Last week, CRIBB Cyber Security’s Patrick Carolan took the EC-Council Certified Security Analyst (ECSA) v10 theory exam. We’re delighted to say that he passed with an impressive 92%! In ‘CRIBB & ECSA’, we talk to Patrick about this very important accolade and what it means for him and the company moving forwards.

Patrick, congratulations on your latest certification – you must be very happy!

I certainly am. Myself and the rest of the team at theICEway are always searching to improve our knowledge base. Penetration testing – which is what the ECSA certification programme is all about – is a key area for the CRIBB brand.


Please tell us more about ECSA.

ECSA stands for ‘EC-Council Certified Security Analyst’. As I said, it is a certification programme for penetration testing that is highly advanced. In fact, it is more advanced than programmes which allow you to become an ethical hacker.

Please explain about the EC-Council.

Sure, the EC-Council was formed as ‘the International Council of E-Commerce Consultants’ after the 9/11 attack on the World Trade Centre in the USA. The founder, Jay Bavisi, wondered what might happen if a similar attack were enacted on the ‘Cyber battlefield’ and realised that if it were, it could not be prevented. The main objectives of the EC-Council were to create information security training and certification programmes. These were designed to help combat potentially devastating cyber-attacks, starting with ‘Certified Ethical Hacker’.

Since then, they have certified over 200,000 security professionals, including individuals from the FBI, Microsoft, IBM, and the UN.

This is quite an achievement then?

It is but now comes an even trickier, secondary examination, where I will be required to complete a full penetration test under EC-Council restrictions and on a virtual environment, with my findings to then be documented in a professional LPT Penetration Report.

That sounds… fun.

I think it will be, actually!

Nice. Now, back to the ECSA…

Yes, of course. The ECSA penetration testing course is designed to give people a real world, hands-on penetration testing experience. It is a globally accepted hacking and penetration testing class, and it incorporates the testing of application environments, operating systems and modern infrastructures whilst revealing how to correctly document and create a pen test report.

Penetration Testing

Could you tell us a bit more about penetration testing please?

Pen testing, as it is known colloquially, is basically an authorised, simulated cyber-attack on a network, web application or computer system. It is carried out to analyse and evaluate the security of what is being tested; the idea is to go in and identify any potential security issues before they can be exploited by hackers.

How would you say that the ECSA programme compares to the Certified Ethical Hacker course?

This one takes the tools, skills and techniques learned in the CEH and enhances everything, teaching you how to apply them using the EC-Council’s penetration testing methodology. So CEH is one big step but ECSA is –

(Interrupting) One giant leap?

You could say that. It is CRIBB & ECSA, not CRIBB & NASA though.


ECSA – EC-Council Certified Security Analyst certification, a programme for Cyber Security professionals that is based around advanced security techniques and Licensed Penetration Tester methodologies

FBI – Federal Bureau of Investigation, the United States’ domestic intelligence and security service and principal federal law enforcement agency

IBM – International Business Machines Corporation, a multinational technology company from the US with headquarters in New York and operations in more than 170 countries

UN – United Nations, an intergovernmental organisation charged with maintaining international peace and security

Top Tip

With this latest certification, the Penetration Testing services offered by CRIBB Cyber Security are even more robust – give us a call for more information or visit our Services page.