The eCIR designation stands for eLearnSecurity Certified Incident Responder. eCIR is the most practical and advanced certification available on the market on Incident Handling & Response. By passing the challenging exam and obtaining the eCIR certificate, an Incident Responder can prove their advanced skills in the fastest growing area of network security.

Why eCIR

Here are some of the ways eLearnSecurity Certified Incident Responder certification is different from conventional certification:

  • Instead of putting you through a series of multiple-choice questions, you are expected to perform actual Incident Response activities on two different corporate networks. Both Incident Response scenarios are modeled after real-world scenarios and cutting-edge attacking techniques.
  • You will have to combine different detection and analysis methodologies to effectively respond to the exam’s incidents. Traffic analysis, event/log analysis within ELK and Splunk and event correlation will be required. A skillset like this will make you a valuable asset in the corporate sector.
  • Only individuals who provide proof of their findings in addition to identifying any attacker activities and thinking outside the box in this "engagement" are awarded the eCIR Certification.

Knowledge domains

By obtaining the eCIR, your skills in the following areas will be assessed and certified:

  • Network packet/traffic analysis
  • In-depth knowledge of tools such as Wireshark, ELK & Splunk
  • Actionable SIEM searches
  • Event & Log correlation
  • Event analysis
  • Process analysis and anomaly detection
  • Understanding and detection of any stage of the “Cyber Kill Chain” (Information Gathering, Scanning, Exploitation, Post-exploitation)

The exam

The candidate will be provided with a real-world engagement within the renowned Hera Lab: the virtual labs in VPN powered by cutting-edge virtualization technology where thousands of security professionals worldwide already practice different kinds of network defense techniques to protect real-world networks. Once valid credentials have been provided for the certification platform, the candidate will be able to perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam.

eLearnSecurity's eCIR is the only certification for Incident Responders that evaluates your abilities at using cutting-edge Incident Response techniques, inside a fully featured and real-world environment.

Go to top of page