AssociateVendor-neutralISO 17024EC-Council· issued from US

CEH

Certified Ethical Hacker

Offensive-concepts breadth; light on hands-on rigor compared to OSCP.

Official page at EC-Council ↔ Compare with another cert

Exam fee

$1,199

Ongoing

$0/yr AMF · 40 CPE/yr

Study time

60–120 hrs

Delivery

Online proctored

Validity

3 yrs (renewal cycle)

› Quality score

19.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

Loose blueprint with breadth-over-depth content — long criticised for being a tool catalogue rather than a methodology.

3.5/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

Standard exam is pure MCQ. CEH Practical (separate purchase) adds a lab; still narrow.

2.5/10

Currency & upkeep

How aggressively content is kept current with the field.

Updated to v13 in 2024; cadence is faster than most EC-Council certs.

6.0/10

Market recognition

How often this signal actually moves a hiring decision.

DoD 8570 baseline keeps it on a lot of listings; HR teams ask for it more than practitioners respect it. [Holders: 250k, 2024-12] [DoD 8140 listed]

7.5/10

› Market signals

public, citable inputs to the recognition score

Holders worldwide

250,000

as of 2024-12 · source

DoD 8140 baseline

Listed

CSSP-Analyst, CSSP-Infrastructure, CSSP-IR, CSSP-Auditor

› Built for these roles

Junior Penetration TesterSOC Analyst (offensive curiosity)DoD 8570 / 8140 baseline checkbox

› Exam format

125 multiple-choice questions over 4 hours, English. Optional CEH Practical follow-on (separate fee) is the lab-based version with 20 hands-on challenges over 6 hours — recommended if you want a defensible pentest signal.

Passing score

Variable cut score 60-85% depending on form difficulty

Retake policy

Fee: $1199 per attempt

Wait: 0d between attempts

First retake immediate. 14 days between attempts 2–3, 1 month between 3–4, 3 months between 4–5. Max 5 attempts/year.

› Recertification

120 EC-Council ECE credits over the three-year cycle (avg 40/yr). No annual maintenance fee but credit-tracking is on you.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-007PD-WRL-001

Recognition

GlobalUSDACH

Exam languages

› Core domains covered

The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A9Penetration Testing & Red Teaming

Methodology (OSSTMM, PTES), web/network/mobile pentesting, social engineering, purple teaming.

A2Network Security

Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.

A4Application Security

OWASP Top 10, secure SDLC, SAST/DAST/IAST, API security, code review, DevSecOps.

› Also touched

Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.

A24Exposure Management & Attack Surface

External attack-surface management (EASM), cyber asset attack-surface management (CAASM), continuous threat exposure management (CTEM), attack-path analysis, validation, and remediation orchestration.

› Prerequisites

Experience

Two years of information-security work experience, or completion of EC-Council training. Widely used for DoD 8570 compliance.

Knowledge assumed

Networking and OS fundamentals
Common attack techniques (phishing, SQLi, XSS)

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (1)

Security+CompTIA

CEH

EC-Council

Required by (1)

LPTEC-Council

Recommended next (5)

CPENTEC-Council ECIHEC-Council CHFIEC-Council CNDAEC-Council EDRPEC-Council

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides

EC-Council CEH v13 iLabs + Courseware — EC-Council
CEH v13 Certified Ethical Hacker Study Guide by Ric Messier — Sybex

Training providers

Practice tests

Boson ExSim-Max for CEH

Free / community

r/CEH

› Version & lifecycle

Current version

v13 (AI-augmented)

Released

2024-09

v13 adds AI-assisted offensive content. EC-Council typically releases new versions every 1–2 years.

› Salary signal

Junior penetration tester / security analyst, US, 1–4 years.

$75K–$115K

median $92K

Glassdoor + Salary.com 'Junior Pentester' aggregations · 2024 · US base only · p25–p75 range

› How it compares

OSCP

OSCP is hands-on lab-graded; CEH is theory-heavy and widely seen as a checkbox cert.

↔ Compare side-by-side

› Careers that commonly pursue this cert

Penetration Tester

Ethically hack systems to find vulnerabilities before attackers do. Offensive security requires deep technical knowledge.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications