Certifications & Career

CEH: Certified Ethical Hacker

Staff

Staff

3 min read

Reviewed by Fully Compliance editorial team

CEH certifies knowledge of offensive security techniques — reconnaissance, scanning, exploitation, and persistence — through a knowledge-based exam with a 50-60% pass rate. It requires two years of ethical hacking experience or EC-Council's official training course, costs $1,000-$5,000 total, and positions you for penetration testing and vulnerability assessment roles with $10,000-$20,000 salary premiums. For serious red-team work, OSCP is the more rigorous destination.

If you're interested in penetration testing, vulnerability assessment, or the offensive side of security, if you've heard that CEH is the credential for this track, or if you're wondering whether CEH or OSCP is the right choice, you need to understand what CEH actually is. Unlike CISSP or CISM, which are generalist credentials, CEH is specialized — designed for people who want to break systems rather than defend them. It's a narrower track, which means it's either exactly right for your career or not particularly relevant.

CEH stands for Certified Ethical Hacker, created by EC-Council. It focuses entirely on offensive security techniques — the skills and knowledge required to identify vulnerabilities and compromise systems ethically, with authorization.

CEH Is the Entry Point for Offensive Security Careers

EC-Council reports over 60,000 CEH holders globally, and the U.S. Department of Defense recognizes CEH under Directive 8570 for certain information assurance workforce positions. CEH requires at least two years of ethical hacking experience, or completion of EC-Council's official training course. The exam tests hacking methodologies, tools, and techniques — reconnaissance, scanning and enumeration, gaining access, maintaining access, covering tracks, and specialized attack types. The exam is knowledge-based, not hands-on.

The pass rate is roughly 50 to 60 percent. Study time is typically eight to twelve weeks for people with offensive background, longer for others. The exam costs $500 to $1,000.

The critical distinction between CEH and OSCP: CEH is knowledge-based — you answer questions about offensive techniques. OSCP requires you to actually compromise systems during the exam. For practitioners, OSCP is more rigorous because you demonstrate practical skill, not just knowledge. CEH is more accessible because it doesn't require demonstrated hands-on capability during the exam itself.

If you're serious about penetration testing as a long-term career, OSCP builds more credibility. If you're building offensive skills or want a first credential in this space, CEH is a reasonable stepping stone.

CEH holders earn premiums in penetration testing and vulnerability assessment roles — typically $10,000 to $20,000 above non-credentialed peers. The premium is highest in specialized offensive security firms. In general enterprise IT security, the premium is smaller because offensive specialization is less central to the work.

CEH is created by EC-Council, a single vendor — different from CISSP (ISC2) or CISM (ISACA), maintained by industry organizations. EC-Council controls the exam, official training, and renewal requirements. This vendor dependency matters because if you disagree with how EC-Council evolves the credential, you can't go elsewhere.

Budget $500 to $1,000 for the exam, $300 to $1,500 for study materials, and $1,500 to $4,000 for official EC-Council training if you take it. Total out-of-pocket is typically $1,000 to $5,000. Time investment is eight to sixteen weeks.

You're a good candidate for CEH if you have offensive experience or penetration testing background, want a recognized credential, are targeting penetration testing or vulnerability assessment roles, or want a stepping stone to OSCP. Skip CEH if you're early in your career with no offensive background, your goal is broad security leadership (CISSP is stronger), your market expects OSCP for serious penetration testing, or you prefer vendor-neutral certifications.

Frequently Asked Questions

Is CEH recognized by the U.S. Department of Defense?
Yes. CEH meets DoD Directive 8570/8140 requirements for certain Information Assurance Technical (IAT) and Computer Network Defense Service Provider (CND-SP) positions. For government contracting roles in offensive security, CEH is one of the accepted credentials. However, some DoD roles specifically require OSCP or other hands-on certifications.

How does CEH compare to OSCP for hiring managers?
Most hiring managers at specialized penetration testing firms prefer OSCP because it demonstrates practical capability. CEH demonstrates knowledge but not necessarily hands-on skill. For generalist security roles where offensive knowledge is useful but not primary, CEH is sufficient. For dedicated red-team or penetration testing positions, OSCP is the stronger credential.

Can I get CEH without taking the official EC-Council training?
Yes, if you have at least two years of information security experience. You submit an eligibility form documenting your experience, and EC-Council reviews it. If approved, you can take the exam without completing the official training. The training provides structured preparation but is not the only path.

How often does CEH need to be renewed?
CEH requires 120 Continuing Education credits over three years to maintain active status. Credits accumulate through security training, conference attendance, publishing research, and other professional development. The annual maintenance fee is approximately $80. If you let the credential lapse, you need to retake the exam.

Read more