Certified Ethical Hacker (CEH): Certification cost, training, and value

Certified Ethical Hacker (CEH) certification

Certified Ethical Hacker (CEH) is an early-career certification for security pros interested in assessing target systems using techniques often associated with hackers to help identify vulnerabilities for employers or clients. Stylized often as C|EH, CEH isthe most famous certification offered by the International Council of Electronic Commerce Consultants, or EC-Council, a cybersecurity education and training nonprofit founded in the wake of the 9/11 attacks.

CEH offers two levels of certification, CEH and CEH Master. Candidates are CEH-certified after passing a multiple-choice exam covering a broad spectrum of hacking knowledge, and meeting certain experience or training requirements. Candidates are then eligible to take the CEH Practical exam, which involves penetration testing on simulated systems; passing that exam will earn you CEH Master status.

CEH requirements

The Certified Ethical Hacker application process through EC-Council requires candidates have two years of experience in information security if they choose to forego official CEH training prior to the exam. These candidates will be required to provide proof of their work experience through the application process. Those who take official EC-Council training are not constrained by the experience requirement.

CEH candidacy is also subject to age requirements depending on your country of origin/residency. Individuals under the age requirements may have the possibility of receiving consent from a parent or legal guardian to enter official training and take the CEH exam.

CEH cost

How much the CEH certification costs is surprisingly complex. Beyond the $100 application fee, you also need to consider exam voucher and training costs. Official training from EC-Council, which includes the exam voucher, costs:

• CEH On Demand: $2,199
• CEH Unlimited On Demand: $2,999
• CEH Live: $3,499

Digital courseware and tools can also be purchased from EC-Council for $850, with the option to upgrade to a remote proctored exam voucher for an additional $100, meaning that at a minimum taking the exam costs $950.

Additional training options at accredited training centers and approved academic institutions, including bootcamps, vary considerably in cost, and often include exam vouchers. If you have the requisite work experience and choose instead to self-study, exam vouchers can be purchased directly through EC-Council for $1,199 to take at Pearson Vue testing centers.

If you want to go for your CEH Master certification, the Practical exam is another $550. 

CEH training

Scroll to the bottom of this page and click on the “training options” tag to see the variety of training options available to you to help you meet your CEH prerequisites:

• CEH On Demand: 1 video course, CEH exam, labs: $2,199
• CEH Unlimited On Demand: Unlimited video courses, CEH exam, labs: $2,999
• CEH Live: 2 video courses, live instruction, peer interaction, CEH exam, labs: $3,499

You can also work with EC-Council accredited training partners or approved academic institutions that can provide in-person courses in either a corporate or an academic context.

Looking to take your exam prep beyond the official training material from the EC-Council? There are number of books and study guides available. Two favorites are the CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker and the CEH v11 Certified Ethical Hacker Study Guide by Ric Messier.

Do you want to test your knowledge before you take the test? GoCertify has over 50 CEH practice quizzes you can take.

CEH exam

Once your application has been approved, and you’ve completed training if that’s the route you’ve chosen, you can move on to the CEH exam, which is sometimes referred to as the CEH ANSI exam, as it’s been accredited by the American National Standards Institute.

You can take the exam either in person (at a Pearson VUE testing center) or online remotely, though you’ll have to agree (and pay) to be proctored via your webcam. You have four hours to take the exam, and it consists of 125 multiple choice questions covering the following domains, with their corresponding weightage:

• Information security and ethical hacking overview (6%)
• Reconnaissance techniques (21%)
• System hacking phases and attack techniques (17%)
• Network and perimeter hacking (14%)
• Web application hacking (16%)
• Wireless network hacking (6%)
• Mobile platform, IoT, and OT hacking (8%)
• Cloud computing (6%)
• Cryptography (6%)

You can find more in-depth details on the topics covered in the EC-Council’s CEH Exam Blueprint.

Once you’ve passed this exam and fulfilled the rest of the CEH requirements, you may want to advance to the next level: achieving CEH Master status. To do this, you need to take the CEH Practical exam, which lasts six hours and involves 20 challenges on a live network of virtual machines. This exam is taken in the EC-Council’s iLabs Cyber Range, a virtualized environment you can access from home in your browser. Techniques that the CEH Practical exam will test you on include:

• Port scanning tools (e.g., nmap, hping)
• Vulnerability detection
• Attacks on a system (e.g., DoS, DDoS, session hijacking, webserver and web application attacks, SQL injection, wireless threats)
• SQL injection methodology and evasion techniques
• Web application security tools (e.g., Acunetix WVS)
• SQL injection detection tools (e.g., IBM Security AppScan)
• Communication protocols

Are ethical hackers in demand?

An ethical hacker is someone who uses hacking skills — the ability to find bugs in code or weaknesses in cyber defenses — for good, rather than for evil, tipping the potential victims off and using the insights gained to implement improved security measures. In some ways, the term “ethical hacker” arises from a milieu where many “black hat” bad guy hackers do in fact switch sides and become good guys and defenders rather than attackers. But it’s also just a sexy term for a discipline that goes by other, more boring names like “penetration testing” or “offensive security research.”

You might also hear the term “red team” used — in large-scale penetration testing exercises, the red team plays the role of the attackers, while the blue team makes up the defenders. Still, whatever you call it, it’s a job that’s in demand: More and more companies are recognizing the business case for having in-house hackers probing their defenses for weakness, or using bug bounties to encourage freelance ethical hackers to find problems they may have missed.

Is Certified Ethical Hacker worth it?

But even if ethical hackers are in demand, does that mean that the CEH certification in particular is a boon to your career? This is the question that looms over every certification to one degree or another, and anyone who says they can prove a direct correlation between getting a cert and career success is trying to sell you something (a certification, probably).

That said, if you can afford the costs associated with CEH, the general consensus is that will probably help your job search and career trajectory, even if it isn’t a guarantee of success. If you’re looking for an ethical hacking/pen testing gig — or, perhaps more likely, a security analyst job in which penetration testing will be part of your duties — CEH is one of the best-known certifications out there, so it will catch the eye of any hiring manager looking for certs. In particular, in a professional realm where there is a bit of disrepute hanging around the word “hacker” and some of the people who use it to describe themselves, the EC-Council’s code of ethics, adherence to which is a requirement of certification, may be reassuring to some.

What jobs can I get with CEH certification?

The EC-Council lists the following job titles as good matches for a CEH certification:

• Information security analyst/administrator
• Information assurance security officer
• Information security manager/specialist
• Information systems security engineer/manager
• Information security professionals/officers
• Information security/IT auditors
• Risk/threat/vulnerability analyst
• System administrators
• Network administrators and engineers

This is, of course, over and above jobs that actually have “ethical hacker” or “penetration testing” or the like in their title, which are more glamorous but also rarer. In practice, even network and security admins and analysts who don’t do full-time penetration testing can benefit from a CEH credential, as they may find it helpful to assess the security of their organization’s infrastructure through a hacker’s eyes.

CEH salary

Again, it’s difficult to show a direct correlation between an individual getting a CEH certification and getting a raise. But it’s clear that many of the jobs associated with CEH holders pay well. As of 2024, ZipRecruiter pegs the average US salary of an ethical hacker at nearly $135,269 a year.

But what about the certification itself? The InfoSec institute estimates that the average salary for CEH holders from a variety of sources ranges from $96,580 and $107,577, with entry level at $72,000 and experienced ethical hackers earning upward of $200,000.

The most recent (2Q 2024) Foote Partners “IT Skills Demand and Pay Trends Report” found that IT professionals who hold a CEH can expect a 10% pay premium over professionals with similar rank and experience but who do not have a CEH on their resume.