SHFT

The world's directory of professional certifications

Advertisement

Certified Ethical Hacker (CEH)

Provider: EC-Council · Level: Mid-level · Category: IT & Technology

The Certified Ethical Hacker (CEH) teaches and validates the offensive security mindset — how attackers think and operate — so you can defend systems as a penetration tester or security analyst.

Advertisement
ProviderEC-Council
LevelMid-level
EligibilityTwo paths: 2 years of info-security work experience, OR complete an official EC-Council training. No degree required.
Exam Format125 multiple-choice questions, 4 hours, delivered via ECC Exam Center or Pearson VUE (with proctor).
Cost$1,199 USD (includes training voucher option) or $950 exam-only with eligibility proof.
ValidityValid 3 years. Earn 120 EC-Council ECE credits (or retake) to renew.
Salary OutlookEthical hackers / penetration testers commonly earn $90,000–$130,000; senior roles exceed $150,000.

What Is This Certification?

CEH covers reconnaissance, scanning, enumeration, system hacking, malware, social engineering, and web app attacks from the attacker's perspective. It is a widely recognized entry into penetration testing and is DoD 8570 approved.

Eligibility & Requirements

Two paths: 2 years of info-security work experience, OR complete an official EC-Council training. No degree required.

Exam Format & Structure

125 multiple-choice questions, 4 hours, delivered via ECC Exam Center or Pearson VUE (with proctor).

Cost & Fees

$1,199 USD (includes training voucher option) or $950 exam-only with eligibility proof.

Validity & Renewal

Valid 3 years. Earn 120 EC-Council ECE credits (or retake) to renew.

Salary & Career Outlook

Ethical hackers / penetration testers commonly earn $90,000–$130,000; senior roles exceed $150,000.

Advertisement

Compare Certified Ethical Hacker (CEH)

See how this certification stacks up against others:

Top Training Providers & Resources

Is Certified Ethical Hacker (CEH) Worth It?

The CEH is worth it if you want a recognizable, DoD 8570-approved entry point into penetration testing and your employer values the EC-Council brand — it opens security-analyst and pentester roles with U.S. pay commonly $90k–$130k. It is less worth it if you want pure hands-on credibility on a budget, where OSCP or CTF-based certs signal more. The trade-off: CEH is theory-and-tooling based rather than a full practical exam, so pair it with lab time. For compliance-driven or government-adjacent security jobs, CEH's approval status makes it a safe, expected choice.

How to Prepare

Prep 4–8 weeks. 1) Study the official EC-Council CEH v12 domains and the 'attack steps' framework. 2) Build a home lab (Kali Linux, vulnerable VMs like Metasploitable) to practice recon, scanning (Nmap), and exploitation safely. 3) Use a platform like TryHackMe or HackTheBox for guided hands-on. 4) Memorize common tools (Wireshark, Nmap, Metasploit, SQLmap) and their flags. 5) Take practice exams; the real test is 125 questions in 4 hours. Consider the CEH Practical add-on to prove hands-on skill.

How to Get Certified Ethical Hacker (CEH) Certified

  1. Confirm eligibility: 2 years security experience OR official EC-Council training.
  2. Download the CEH exam blueprint from EC-Council and map it to a study plan.
  3. Complete official training or a reputable course; set a weekly schedule.
  4. Practice offensive techniques in a legal home lab until they're routine.
  5. Take full-length practice exams and target a steady pass-rate. Exam format: 125 questions, 4 hours, ECC Exam Center or proctored Pearson VUE.
  6. Book the exam ($950–$1,199) at a test center or remote proctor, then sit and pass it.
  7. Receive your credential from EC-Council and add it to your resume, LinkedIn, and this profile.
  8. Track renewal: Valid 3 years — earn 120 ECE credits or retake.

Career Paths & Job Titles

Skills You'll Gain

Who Should Get This Certification?

aspiring penetration testers and security analysts wanting a recognized offensive-security credential

Good fit if…

Maybe skip if…

Frequently Asked Questions

Is the CEH worth it?

It is worth it if you want a recognizable, DoD-approved entry into pentesting and your employer values the brand. Many practitioners also pair it with hands-on certs like OSCP for credibility.

How hard is the CEH exam?

Moderate. It is knowledge-based (theory + tooling) rather than fully hands-on. Most candidates pass with 4–8 weeks of study.

What is the CEH and who is it for?

It is offered by EC-Council. It teaches the attacker mindset to defend systems as a penetration tester or security analyst. It is aimed at those with 2 years of security experience (or official training).

How much does the exam cost?

The exam costs $950 exam-only (with eligibility) up to ~$1,199 with training. Budget for prep materials separately.

How long is it valid, and how do I renew?

Valid 3 years. Earn 120 EC-Council ECE credits through continued learning, or retake the exam.

What does the exam format look like?

125 multiple-choice questions, 4 hours, ECC Exam Center or proctored Pearson VUE. Pace yourself across the long window.

Am I eligible?

Eligibility: 2 years of info-security experience OR official EC-Council training. Review EC-Council's eligibility policy before applying.

How long should I study?

Most candidates prepare over 4–8 weeks. Use official material plus a hands-on lab platform to reinforce tooling.

What is the salary outlook?

Pentesters commonly earn $90,000–$130,000; senior and specialized roles exceed $150,000.

Which comes after CEH?

Many pursue the EC-Council CEH Practical, OSCP (OffSec), or CISSP for broader security leadership credibility.

Can I take it online?

Yes — EC-Council offers remote proctoring with strict environment and ID checks.

Do I need hands-on experience?

Helpful but not mandatory; the exam is theory-heavy. Pair it with labs (e.g., TryHackMe, HackTheBox) to build real skill.

Related Certifications

Advertisement