Where the Certified Ethical Hacker designation differs from most other security certifications is that it can be used both offensively and defensively. By training on the tools and the techniques the hacker uses, a Certified Ethical Hacker should be able to not only test an organization's defenses against those techniques, but also defend against attacks more effectively.
Of course, that is all theory. In practice, I've found that security professionals need to be able to think like a hacker. They need to look at their systems critically and figure out where the holes are. While it's not possible to eliminate all the holes, the most obvious issues can absolutely be resolved by using ethical hacking techniques and attack tools.
Suffice it to say, I'm a big fan of testing networks, systems and applications. For more information as to why I feel that way, check out a piece I recently wrote on my Security Incite blog about why enterprise penetration testing is important.
This was first published in June 2008