Certified Ethical Hacker (CEH) is an early-career certification for security pros who want to demonstrate that they can assess weaknesses in target systems, using techniques often associated with hackers to help identify vulnerabilities for employers or clients. CEH (sometimes written as C|EH) is probably the most famous certification offered by the International Council of Electronic Commerce Consultants, or EC-Council, a cybersecurity education and training nonprofit founded in the wake of the 9/11 attacks.
There are two levels of CEH certification. You can be CEH-certified after passing a multiple-choice exam covering a broad spectrum of hacking knowledge, and meeting certain experience or training requirements. If you choose to move beyond that, you can then take the CEH Practical exam, which involves penetration testing on simulated systems; if you pass that exam, you will achieve CEH Master status.
Read on for answers to some frequently asked questions about the practical aspects of the exams and the certification process, the ethical hacker role, and why getting a certification like CEH might help your career.
Are ethical hackers in demand?
Let’s start with the term “ethical hacker.” This is a phrase designed to be provocative. While in the very early days of computing hacker was a value-neutral term for a curious and exploratory computer user, today most people use the word to describe bad guys who try to break into systems where they don’t belong for fun or (usually) profit. An ethical hacker is someone who uses those hacking skills—the ability to find bugs in code or weaknesses in cyber defenses—for good, rather than for evil, tipping the potential victims off and using the insights gained to implement improved security measures.
In some ways, the term “ethical hacker” arises from a milieu where many “black hat” bad guy hackers do in fact switch sides and become good guys and defenders rather than attackers. But it’s also just a sexy term for a discipline that goes by other, more boring names like “penetration testing” or “offensive security research.” You might also hear the term “red team” used—in large-scale penetration testing exercises, the red team plays the role of the attackers, while the blue team makes up the defenders. Still, whatever you call it, it’s a job that’s in demand: more and more companies are recognizing the business case for having in-house hackers probing their defenses for weakness, or using bug bounties to encourage freelance ethical hackers to find problems they may have missed.
Is Certified Ethical Hacker worth it?
But even if ethical hackers are in demand, does that mean that the CEH certification in particular is a boon to your career? This is the question that looms over every certification to one degree or another, and anyone who says they can prove a direct correlation between getting a cert and career success is trying to sell you something (a certification, probably).
That said, if you can afford the costs associated with CEH, the general consensus is that will probably help your job search and career trajectory, even if it isn’t a guarantee of success. If you’re looking for an ethical hacking/pen testing gig—or, perhaps more likely, a security analyst job in which penetration testing will be part of your duties—CEH is one of the best-known certifications out there, so it will catch the eye of any hiring manager looking for certs. In particular, in a professional realm where there is a bit of disrepute hanging around the word “hacker” and some of the people who use it to describe themselves, the EC-Council’s code of ethics, adherence to which is a requirement of certification, may be reassuring to some.
What jobs can I get with CEH certification?
The EC-Council lists the following job titles as good matches for a CEH certification:
- Information security analyst/administrator
- Information assurance security officer
- Information security manager/specialist
- Information systems security engineer/manager
- Information security professionals/officers
- Information security/IT auditors
- Risk/threat/vulnerability analyst
- System administrators
- Network administrators and engineers
This is, of course, over and above jobs that actually have “ethical hacker” or “penetration testing” or the like in their title, which are more glamorous but also rarer. In practice, even network and security admins and analysts who don’t do full-time penetration testing can benefit from a CEH credential, as they may find it helpful to assess the security of their organization’s infrastructure through a hacker’s eyes.
What salary can I expect with CEH certification?
Again, it’s difficult to show a direct correlation between an individual getting a CEH certification and getting a raise. But it’s clear that many of the jobs associated with CEH holders pay well. As of 2021, ZipRecruiter pegs the average U.S. salary of an ethical hacker at nearly $120,000 a year.
