Certified Ethical Hacker (CEH) can be a confusing term as, although it is a certification rather than a degree, earning the qualification is vital to many careers in computer security because it is highly respected throughout the industry. One who holds the title of certified ethical hacker has demonstrated extensive training and knowledge of various techniques used in hacking computer systems and has proven their capabilities in a lab environment.
Because computer server security is vital to virtually every business, they usually turn to someone who holds a CEH designation in order to test their systems for vulnerabilities where an unethical hacker could penetrate a computer system. This protects the company from attacks that might steal proprietary, private, or financial information.
Why Earn the CEH?
If you are considering any IT career that involves security, you should plan to earn the CEH. Certified ethical hacker certification is used as a hiring benchmark in many government agencies such as the Department of Defense and the National Security Agency, and it will prove useful for site administrator and auditor positions. If your goal is to enter the field of security as a consultant, penetrator, ethical hacker, network security specialist, or in a similar position, you'll need the CEH to showcase your knowledge and complement your degree. The CEH will show you are willing to take the extra training required to stay on top of the ever-changing aspects of computer security.
Overview of Who Offers CEH Certification?
The certified ethical hacking certification is only offered by the International Council of Electronic Commerce Consultants (EC-Council), a professional certification body focusing on information security skills and e-business information. The EC-Council offers certifications in 145 countries and their certifications are recognized throughout the world.
Besides the CEH certification EC-Council offers a wide range of certifications such as Computer Hacking Forensic Investigator, Security Specialist, Network Defender, Disaster Recovery Professional, and Encryption Specialist. If your chosen field of work involves network security in any way, you should make long term plans to earn at least some EC-Council certifications because it will reflect directly on your career and is an excellent way to impress potential employers as soon as they see your resume.
How to Get Certified
Certified ethical hacking certification is part of EC-Council's Vulnerability Assessment & Penetration Testing (VAPT) learning track. It is considered the world's most comprehensive and advance ethical hacking training available, which is the reason the certification holds so much sway with industry employers.
The coursework covers 340 cyber-attack technologies that hackers commonly implement and is designed to take you from entry-level to professional ethical hacker in one year. Once you complete the training, you'll be eligible to sit for the exam and become a fully certified ethical hacker.
EC-Council offers several options for CEH certification training so it will be easy to choose one that works well with your preferred learning style and life schedule. Because many students who seek to earn the CEH are already working in the IT security field, these choices will allow you to complete each learning module without interfering with your current workload.
- Self-Study:Streaming video format so you can learn in your own environment
- Live Online: Real time online learning with instructor led coursework
- Master Class:Allows interaction with top professionals and instructors
- Training Partner:Virtual in-person collaboration with peers
The training itself includes over 140 labs designed to simulate actual hacking scenarios. Over 2,200 common hacking tools are explored in depth, with over 1,600 graphic slides to help explain complex concepts in security breaches.
Here are examples of the training modules you'll complete:
- Scanning Networks
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Session Hijacking
- Hacking Web Servers
- Hacking Web Applications
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Cloud Computing
By the time you've completed your training, you'll be proficient in detecting existing and potential threats within a computer network. Your knowledge will allow you to test security procedures and policies within a business system and help protect the network against critical damage from outside sources.
Taking the Exam
To qualify for the exam, you must first apply to EC-Council; a $100.00 non-refundable fee must be submitted with your application. Once your application has been approved you'll be given a voucher for the exam; note this voucher will expire in three months. If you fail to take the exam before the expiration date you must resubmit your application with the fee.
The actual CEH exam can be taken in one of three options:
- ECC Test Center
- ProctorU Testing Center
- VUE Testing Center
These options allow you to take the exam at your convenience regardless of your country of residence. To sit for the exam, you'll first need to provide your eligibility number as well as valid approved identification. All electronics are forbidden from the testing room, as are calculators, briefcases, and purses.
The exam itself has a four hour time limit and contains 125 multiple choice questions. You'll be tested on your expertise in 19 domains to give a comprehensive view of your expertise and abilities in ethical hacking detection. You must score a minimum of 70% (88 questions) in order to pass the exam. If you fail the test, EC-Council offers a reduced cost for retakes; there is no waiting period requirement between testing.
Because technology advances as a rapid pace, you will be required to recertify your CEH status every three years. Recertification assures your employers you have stayed on top of the field and are able to address new advances in system hacking.
To qualify you must earn 40 ECE credits per year for a total of 120 credits in the three year period before recertification. You must also maintain annual membership in EC-Council at a current cost of $80 per year.
It's an excellent plan to use these criteria to earn one or more of the many other certifications offered by EC-Council as you can customize the credits to your personal field of work within the realm of IT security.
What’s on the Test
As mentioned above, the exam will include questions on 19 domains. Here are some examples:
- Network Scanning
- System Hacking
- Hacking Wireless Networks
- Trojans and Backdoors
- Social Engineering Attacks
- Viruses and Worms
- Session Hijacking
- Web Application Hacking
- Penetration Testing
Before you apply to sit for the exam, you should become very familiar with the subjects you'll be tested on. Plan to use study guides from both the EC-Council and other sources so you'll have all the resources possible.
You should make a list of all the topics on the exam and make a study schedule that covers each topic completely. Because the training will take approximately a year to complete, you can use your coursework for reference and wait until completion to choose the study guide material that best suits your style of learning. Note that not all study guides must be supplied through the EC-Council; there are many outside sources available to help you prepare for the exam.
Advantages to CEH Certification
The biggest advantage to CEH certification is that it immediately shows prospective employers your expertise in the field of ethical hacking. Because the training involved teaches you to think like a hacker, you’ll have an edge in finding system weaknesses where attackers may compromise the network.
Because the certified ethical hacker designation isn't used by penetration testers alone, you'll be head of your counterparts in cyber security positions. You'll acquire a vast knowledge bank of vulnerability and risk factors, so the CEH certification on your resume will most likely qualify you for a higher salary than a competitor who doesn't hold certification.
The extensive training required to pass the CEH exam will showcase your skills as a hacker and put you on the leading edge of ethical hacking professionals. Because the certificate is held in such high regard, it is used as a standard requirement of employment for IT security in many government agencies.
Careers and Salaries for CEH Certified Professionals
Every career field that involves cyber security will benefit from holding the CEH designation. While many think of certified ethical hacking as being specific to the career of penetration tester, it is also helpful for site administrators, auditors, and network security specialists. The CEH is used and endorsed by the NSA, the Department of Defense, and the Committee on National Security Systems (CNSS) and is used by many government agencies as hiring criteria.
Here are some sample salaries for CEH careers; please note these are averages and do not reflect the location or employment sector:
- Computer Hacking Forensic Investigator: $88,000
- Certified Ethical Hacker: $90,000
- Network Security Administrator: $92,000
- Certified Security Analyst: $92,000
- Penetration Tester: $117,800
- Senior Information Security Analyst: $103,000
- IT Security Specialist: $114,100
- Certified Information Systems Security Professional (CISSP): $120,500
Once you've earned your CEH certification you should immediately make a long term plan to add additional cyber security certifications to your knowledge base. Because the CEH must be renewed every three years, you should use the continuing education requirement to your advantage and earn further certifications that will add to your career profile.
You can choose one of the other certifications in the VAPT learning track to begin:
- Certified Network Defender (CND)
- Certified Security Analyst (ECSA)
- Advanced Penetration Testing (APT)
- Licensed Penetration Tester (LPT)
The EC-Council also offers certification in a wide range of specialty areas so you can focus on a narrow field of specialty or customize your expertise according to your employment requirements. Because many employers offer reimbursement for education, you might consider inquiring with your IT department which certifications you should earn first.
Here are some examples from the dozens of certifications offered by the EC-Council:
- EC-Council Certified Encryption Specialist (E|CES)
- EC-Council Certified Security Specialist (E|CSS)
- Certified Network Defense Architect (C|NDA)
- EC-Council Disaster Recovery Professional (E|DRP)
- Computer Forensics Certification
- Computer Hacking Forensic Investigator (C|HFI)
- Licensed Penetration Tester (L|PT) (Master)
- EC-Council Certified Incident Handler (E|CIH)
- EC-Council Certified Chief Information Security Officer (C|CISO)
- Certified Application Security Engineer (C|ASE) (Java and .NET)
- Advanced Network Defense (CAST 614)