In April of 2018, I became an EC-Council Certified Security Analyst (ECSA). So, I wanted to share my experience in obtaining this certification.
The ECSA certification is broken down into two parts. The first being a Challenge Lab and the second being a proctored multiple-choice exam. The proctored multiple-choice exam is only available after the Challenge Lab has been successfully passed.
I started by purchasing the ECSAv9 iLearn package from EC-Council. This included a one-year subscription of iLearn Online Training, a six-month subscription of iLabs, e-courseware, and an ECC Exam Portal 412 Series voucher.
Once the purchase was completed, EC-Council followed up with several emails that included detailed instructions on how to get started as well as how to redeem the vouchers for the different packages purchased.
Like the C|EH material, the iClass portal is where all of the virtual lecture content is stored for on-demand play back. The same instructor for C|EH presents the ECSA material; which I enjoyed his delivery.
With regards to the E-Courseware, this material was housed on Vitalsource.com within the Bookshelf portal and I thought the material was well put together. As mentioned in my C|EH review, the Bookshelf portal may take some time to get acclimated to the material presentation.
The iClass portal also provides the ability to launch the Module Labs. I really enjoyed these labs even more than the C|EH labs. The ECSA labs were configured a little different then the C|EH labs, but the student still had multiple systems to hack against and not disrupt other students. Also, the student can walk through the chapter lab with step-by-step instructions for each objective.
Unlike C|EH, the ECSA course provided multiple penetration testing documents from information gathering templates to final reporting. These documents are covered within the iClass Modules and utilize EC-Council’s penetration testing framework.
After completing all modules and labs within the iClass portal, it was time to register for the Cyber Range iLabs. The iLabs access key is included as part of the iLearn package. Once activated, the ECSA Dashboard is valid for sixty days. The first thirty days is valid for the iLabs Cyber Range and the second thirty days for submitting the final lab report from the ECSA Dashboard.
The Cyber Range iLabs contains both the Module Labs from the iClass as well as the Challenge Labs for the ECSA certification. Based on my conversations with EC-Council, neither the Module Labs nor the Challenge Labs needed to be saved as part of the certification grading. Only the final lab report is graded.
The template for the final report is contained within the download of the documents that was accessible from the ECSA Dashboard. The Sample Pentesting Report Template was located within the ECSA-Report-Templates root directory. The “Sample Penetration Testing Report.doc” was the recommended document to use when completing each Challenge Lab scenario and when submitting the final lab report.
The ECSA Challenge Lab was set up where it was not possible to import or export data to your local system. So, the final lab report must be prepared on your local system. One must use a screen-capture utility to capture screen shots of important steps of the Challenge Lab objectives.
As to the Challenges, the tools and techniques used to achieve the objectives are covered in the ECSA or C|EH iClass material. The difficulty and time to complete the Challenges will depend on one’s experience as a pen tester.
Even though I consider myself a novice pen tester, I was able to complete each Challenge based on the methods and techniques covered within the iClass modules. Although, I will say there were a few Challenges that I had to do additional research and really think of how to conquer the Challenge objective.
Once I completed a Challenge, I immediately started documenting and retracing my steps. This process slowed down the actual pen testing, but I believe that it saved overall time with the final documentation. In total, I spent about two weeks completing the Challenges and documenting the final lab report.
I read a few reviews by others that stated they only changed section 2.0 “Comprehensive Technical Report” of the “Sample Penetration Testing Report.doc” and passed the Challenge Lab. However, I decided to modify additional items within my final lab report for a more personal touch.
Once I was satisfied with my 108-page final lab report, I used the ECSA Dashboard to submit the report. EC-Council then sent a canned email response that it could take up to seven days to review and grade the report. A few days later, I received notice that I passed the Challenge and I was eligible to take the practical exam. In addition, I received my voucher code to register for the practical exam.
The practical exam was a 150-question multiple choice proctored exam with a time limit of four hours. At the time I sat the exam, EC-Council only provided an on-line option through Proctor U.
As many others noted, and I would conquer, this exam was much more difficult than the C|EH exam. I would say that the majority of the questions are covered in the ECSA iClass material and go into greater detail than what was covered on the C|EH exam. In addition, I believe there were a few questions that came from the C|EH iClass material as well.
As to studying, my recommendation is to know all of ECSA material covered. If one only studies the topics covered within the Challenge, a passing score may not be achievable. In addition, I would recommend not taking a break in between the Challenge and studying for the proctored exam.
Like many other proctored exams, a pass or fail is presented at the completion of the exam. A few days after a passing score has been achieved, EC-Council sends an email confirming your address for the Physical Kit to be sent.
As to the ECSA experience, I really enjoyed the Challenge Lab portion of the exam. Similar to my CCIE days, this was an exam that not only required one to be able to demonstrate what they have learned, but also required the knowledge needed to pass the proctored exam.