The Certified Ethical Hacker (CEH) certification is a globally recognized credential in the cybersecurity field that can open doors to a number of career opportunities.
The CEH certification offers in-depth knowledge of the current hacking landscape, including the latest techniques, tools, and methodologies used by cybercriminals.
The certification is hands-on, focusing on practical applications that can be directly utilized in real-world situations, not just theoretical understanding.
Pursuing a CEH certification can help you advance in your cybersecurity career and often leads to a higher salary potential.
Furthermore, it ensures you stay updated with the fast-evolving cybersecurity threats and countermeasures.
For those interested in regulatory compliance, CEH is even listed as an approved certification by some organizations, like the Department of Defense.
The EC-Council organization certifies professionals in various e-business and security skills and knowledge. Their stated mission is
“to validate information security professionals who are equipped with the necessary skills and knowledge required in a specialized information security domain that will help them avert a cyber conflict, should the need ever arise.”
What is the Certified Ethical Hacker certification?
CEH stands for Certified Ethical Hacker, and it is arguably the best known of all the available EC-Council certifications.
It was designed to indicate that the holder understands how to look for weaknesses and vulnerabilities in computer systems and is proficient with the tools used by a malicious hacker.
Employing cybersecurity professionals who have the knowledge required to deploy adversarial hackers’ tools and methods is extremely valuable to any security team.
Intimate knowledge of the offensive strategies likely to be used against their systems is critical to building an adequate defense.
By overwhelming support and acceptance of the CEH certification, the security industry has signaled its need to have a reliable way to recognize individuals with these skills.
Holding a CEH certification indicates the holder has acquired essential skills required to work in the following roles, among others:
- Security Analyst
- Computer Forensics Analyst
- Security Specialist
- Penetration Tester
- Security Engineer
- Security Code Auditor
- Malware Analyst
- Security Consultant
Industry acceptance of the CEH has reinforced the idea that ethical hacking is not just a useful ability but a respectable profession. Acceptance has provided legitimacy to the subset of computer and network skills once pursued only by malicious actors.
What are the CEH exam requirements?
CEH certification applications are evaluated to meet one of three categories. A candidate must meet one of the following criteria to be eligible to take the examination:
Suppose the candidate is under the age of 18. In that case, the candidate is not eligible to attend an official training course or attempt the certification exam unless they provide written consent from their parent or legal guardian and a supporting letter from their nationally accredited institution of higher learning.
CEH certification requirements are less stringent than many other popular cybersecurity professional certifications. For this reason, the CEH is often considered an entry-level certification but is undoubtedly a must-have for anyone seeking work with offensive characteristics.
How much does obtaining a CEH certification cost?
Any professional certification’s overall cost will vary depending on the level of experience and previous training a candidate brings to the process. In addition to the application fee, exam fee, and training course costs, independent study materials are likely to be purchased, and the cost of maintaining the certification to be considered.
There is a $100 non-refundable application fee for all exam applicants.
The application approval process typically takes five to ten working days after the EC-Council receives all required information. Once the application is approved, a candidate must purchase an exam voucher from the EC-Council Online Store or an authorized training partner.
EC-Council does not set a minimum exam voucher price for its authorized partners; however, a voucher costs $1,199.00 from the EC-Council Store.
Lastly, training from the EC-Council or a training partner is a good idea.
Often the cost of the exam voucher is included in the price of the CEH course. Suppose the candidate applied for the exam using their work experience as the qualifying factor, and they choose not to take an official EC-Council training course. In that case, they can immediately schedule their exam after approval.
While candidates learn about controls and countermeasures, they are also taught how to bypass and defeat these defenses. The base CEH online instructor-led training course package is $1,899.00. It includes one year of access to training modules, courseware, iLabs, and an exam voucher.
The EC-Council Certified Ethical Hacker Live Course is $2,999. Check with EC-Council for the availability of the Live Course during the Coronavirus pandemic.
CEH certification is maintained by earning 120 Continuing Professional Education (CPE) credits within three years.
The credits can be achieved in many ways, including attending conferences, writing research papers, teaching training classes in a related domain, reading materials on related subject matters, and attending webinars. In most cases, the acquisition of CPE credits will cost several hundred dollars each year.
The question that candidates must ask themselves when considering any professional certification is, “will it be worth it in the end?” For the CEH, the answer is most commonly a resounding “yes.”
This favorable ROI is particularly true for candidates who desire to work in roles that require an understanding of offensive methodologies to help bolster their organization’s defensive posture.
Ethical hacker bootcamp options
CEH Bootcamps are intensive training programs that prepare you for the CEH exam, which is currently in its 11th version (CEH v11).
