Steve Young - Fotolia

Get started Bring yourself up to speed with our introductory content.

Why is the Certified Ethical Hacker certification suddenly popular?

The Certified Ethical Hacker certification gained in popularity recently. Expert Joseph Granneman explains the CEH and why it's relevant again.

It seems like even though the Certified Ethical Hacker certification has been around for a while, it's becoming more popular and prominent lately. What does this credential entail, and is it best suited only for penetration testers?

It seems there are new security certifications popping up every day as the training market attempts to capitalize on the high demand for information security professionals. The reputation of certifications can diminish over time if the tests are not stringent enough to produce quality information security professionals. Everyone in the security profession can repeat an anecdotal story involving a certified individual who could not get the job done, which placed the rigor of that certification into question. The Certified Ethical Hacker (CEH) is one of these older certifications that has not just survived these anecdotal stories, but is starting to see some growth.

Learning about information security can be difficult. The best security professionals seem to have a passion for technology and practice their craft on their own to hone their skills. Their experience may have been gained while pushing the limits of what constituted legal activity. People without access to the technology or who were put off by the possibility of incarceration can use certifications to build their knowledge and start their careers. Certifications can offer value if they're viewed as building a foundation of knowledge, not as indicating mastery of the entire subject.

The Certified Ethical Hacker certification is in a sweet spot between entry-level certifications like CompTIA's Security+ and advanced-level certifications like CISSP. The main focus of CEH is the technical aspects of information security. It starts by building a foundational knowledge of protocols and networking hardware before delving into vulnerability assessments and network penetration. Good security knowledge starts with a firm understanding of the basics, which makes the CEH just as applicable to systems administrators as to penetration testers.

The CEH certification exam contains 125 questions that must be answered in four hours with a score of 70% or better. Over 75% of the questions on the exam cover security-specific material including firewalls, vulnerability scanners and exploitation tools. Regulatory issues such as PCI DSS represent only 4% of the remaining questions, which may not be enough for those with no experience in an industry where compliance plays such a big role. The technical questions do a good job covering the tools used every day by security professionals, which may account for the certification's rising popularity.

The CEH certification is a good intermediate test that covers the technical aspects of information security. It is introductory enough that other members of IT could use it to gain insight into the world of information security. It is technical enough to be useful to those who have some introductory experience with information security tools and want to learn more. Both of these facts probably contribute to the increasing popularity of the CEH certification. However, using the "hacker" designation in the name of the certification probably didn't hurt the popularity of the program either.

Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

Next Steps

Looking to take the next step in your security career? Check out SearchSecurity's guide to security certifications.

This was last published in February 2015

Dig Deeper on Security industry certifications

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

The CEH is fairly useless, the test is very easy - your article doesn't really address why it's become so popular with HR and hiring managers. I have one because the Army required their testers to get it back when there were only two certs for pentest around, the other being the GCIH (which is good and I have that too). Had another coworker take the test recently and his opinion was the same, super easy test, very little good content regarding pentest.
I know a few who took test a while back. They did not have a requirement, just wanted to see what all the fuss was about. They were not impressed. In their opinion it was easy and nor real benefit.
EC-Council’s Certified Ethical Hacker (CEH) v8 was updated in OCT 2015 without notice to students who had been studying v8 material, which resulted in massive failures globally. EC Council responded with a 50% discount to retake the exam to those students - plus, the students now hod to learn the v9 material despite EC Council's claim that their certifications were no longer carrying a version number. That excuse had nothing to do with the total over haul of the exam updated on OCT 15, 2015 from EC Council's Malaysia corporate office. This unannounced update and careless attitude by EC Council has cost it hundreds of students that are now seeking alternatives to EC Council's CEH, which does not actually teach hacking, just the concepts. Other platforms such as GIAC/SANS and MILE 2 have courses that out perform EC Council's CEH and do teach instructional labs that give student the necessary skills to ethically hack or perform penetration testing. Word of caution, stay away from a non-US company that will only leave you with the impression that you know what you are doing. Instead, go with proven leaders in the IT Security world that are accepted and respected.
Another reason might be that hacking is getting a lot more media coverage. That might spike interest in the field. Both good and bad.
Nice post! it is really very helpful for us. if anyone want to know the details about Certified Ethical Hacker Online Training and Certification