How to Become a Certified Ethical Hacker

Ethical hacker
••• Westend61/Getty Images

“Hacker” didn't start out as a bad word. But it's evolved into one, thanks to hackers of the malicious kind. Despite how oxymoronic the term “ethical hacker” may seem, the Certified Ethical Hacker credential is no joke.

Certified Ethical Hacker, CEH for short, is a computer certification that indicates proficiency in network security, especially in thwarting malicious hacker attacks through preemptive countermeasures.

Despite the fact that malicious hacking is a felony in the USA and most other countries, it's become painfully clear that only ethical hackers can stop malicious hackers.

About the CEH

That's what the Certified Ethical Hacker credential is all about. It's is a vendor-neutral (meaning it’s not tied to any brand) certification for information technology workers who wish to specialize in "legally" hacking the malicious hackers, using the same knowledge and tools that malicious hackers use.

Because the idea behind the Certified Ethical Hacker credential is that it "takes one to know one," it's also for "evil hackers turned good". In fact, even before the credential was introduced, private firms and government agencies were hiring reformed malicious hackers for that reason.

But the Certified Ethical Hacker credential takes it a step further, by indicating that those reformed hackers (and others who've earned it) have legally agreed in writing to abide by the law and honor a code of ethics.

How to Become a Certified Ethical Hacker

Students must have a minimum of two years of security-related job experience to enter the Certified Ethical Hacker training program. That's to help screen out malicious hackers and wannabes of the hobbyist kind. It would defeat the point if the program could be used to train new hackers.

Potential students are screened in other ways too. After earning the Certified Ethical Hacker credential, job candidates will likely be put through background checks or more rigid personnel security investigations (PSIs). Security clearances will likely be required for computer security jobs at government agencies or private firms with government contracts.

The Course

The Certified Ethical Hacker Training Program is a course that prepares students to take the CEH exam. It consists of 18 modules and covers 270 attack technologies, as well as mimics real-life scenarios in 140 labs. The course is run on an intensive five-day schedule with training from 9-5.

At the end, you’ll not only be ready for the exam, but you’ll be ready to handle whatever penetration testing or ethical hacking scenarios come up in your IT security career. These skills are internationally recognized and in high demand, and the CEH certification is well-respected.

The Exam

The 312-50 exam lasts 4 hours and is comprised of 125 multiple choice questions. It is offered at ECCExam (Exam Prefix - 312-50) and Vue Testing Center (Exam Prefix - 312-50).

The exam tests CEH candidates on the following 18 areas:

  • Introduction to Ethical Hacking

  • Footprinting and Reconnaissance

  • Scanning Networks

  • Enumeration

  • System Hacking

  • Malware Threats

  • Sniffing

  • Social Engineering

  • Denial of Service

  • Session Hijacking

  • Hacking Webservers

  • Hacking Web Applications

  • SQL Injection

  • Hacking Wireless Networks

  • Hacking Mobile Platforms

  • Evading IDS, Firewalls, and Honeypots

  • Cloud Computing

  • Cryptography

Who’s Behind the CEH

The Certified Ethical Hacker credential is sponsored by EC-Council. That's short for the International Council of E-Commerce Consultants, a member-supported professional organization with a global reach. Authorized, accredited training centers administer the 5-day certification course, while authorized testing centers administer the certification exam. Self-study and instructor-led courses are both available.

In addition to Certified Ethical Hacker, EC-Council offers several other certifications relevant for network security jobs, as well as those for secure programming, e-business and computer forensics jobs.

Certification proficiency levels range from entry-level to consultant (independent contractor).


It’s a rigorous exam, but according to this article in Intelligent Defense, the payoff can make it worth it: “On average, CEH-certified professionals earn 8.9 percent more than non-certified professionals for the same security positions, according to PayScale.” Having the certification under your belt can also give you access to new jobs or promotions.