Certified Ethical Hacker (CEH)
The Certified Ethical Hacker (CEH) teaches and validates the offensive security mindset — how attackers think and operate — so you can defend systems as a penetration tester or security analyst.
What Is This Certification?
CEH covers reconnaissance, scanning, enumeration, system hacking, malware, social engineering, and web app attacks from the attacker's perspective. It is a widely recognized entry into penetration testing and is DoD 8570 approved.
Eligibility & Requirements
Two paths: 2 years of info-security work experience, OR complete an official EC-Council training. No degree required.
Exam Format & Structure
125 multiple-choice questions, 4 hours, delivered via ECC Exam Center or Pearson VUE (with proctor).
Cost & Fees
$1,199 USD (includes training voucher option) or $950 exam-only with eligibility proof.
Validity & Renewal
Valid 3 years. Earn 120 EC-Council ECE credits (or retake) to renew.
Salary & Career Outlook
Ethical hackers / penetration testers commonly earn $90,000–$130,000; senior roles exceed $150,000.
Compare Certified Ethical Hacker (CEH)
See how this certification stacks up against others:
Top Training Providers & Resources
- EC-Council Official Training
- Cybrary
- INE
- TCM Security (practical alternative)
Is Certified Ethical Hacker (CEH) Worth It?
The CEH is worth it if you want a recognizable, DoD 8570-approved entry point into penetration testing and your employer values the EC-Council brand — it opens security-analyst and pentester roles with U.S. pay commonly $90k–$130k. It is less worth it if you want pure hands-on credibility on a budget, where OSCP or CTF-based certs signal more. The trade-off: CEH is theory-and-tooling based rather than a full practical exam, so pair it with lab time. For compliance-driven or government-adjacent security jobs, CEH's approval status makes it a safe, expected choice.
How to Prepare
Prep 4–8 weeks. 1) Study the official EC-Council CEH v12 domains and the 'attack steps' framework. 2) Build a home lab (Kali Linux, vulnerable VMs like Metasploitable) to practice recon, scanning (Nmap), and exploitation safely. 3) Use a platform like TryHackMe or HackTheBox for guided hands-on. 4) Memorize common tools (Wireshark, Nmap, Metasploit, SQLmap) and their flags. 5) Take practice exams; the real test is 125 questions in 4 hours. Consider the CEH Practical add-on to prove hands-on skill.
How to Get Certified Ethical Hacker (CEH) Certified
- Confirm eligibility: 2 years security experience OR official EC-Council training.
- Download the CEH exam blueprint from EC-Council and map it to a study plan.
- Complete official training or a reputable course; set a weekly schedule.
- Practice offensive techniques in a legal home lab until they're routine.
- Take full-length practice exams and target a steady pass-rate. Exam format: 125 questions, 4 hours, ECC Exam Center or proctored Pearson VUE.
- Book the exam ($950–$1,199) at a test center or remote proctor, then sit and pass it.
- Receive your credential from EC-Council and add it to your resume, LinkedIn, and this profile.
- Track renewal: Valid 3 years — earn 120 ECE credits or retake.
Career Paths & Job Titles
- Penetration Tester
- Security Analyst
- Threat Hunter
- Cybersecurity Consultant
- Incident Responder
Skills You'll Gain
- Reconnaissance and footprinting
- Network scanning and enumeration
- System and web-app hacking techniques
- Malware and social-engineering awareness
- Defensive countermeasures
Who Should Get This Certification?
aspiring penetration testers and security analysts wanting a recognized offensive-security credential
Good fit if…
- You want a credentialed, DoD-approved proof of security skill.
- The cert is required or preferred for pentester/analyst roles you're targeting.
- You learn well from structured study + labs.
- You're interested in the attacker mindset to improve defense.
Maybe skip if…
- You need pure hands-on proof on a tight budget — consider OSCP instead.
- Offensive security isn't your career goal.
- You can't meet eligibility or renewal credit requirements.
Frequently Asked Questions
Is the CEH worth it?
It is worth it if you want a recognizable, DoD-approved entry into pentesting and your employer values the brand. Many practitioners also pair it with hands-on certs like OSCP for credibility.
How hard is the CEH exam?
Moderate. It is knowledge-based (theory + tooling) rather than fully hands-on. Most candidates pass with 4–8 weeks of study.
What is the CEH and who is it for?
It is offered by EC-Council. It teaches the attacker mindset to defend systems as a penetration tester or security analyst. It is aimed at those with 2 years of security experience (or official training).
How much does the exam cost?
The exam costs $950 exam-only (with eligibility) up to ~$1,199 with training. Budget for prep materials separately.
How long is it valid, and how do I renew?
Valid 3 years. Earn 120 EC-Council ECE credits through continued learning, or retake the exam.
What does the exam format look like?
125 multiple-choice questions, 4 hours, ECC Exam Center or proctored Pearson VUE. Pace yourself across the long window.
Am I eligible?
Eligibility: 2 years of info-security experience OR official EC-Council training. Review EC-Council's eligibility policy before applying.
How long should I study?
Most candidates prepare over 4–8 weeks. Use official material plus a hands-on lab platform to reinforce tooling.
What is the salary outlook?
Pentesters commonly earn $90,000–$130,000; senior and specialized roles exceed $150,000.
Which comes after CEH?
Many pursue the EC-Council CEH Practical, OSCP (OffSec), or CISSP for broader security leadership credibility.
Can I take it online?
Yes — EC-Council offers remote proctoring with strict environment and ID checks.
Do I need hands-on experience?
Helpful but not mandatory; the exam is theory-heavy. Pair it with labs (e.g., TryHackMe, HackTheBox) to build real skill.