentials. A phishing email was sent to all end-users. We recovered nine usernames and passwords in four minutes.

This type of success rate in a real-life data breach situation can cause insurmountable damage to a business, including access to financials, ransomware payments, reputation damage, loss of customers, access to third-party vendor information, and more. -Stephen Smith

Have Questions?

Do you have questions about the latest in cybersecurity solutions and how to protect your organization from cyberattacks? We want to help! Fill out the form below and a Cybersecurity expert will reach out at your earliest convenience to answer your questions.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.