What you’ll learn
CEH Bootcamps cover a comprehensive curriculum aligned with the EC-Council’s CEH exam domain. The course outline includes modules like Introduction to ethical hacking, scanning networks, social engineering, and cryptography, among others. These bootcamps are not designed to make you an expert but to provide you with enough knowledge to pass the CEH exam.
Time commitment and format
The duration of a CEH Bootcamp can vary, ranging from five days to sixteen weeks, depending on the provider. They are offered in multiple formats: on-site, online instructor-led, and online self-paced. The training days are usually long, often running from 9 AM to 5 PM.
Networking and employment rates
CEH Bootcamps also provide excellent networking opportunities, as they attract professionals from around the globe. Most graduates find employment within six months, with some bootcamps reporting employment rates as high as 72-83 percent within three months.
Cost and additional perks
The cost of attending an ethical hacker bootcamp can range from $850 to $5,000, depending on the provider and the format. Many bootcamps offer additional perks like EC-Council official courseware, exam vouchers, and even post-class review sessions.
Prerequisites and post-bootcamp steps
To take the CEH exam, you need at least two years of work experience in the information security domain, although this requirement can be waived if you attend official training. The CEH exam consists of 125 multiple-choice questions to be completed in 4 hours. After passing the exam, you’ll need to earn 120 EC-Council Continued Education (ECE) credits within three years to maintain your certification.
Deep dive into CEH exam
The CEH exam is a 125-question multiple-choice exam. Candidates have four hours to complete the CEH exam. Since all questions are multiple-choice, test-takers rarely run out of time during the exam.
Many candidates report needing only two to three hours to complete this test.
EC-Council uses several different exam forms. An exam form is a bank of questions administered as a version of the test.
EC-Council uses a process of rating each question to ensure that each of their multiple exam forms reflects an equal assessment of the test taker’s knowledge.
Post exam reports indicate that topics covered include hacking methodologies, scanning methodologies, port scan types, and expected return responses.
Knowing how to work with tools such as Nmap, Wireshark, Snort, OpenSSL, Netstat, and Hping is reported as being useful for test-takers.
People that have taken the exam invariably report that the exam is challenging and that adequate study before sitting for the exam is necessary—many people study for months in preparation for the CEH exam.
Successful candidates often report that a measured study program that consists of a few hours each day over a long period of time is helpful. There are many practice tests available online.
When taking the exam at a physical testing center, the exam will be proctored by authorized personnel at the testing center. Exams can be taken at Pearson VUE testing centers. EC-Council has Pearson VUE test centers located within many of their Accredited Training Centers.
A CEH exam passing score can range from 60 percent to 85 percent depending on which exam form, or bank of questions, is administered for that specific exam. Because the difficulty of any bank of questions will vary, so will the corresponding passing score.
CEH salary information
Because the CEH certification applies to a wide variety of security roles across many organizational types, the average salary will also vary. To be sure, obtaining this certification will qualify a candidate for advancement to higher-paying positions or entitle them to additional pay in their current role.
With the high demand for experienced cybersecurity professionals in the market today, obtaining a CEH will open doors for entry and mid-level positions. As a security professional’s career develops, there are additional professional certifications that should be considered. Read more about how to choose the best cybersecurity certifications here.
According to the job site Indeed, the average salary for cybersecurity professionals in roles that often require or compensate for CEH certification are as follows:
The US Bureau of Labor Statistics indicates that the job outlook for Information Security Analysts is expected to grow 31 percent, 2019 to 2029. This anticipated increase is much faster than the average rate of job growth.
Frequently asked questions about CEH certs
The CEH certification is a globally recognized credential that validates your knowledge and skills in ethical hacking. It’s administered by the EC-Council and focuses on hacking techniques and technologies from an offensive perspective.
The EC-Council requires candidates to have at least two years of work experience in the Information Security domain and should be able to provide proof of this experience. Alternatively, you can attend the official training provided by the EC-Council or its accredited training centers.
The CEH exam covers a wide range of topics including intrusion detection, policy creation, social engineering, DDoS attacks, buffer overflows, virus creation, and more. It’s designed to test your understanding of how to think and act like a hacker to better protect systems against them.
The CEH certification is valid for three years. To maintain your certification, you must earn 120 Continuing Education Credits (ECE) within this period.
CEH certification can open doors to a variety of cybersecurity roles, including penetration tester, security consultant, security analyst, or information security officer. It’s respected by many organizations globally, and often preferred or even required for certain job roles.
Conclusion
For security professionals desiring to indicate to their current or future employer that they possess the knowledge and skills required to think like an adversary, the CEH is likely the best choice for professional certification. For many, it is only one stepping stone toward their “top of the industry” goal, but a crucial step, not to be missed.
Holding a CEH will set a cybersecurity professional apart from the crowd as someone with abilities beyond just following established processes. Instead, they are someone that can think creatively about how to stay one step ahead of an adversary.