If you’ve ever considered a career in ethical hacking, you’ve likely come across the CEH — Certified Ethical Hacker certification. It’s one of many available cybersecurity certifications, but is it worth it? Is it required? And if so, what are the benefits? Let’s explore those questions (and more) in this blog post.
What is an Ethical Hacker?
An ethical hacker is someone who essentially breaks into a computer system or network to uncover security vulnerabilities and weaknesses. Also known as “white hats,” ethical hackers are paid handsomely by organizations to try to break into particular systems, a practice that yields valuable insight into how to enhance security. As the EC-Council says on its website, “to beat a hacker, you need to think like one!”
What is the Certified Ethical Hacker Certification?
The Certified Ethical Hacker (CEH) is an extremely popular and widely recognized cybersecurity certification issued by the EC-Council, also known as International Council of E-Commerce Consultants, which provides the following explanation:
“A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.”
The EC-Council offers two different CEH certifications: The CEH (Practical) and the CEH (ANSI). Here are the main differences:
- CEH (ANSI): This is the 4-hour, 125-question multiple choice exam that’s certified by the American National Standards Institute.
- CEH (Practical): This is a 6-hour exam that requires candidates to “demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, web app hacking, etc. to solve a security audit challenge.” As the EC-Council explains: “This is the next step to become a CEH Master after you have achieved your CEH certification.”
According to the EC-Council, “CEH Masters have shown proficiency at a master level in the knowledge, skills and abilities of ethical hacking.”
The EC-Council offers other certifications, including Chief Information Security Officer, Computer Hacking Forensic Investigator, Certified Network Defender, Certified Cloud Security Engineer and more.
What are the CEH ANSI Exam Requirements?
The EC-Council outlines the following requirements for the CEH ANSI exam. A candidate must either:
- Hold a CEH certification of version 1 to 7. According to EC-Council: “Prior to being ANSI accredited, EC-Council’s certifications were named based on versions — CEHV1, CEHV2, etc. During that time candidates that attempted the certification exams were vetted for eligibility. In order to avoid “being double billed”, the EC-Council Certification department shall issue a waiver of the application fee of any candidate that has a CEH V1- CEH V7 certification and wishes to attempt the CEH ANSI certification.”
- Or have a minimum of 2 years of professional work experience in the information security domain (a $100 application fee is required)
- Or have attended an official EC-Council training (a $100 application fee is required but your training fee is included in this)
Note: The application fee is non-refundable.
How Much Does the CEH Exam Cost?
The cost will depend on whether you bundle the exam with a training program. We found varying price ranges, but these figures are a good place to start:
- QuickStart: The CEH ANSI exam costs $1,199 and $450 for a retake. This doesn’t include the $100 application.
- Hackernoon: Base costs for CEH with EC-Council-approved training can range from $850 to $2,999. The CEH exam fee is $1,199 with a cost of $100 for CEH remote proctoring. The total cost including training can range from $2,149 to $4,298.
- EC-Council: The CEH ECC Exam Center Voucher is $950. The CEH (Practical) is $550.
How Can You Prepare for the CEH Exam?
Once your application is approved, you can purchase an exam voucher from the EC-Council or another authorized training channel. You have three months to take the exam from the time your application is approved.
The EC-Council offers an official training program. You can also select another type of training method or study for the exam on your own. The EC-Council also offers CEH exam preparation for $149, which includes one year of access to the simulated and progressive assessment.
Other companies also offer similar methods of training. For example, Koenig Solutions has a 40-hour Ethical Hacking Certification Training Course for $2,750 (exam included).
Edusum also offers these tips for CEH exam preparation:
- Study with the CEH exam blueprint
- Take CEH practice exams
- Familiarize yourself with the exam and use study guides
- Become involved in the CEH community; participate in CEH forums
- Review the CEH Exam Syllabus
What Jobs Can You Get With a CEH Certification?
The short answer — many! And in some cases, certain positions may require a CEH certification. Here are some of the most popular jobs:
- Ethical Hacker: This position, which we explained earlier in this post, will typically require a CEH certification. The EC-Council also suggests that aspiring hackers be proficient in multiple coding languages such as Python, SQL, PHP, Java, C and C++.
- Security Consultant: This person typically assesses the security and risk of a business or organization and ultimately provides solutions and recommendations on safety measures and protection.
- Cybersecurity Analyst: This type of analyst plans and implements security measures to protect the computer networks and systems of a company or organization.
- Cybersecurity Specialist: Often called information (IT) security specialists or network security specialists, these professionals play a central role in securing the information systems of businesses and other organizations.
