Certified Ethical Hacker (CEH) certification is a popular cybersecurity standard and a prerequisite for many IT security positions. Its latest update includes added AI capabilities. Is CEH the right certification for you, or should you pursue another alternative? Use our guide to learn what CEH is, how it differs from other popular certifications, whether it can benefit your career path, and what it takes to obtain certification.
Certified Ethical Hacker certification is an industry standard for validating knowledge of IT security threats, detection methods, and prevention methods. It covers 20 areas of cybersecurity with hands-on labs, attack techniques, and security tools. Its current version includes AI capability. It focuses on certifying theoretical knowledge, but it includes an optional practical exam for higher certification.
The CEH is offered by Albuquerque-based cybersecurity training provider EC-Council, a US defense contractor founded after the September 11 attacks to certify IT professionals tasked with stopping e-commerce hacks. CEH certification is a requirement for certain US government cybersecurity positions and contracting jobs. The CEH supports the career path of professionals such as penetration testers (pentesters), information security analysts, security administrators, and IT auditors.
The CEH is designed for applicants with at least two years of IT security experience, although this is not a requirement. It is considered an entry-level to mid-level certification.
The CEH provides industry-wide recognition of skill in finding and fixing cybersecurity weaknesses. Widely required by employers and government agencies, the CEH helps job seekers and contractors pass HR filters and procurement screenings to meet resume and regulatory qualifications. Government and military contractors and industries such as banking and healthcare tend to require CEH.
CEH certification can help workers who already have some cybersecurity experience earn promotions and higher pay. The certification’s new AI material is designed to help security professionals meet the demands of employers who require AI security expertise. CEH training and labs can also help cybersecurity professionals who want to improve their knowledge and practical hacking skills.
The CEH benefits professionals who need ethical hacking skills, including pentesters, security analysts, security engineers, security administrators, and IT auditors. It is geared toward cybersecurity professionals and teams, government and military contractors, and educators.
As a prerequisite for attempting the CEH, EC-Council recommends two years of prior experience in IT security. However, this is a recommendation rather than a requirement.
The CEH provides a four-step learning framework:
The 20 modules of the supporting course cover:
These modules incorporate common AI security threats such as AI-powered reconnaissance tools and SQL injection.
To assess applicant mastery of the material covered in the course, the knowledge exam tests skills in understanding:
The exam is a multiple-choice format with 125 questions. Applicants have four hours to obtain a passing score of 60% to 85%. The test is administered through an online exam portal.
The optional practical exam tests hands-on skills with:
The practical exam consists of 20 challenge questions requiring the capture of designated flags in target networks to demonstrate skills such as vulnerability scanning and analysis and hacking attack techniques. Applicants have six hours to achieve a passing score of 60% to 85%. The exam is administered via iLabs Cyber Range.
Exams can be taken at an authorized training center or remotely through a remote proxy service for an additional fee.
Taking the knowledge exam alone costs $950 plus additional fees for remote proctoring and administration, training, and lab fees. The optional practical exam costs about $550. Altogether, fees may run as high as $3,000 to $4,000 depending on what options you purchase.
Maintaining CEH certification requires renewal every three years for an annual maintenance fee of $80, or $240 total. During that time, certificate holders must complete 120 hours of continuing education credits.
The CEH can be contrasted with another popular cybersecurity certification, PenTest+, offered by the IT security trade association Computing Technology Industry Association (CompTIA). The PenTest+ certifies the ability to recognize, mitigate, and report vulnerabilities across a variety of attack surfaces, including cloud, web apps, APIs, and IoT. It stresses practical pentesting skills such as vulnerability management and lateral movement. Pentest+ is designed to support career paths such as a pentester or security consultant.
A comparison of the PenTest+ with the optional practical exam of the CEH highlights some distinctive qualities of these two certifications:
These differences reflect the fact that PenTest+ is specifically geared toward practical, hands-on pentesting, while CEH is oriented toward broad theoretical knowledge of cybersecurity with a practical supplementary option for those who want basic pentesting certification. PenTest+ can be useful for those who need a budget-friendly pentesting certification, while CEH is most suitable for those who need it to meet job application or regulatory requirements and have a higher budget.
CEH can be a worthwhile investment in 2026, particularly if it’s a requirement for your career path or a contracting opportunity. However, if you’re seeking an advanced pentesting or red teaming position, you might want to consider a more specialized certification, such as the Offensive Security Certified Professional (OSCP), or a less expensive alternative, such as PenTest+, if you’re on a budget.
Like the CEH, the cybersecurity field is constantly changing, and new certifications with specialized areas of emphasis are emerging at a rapid pace. What certification is right for you depends on your career goals, job requirements, and compliance mandates. Learn more about other available security certifications that can support your career path by visiting the Cobalt Offensive Security Learning Center.