Let’s get started by talking about why the Certified Ethical Hacker should be your first penetration testing certification.
What does it mean to be a Certified Ethical Hacker?
The CEH, or Certified Ethical Hacker, certification is an EC-Council certification exam that focuses on penetration testing. It is not the lowest level certification offered by the EC-Council, but it is the lowest level certification that focuses primarily on penetration testing. The CEH is intended to certify “individuals in the unique network security discipline of Ethical Hacking from a vendor-neutral perspective,” according to EC-Council.
Certified Ethical Hacker Exam Details
Key skill areas of the CEH
EC-Council lists the five phases of ethical hacking as key areas for the exam. You’ll also be required to know hacking tools common to the industry.
What additional certifications does EC-Council provide?
EC-Council offers a variety of different IT and cybersecurity certifications, but none are as well-known as CEH. CND, or Certified Network Defender, is a lower-level certification that is a suggested prerequisite, and LPT, or Licensed Penetration Tester, is a more advanced certification that follows the CEH.
For whom is the CEH designed?
“Ethical hackers, System Administrators, Network Administrators and Engineers, Web managers, Auditors, Security Professionals in general,” according to EC-target Council’s market list for the CEH certification. Although it would be a stretch to say that the CEH is meant for all of these job categories, some will undoubtedly benefit from the certification, most notably security professionals and ethical hackers who work in security on a regular basis.
Is it a good idea for me to take the CEH?
If you are an aspiring or existing ethical hacker or penetration tester, or if you are or will be working in a domain within IT or cybersecurity that is focused on system security, the Certified Ethical Hacker certification is an excellent choice. Even defensive professionals like cybersecurity analysts and incident responders will benefit from adding a penetration testing certification to their resume. If you fit into one of these groups, you should compare the CEH to other penetration testing certificates like CompTIA’s PenTest+ or Offensive Security’s OSCP. The distinctions between the CEH and PenTest+ are discussed here, as well as the CEH and OSCP. Many cybersecurity specialists have observed online that, regardless of the CEH certification’s validity, it is a credential that is frequently acknowledged by HR departments, recruiters, and hiring managers. In certain circumstances, it’s reasonable to presume that these recruiting decision-makers are unaware of what a certification entails, but I believe that the phrase “Certified Ethical Hacker” is attractive enough to pique their interest. Over the years, I’ve spoken with countless CEH holders who got the certification only because it is a term that HR managers recognise and remember.
What kind of experience do you need to take the CEH?
The Certified Ethical Hacker credential has two possibilities, according to EC-Council: complete training before taking the exam or take the exam right away. The EC-Council approved training costs roughly $850 and is available from both approved vendors and EC-Council directly. The benefit of completing the training is that you will be trained directly for this certification exam by the same people who wrote it, and you will be eligible to sit for the exam without having to go through the application process or pay the $100 application fee, which is included in your course cost. If you want to skip the official training and go straight to the exam, you must fill out an application and pay the $100 cost. Those who continue straight to the exam must have two years of verified experience in the InfoSec domain. This is a key factor to keep in mind: if you have no prior experience in the subject, you will need to attend training. Only those who have worked in the sector for at least two years and can prove it are eligible to bypass the training course.
How much does the CEH cost?
The exam ticket for the Certified Ethical Hacker costs $1,199 and can be completed at any Pearson Vue testing centre. The exam can also be taken remotely through EC-Council for a fee of $950. These charges are in addition to the $100 application fee, and if you choose the training option described above, you’ll have to pay an extra price. Keep in mind that pricing can vary at any time, and some certification providers provide discounts to members of the military, students, or other groups, or offer discounts at specific times, so check around to see if you can find a discounted choice.
What is the CEH’s DoD compliance?
The CEH is a DoD 8570-approved certification.
How much time will it take to study for the CEH?
Because everyone’s background and experience differ so widely, there is no set time to prepare for an intermediate-level certification exam like the CEH. In most situations, persons who finish the course will wish to spend at least another 30 days preparing. Even seasoned professionals should devote some time to exam preparation by working through test bank questions and other resources. Because the Certified Ethical Hacker should not be anyone’s first certification exam, they should have the appropriate testing experience to decide their own optimal course of study.
What is the CEH’s format like?
The CEH is a four-hour multiple-choice exam with up to 125 questions that can be taken in person at a Pearson Vue testing location or online through EC-Council. It’s important to note that the CEH exam isn’t hands-on or practical, which means you won’t be required to do any penetration testing operations or tasks. This approach may be beneficial for exam takers who have little experience in the topic but can adequately learn the material.
Is the CEH a difficult exam?
Before preparing to take the CEH, many potential test takers want to know how difficult the exam is. Is the CEH difficult? The Certified Ethical Hacker exam is a difficult intermediate-level certification exam that will be more difficult for most people than lower-level certifications like CompTIA’s Security+. Many experienced test takers who have finished many tests, however, indicate that the CompTIA PenTest+ is at least as demanding as the CEH, and that the hands-on OSCP, or Offensive Security Certified Professional credential, is significantly more difficult. Any skilled cybersecurity certification test taker with at least a few years of expertise in the area should be able to pass the CEH.
How long does the CEH last?
The Certified Ethical Hacker credential is valid for three years from the date of exam completion; however, you must acquire and prove 120 CEUs (EC-Council calls these ECE, or electrical and computer engineering credits) during that time. You’ll also have to pay a one-time annual membership fee, regardless of how many certificates you have with them. The current yearly membership price is $80. It’s worth noting that some cyber experts have complained about this certification and its procedure as a “money-grab” by EC-Council, and with charges like an annual fee, it’s easy to see why. As with any certification, each person should conduct their own due diligence and learn about all of the fees connected with preparing for, sitting for, and maintaining a certification, and then decide for themselves whether that sum is a good investment.
Pros of the CEH
I’d like to spend the next few paragraphs discussing what I consider to be the best benefits and drawbacks of the Certified Ethical Hacker certification and exam, particularly when compared to other similar credentials available.
Pro #1: It’s a simple exam
The CEH’s multiple-choice style makes it a simple exam, which means that every test taker will know what to expect before sitting for the exam.
Pro #2: There is a lot of study material to choose from
Finding good quality certification study resources is not a problem because the CEH is so well-known and established.
Pro #3: Pearson Vue has CEH available
There are several advantages to taking an exam at a testing centre. You’re less likely to be burnt by a bad internet connection or broken computer at a testing centre (although it does happen), and if it happens, it’s not your problem or fault. In comparison to the unpredictability of remoting in, I prefer the structured setting of the testing facility.
Pro #4: You Don’t Need to Train to Sit for CEH
Another advantage of the CEH is that it does not require seasoned professionals to first complete a mandatory training course, as some other certifications do. If you’re ready, you can jump right into the exam.
Pro #5: HR departments are aware of you.
For whatever reason, it appears that HR departments and hiring managers are familiar with the CEH moniker, which can help those who get the certification find work. There are certainly tougher certifications available, but if a hiring manager doesn’t recognise it, it won’t be of any use.
Cons of the CEH
Con #1: True Pen Testers Prefer the OSCP
I’ve written about the OSCP and the distinctions between it and the CEH before, but the basic line is that some experienced penetration testers prefer and respect the OSCP over the CEH.
Con #2: CEH Test Dump
The actual CEH exam questions have been leaked onto online forums, according to reports. I haven’t checked this, but if it is, the exam dump weakens the certification for everyone who has it or wants to get it.
Con #3: The PenTest+ is Less Expensive
When CompTIA introduced the PenTest+ a few years ago, it was evident that it was meant to be a less expensive option to the CEH, and exam takers definitely value their money. And in this scenario, passing the CEH exam will cost you hundreds of dollars more.
What kinds of jobs would benefit from CEH certification?
The following professionals, or prospective professionals, are the target market for the Certified Ethical Hacker certification, according to EC-Council.
Professionals that do cybersecurity assessments on technology systems are known as systems auditors. Security Professionals — People who work in fields linked to security or cybersecurity, such as cybersecurity analysts, network security engineers, incident responders, and others. Those that maintain or administer network systems and assets are known as site administrators. Professionals involved in the support and protection of network systems and infrastructure are known as network infrastructure professionals.
Obtaining the CEH certification might also benefit professionals in the following fields.
Penetration testers are those who do offensive or ethical hacking tests on a system or systems. Cybersecurity Consultants – Individuals who work as consultants in the field of cybersecurity.
Isn’t there a CompTIA PenTest+ available?
Many individuals wish to compare the CEH to the CompTIA PenTest+, which we do in this article. The CompTIA PenTest+ is a newer certification option designed to compete with the Certified Ethical Hacker.
What about the OSCP, for example?
The OSCP from Offensive Security is an entirely distinct form of penetration testing exam, making a true comparison to the CEH difficult. If you need more information about the OSCP, check out our article, and if you want to compare the OSCP to the CEH, we’ve got you covered.
Recommendations from Us
You should consider the CEH, PenTest+, and OSCP as suitable penetration testing certifications based on your experience. If you can’t pay the CEH, CompTIA’s PenTest+ is a good alternative. Keep in mind that in addition to credentials like the CEH, becoming a successful penetration tester requires a lot of experience.
Key Points/Conclusion
The CEH is a well-known penetration testing certification that can help you get started as a penetration tester at the basic level. The CEH test has a fairly simple style, with solely multiple-choice questions. The CEH is costly to get and maintain, as it requires extensive training, an application fee, an exam fee, membership fees, and continuing education credits.
The Certified Ethical Hacker Credential is a well-known penetration testing certification that is practically unrivalled in terms of recognition and attainability. It costs more to obtain and maintain than other comparable certificates like the PenTest+ and OSCP, but its widespread availability and well-known name make it worthwhile to consider.