But what about the certification itself? The InfoSec institute estimates an average salary for CEH holders of $83,591, with most holders earning in the band between $45K and $129K. Paysacle.com comes to a similar conclusion: A median of about $83K, with 90% of people earning between $49K and $128K. Keep in mind that all these sites are opaque about how they come up with their numbers, but this should give you a sense of the lay of the land, if nothing else.
How long does it take to become a CEH?
Only those over 18 can become CEH certified (apologies to genius underage high school kids everywhere). Assuming you’ve reached that age, in order to take the Certified Ethical Hacker exam, you need to fulfill one of two prerequisites: You could qualify by proving that you have at least two years of experience working as a professional in infosec (there’s a nonrefundable $100 application fee, and you’ll need to supply references who the EC-Council can contact.) Or you can leapfrog the experience requirement if you take an EC-Council-approved CEH training course.
What CEH courses and training are available?
Scroll to the bottom of this page and click on the “training options” tag to see the variety of training options available to you to help you meet your CEH prerequisites. You can take self-study or live online courses, a more in-depth in-person master class, or work with EC-Council training partners who can provide in-person courses in either a corporate or an academic context. Your application fee will be rolled into the price of these courses (more on which in a moment).
Looking to take your exam prep beyond the official training material from the EC-Council? There are number of books and study guides available. Two favorites are the CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker and the CEH v11 Certified Ethical Hacker Study Guide by Ric Messier.
Do you want to test your knowledge before you take the test? GoCertify has over 50 CEH practice quizzes you can take.
How long is the CEH exam and what does it cover?
Once your application has been approved, you can move on to the CEH exam; you’ll sometimes see it referred to as the CEH ANSI exam, as it’s been accredited by the American National Standards Institute. You can take the exam either in person (at a Pearson VUE testing center) or online remotely, though you’ll have to agree (and pay) to be proctored via your webcam. You have four hours to take the exam, and it consists of 125 multiple choice questions covering the following domains, or topic areas:
- Information security and ethical hacking overview
- Reconnaissance techniques
- System hacking phases and attack techniques
- Network and perimeter hacking
- Web application hacking
- Wireless network hacking
- Mobile platform, IoT, and OT hacking
- Cloud computing
You can find more in-depth details on the topics covered in the EC-Council’s CEH Exam Blueprint.
Once you’ve passed this exam and fulfilled the rest of the CEH requirements, you may want to advance to the next level: achieving CEH Master status. To do this, you need to take the CEH Practical exam, which lasts six hours and involves 20 challenges on a live network of virtual machines. This exam is taken in the EC-Council’s iLabs Cyber Range, a virtualized environment you can access from home in your browser. Techniques that the CEH Practical exam will test you on include:
- Port scanning tools (e.g., nmap, hping)
- Vulnerability detection
- Attacks on a system (e.g., DoS, DDoS, session hijacking, webserver and web application attacks, SQL injection, wireless threats)
- SQL injection methodology and evasion techniques
- Web application security tools (e.g., Acunetix WVS)
- SQL injection detection tools (e.g., IBM Security AppScan)
- Communication protocols
How much does CEH cost?
This question of how much the CEH certification costs is surprisingly complex to answer. Beyond the $100 application fee, you also need to buy an exam voucher, which costs $950 at minimum; however, if you’re taking the exam online, things get pricier, in part because you need to pay $100 for an individual proctor to monitor you during the test. Then, of course, there are the costs of the various official training options, which, while not necessary for candidates with at least two years of industry experience, can add substantially to the overall price tag. QuickStart breaks down the potential cost range if you want the details, but you could pay as little as $1,050 if you don’t take any training courses and study entirely on your own, or as much as $4,298 if you go for a full-on training bootcamp.
If you want to go for your CEH Master certification, the Practical exam is another $550.
How do I verify my CEH certification?
Finally, are you looking to verify your certification for a current or potential employer—or just for bragging rights? The EC-Council makes it easy: just enter your information here. Hopefully your boss will be as impressed by your credential as they should be!
Copyright © 2021 IDG Communications, Inc.