- Cybersecurity Consultant: These are typically independent contractors who are employed by companies across all industries to safeguard systems, networks and valuable data.
- Security Engineer: People in these positions often test and screen security software for vulnerabilities or breaches. Other responsibilities may include developing security standards, creating ways to solve ongoing security issues, recommending security changes or enhancements or installing security software.
- Network Administrator: This position is typically responsible for the daily operations of computer networks.
Salary Information for CEH Certification Holders
Your salary will depend on many factors, including the position itself, job responsibilities, your experience vs. the skills and experience needed, and the geographic location.
According to Infosec Institute, the average salary for a Certified Ethical Hacker is $83,591 with a range of $45,000 to $129,000*.
Here are some other salaries to keep in mind:
- Penetration Tester — $116,323 (national average)
- Penetration & Vulnerability Tester — $101,231
- Ethical Hacker — $102,583 (median)
- Chief Information Security Officer — $228,556
*These salaries are reflective of information available at the time this piece was published.
Is Getting the CEH Worth It?
Whether you choose to obtain the CEH certification will depend on your career goals. If you already work in cybersecurity, you know the importance of certifications. They can carry a lot of weight, and while they won’t land you a job on your own, they can be resume boosters and in some cases are required for employment.
The CEH exam is a worthwhile investment if you’re interested in ethical hacking or a related position.
Career Advice from Ethical Hacking Experts
Here are some helpful tips and words of wisdom about cybersecurity from some of the leaders in the industry.
“Government agencies and business organizations today are in constant need of ethical hackers to combat the growing threat to IT security. A lot of government agencies, professionals and corporations now understand that if you want to protect a system, you cannot do it by just locking your doors.” – Jay Bavisi, CEO of EC-Council
“We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.” – Ginny Rometty, former Chairman, President and CEO of IBM Corp.
Why Consider a Master’s in Cybersecurity
If you’re considering cybersecurity certifications, you should also think about a master’s degree, which will not only provide you with valuable experience but also increase your earning potential and appeal to potential employers.
There are many reasons why a master’s degree is worth the investment. To land some of the best jobs in cybersecurity with the best companies, a master’s degree is often preferred and sometimes required. Whether you’re just getting started or looking to advance your career, a master’s degree can help ensure high pay, job security and expanded career opportunities.
Here are some of the main benefits:
- You’ll develop sought-after technical and industry leadership skills
- You’ll have access to valuable networking opportunities
- You’ll have a competitive edge in the job market
- Your earning potential will increase
Other Comparable Certifications
There are many other cybersecurity certifications in addition to the CEH. The most popular ones include:
- The Certified Information Systems Security Professional (CISSP): If you want to work at the Department of Defense, obtaining your CISSP certification is a requirement. It also carries a lot of weight in other positions, as well, and can open the door to higher level positions and the possibility of increased pay. The CISSP is a globally recognized certification for seasoned professionals with such titles as Security Manager, Security Analyst and Chief Information Security Officer.
- Certified Information Security Manager (CISM): This certification focuses on governance, risk management, compliance and international security measures. It is geared toward managers who design, oversee and assess an enterprise’s information security.
- Certified Information Systems Auditor (CISA): This certification focuses on auditing, controlling, monitoring and assessing information systems. It’s ideal for information system auditors, information security professionals, governance professionals and enterprise leadership.
- Certified in Risk and Information Systems Control (CRISC): The CRISC certification was designed particularly for IT professionals who have hands-on experience with risk identification, assessment and evaluation, risk response, risk monitoring, IS control design and implementation and IS control monitoring and maintenance.
- CompTIA Security+: The CompTIA Security+ is designed for entry-level security professionals. The CompTIA Security+ certification meets the ISO 17024 standard and is approved by the U.S. Department of Defense to fulfill Directive 8570.01-M requirements.
- Certified Cloud Security Professional (CCSP): The CCSP is recommended for professionals who wish to demonstrate their proficiency in cloud computing and data security, including cloud architecture and design and application security considerations.
- GIAC Security Essentials (GSEC): This certification is designed for professionals who want to demonstrate their hands-on aptitude in IT systems and information security tasks. It covers general security best practices and real-world applications.
Ethical Hacking Certification FAQs
Advance Your Ethical Hacking Career with a USD Master’s Degree
If you are considering a career in ethical hacking or looking to advance your career in cybersecurity, consider furthering your education with the University of San Diego — a highly regarded industry thought leader and education provider that offers a 100% online Master of Science in Cyber Security Operations and Leadership. This degree program features practical, cutting-edge curriculum taught by expert instructors who share insights drawn from highly relevant industry experience.