Buy Unlimited Training licenses in June and get an extra 3 months for free! ☀️

CEH Exam preparation Guide - How to become a Certified Ethical Hacker (CEH)

  • Cyber Security
  • CEH
  • Certification Guide
  • Published by: Maria Forsberg on Sep 23, 2022

Have you ever wanted to become a hacker without breaking the law? If so, becoming a Certified Ethical Hacker (CEH) could be the career path for you.

In this article, we’ll explain what a Certified Ethical Hacker is, how and why to become one, the future of the ethical hacking field, and more.

Let’s get started!

Definition: Certified Ethical Hacker

A Certified Ethical Hacker (CEH) is someone who hacks into a computer network or system to identify and evaluate security vulnerabilities on behalf of the network or system’s owner. It’s their job to find and fix weaknesses before malicious hackers can exploit them.

By hacking a computer network with permission, an ethical hacker can assess what cyber risks a company faces and provide suggestions on how to improve.

Many use the terms “white hat” and “black hat” hacking to distinguish ethical from non-ethical hacking. White hat hacking is authorized activity done to bolster a computer network’s security, while black hat hacking is illegal activity done for personal gain.

Ethical hackers (or white hat hackers) work across many industries, including finance, healthcare, government, energy, and more. And the demand for them is growing. Here’s why:

For one, cyber-attacks are on the rise. Since the COVID-19 pandemic, the FBI has seen a 300% increase in reported cybercrimes. So, many companies and organizations are hiring ethical hackers to help protect against cyber threats.

In fact, the global security testing market is expected to reach $21.01 billion by 2026, growing at a compound annual growth rate (CAGR) of 20.3% between 2016 and 2019. So ethical hacking is a growing field.

According to EC-Council, here’s what ethical hackers do:

  • Discover vulnerabilities from an attacker’s point of view so that weak points can be fixed
  • Implement a secure network that prevents security breaches
  • Defend national security by protecting data from terrorists
  • Gain the trust of customers and investors by ensuring the security of their products and data
  • Help protect networks with real-world assessments

There are also many different types of ethical hacking, including web application hacking, system hacking, web server hacking, wireless network hacking, and social engineering. Each approach is designed to detect different points of vulnerability and generally follows a five-step process:

  1. Planning and reconnaissance
  2. Scanning
  3. Gaining access
  4. Maintaining access
  5. Analysis and web application firewall (WAF) configuration

That’s what an ethical hacker does in a nutshell. In the following sections, we’ll go over the history of ethical hacking and how to become an ethical hacker with the Certified Ethical Hacker (CEH) Certificate by EC-Council.

What Is the History of Ethical Hacking?

The term ‘ethical hacker’ was coined by former IBM executive John Patrick in 1995, though the concept has existed much longer—basically, ever since there have been computer networks.

Back in the 1960s, “hacking” simply referred to finding ways to optimize systems and machines so that they would run more efficiently. The first recorded “hack” occurred in 1961 when MIT researchers altered the function of a toy railway set.

So originally, all hacking was ethical hacking. It wasn’t until the 1970s that hacking started to get a bad wrap. This is when some hackers started hacking into telephone systems, aka “phreaking.” At a time when phone calls were relatively expensive to make, phreaking allowed you to make phone calls for free.

In the 1980s and 1990s, personal computers became more common, the internet had spread, and hacking had become almost exclusively associated with criminal activity.

This led to the passing of the 1986 Computer Fraud and Abuse Act, which has been updated many times, including in 2008 to include restrictions on all kinds of new hacking behavior.

Not much later, in 1990, the UK passed the Computer Misuse Act which governs how you can access computer data and prohibits changing data without the owner’s permission.

In the 2000s, the internet expanded further, and finance technology, e-commerce, social media platforms, and search engines all became new targets for hackers. Even the International Space Station (ISS) was breached.

Today, 30,000 websites are hacked every day. That’s 10.95 million websites per year! Now, more and more businesses are realizing the need for a robust cyber security strategy, which is why ethical hackers are making a comeback.

The cyber security market is growing and is set to surpass $376.32 billion by 2029. Even some former black hat hackers have turned to white hat hacking (e.g. Kevin Mitnick, Kevin Poulsen, and Robert Morris). There’s no better time than today to become an ethical hacker.

What Is the CEH Certificate?

The Certified Ethical Hacker (CEH) Certificate is an entry-level, vendor-neutral cyber security certification created by the International Council of E-Commerce Consultants (EC-Council) in 2003. Earning the CEH Certificate helps aspiring (and existing) ethical hackers certify their skills and expand their careers.

The purpose of the CEH credential is to:

  • Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
  • Inform the public that credentialed individuals meet or exceed the minimum standards.
  • Reinforce ethical hacking as a unique and self-regulating profession.

Today, the CEH is respected worldwide. It’s accredited by the American National Standards Institute (ANSI), endorsed by the National Cyber Security Centre (NSCS), and required by the US Department of Defense (DOD) for Computer Network Defenders Service Providers (CND-SP) under Directive 8570.

The latest version of the CEH Certificate (CEHv11) includes the following training features:

  • National Initiative for Cybersecurity Education (NICE) 2.0 framework compatibility
  • A greater focus on 18 emerging attack vectors
  • Training on modern exploit technologies
  • Hands-on hacking challenges
  • Modern case studies from current cybersecurity events
  • Enhanced focus on malware analysis
  • A live cyber range with real-world challenges and no simulations
  • Greater focus on Cloud and Internet of Things (IoT)
  • Thousands of hacking techniques, tricks, and tools

To earn the CEH Certificate, you need to pass the CEH exam, which you can apply to take online. Just fill out and submit an exam eligibility form. You will also need to pay a non-refundable $100 application fee (however, this can be waived if you already have one of CEH Certification’s versions 1 through 7).

Application processing time can take 5 to 10 business days. If 10 days have passed and you still haven’t heard anything, send an email to

Once approved, you can purchase an exam voucher from the EC-Council or an authorized training channel. Your application will be valid for three months, after which you will need to apply again.

With the exam voucher, you can register for the CEH exam through Pearson VUE for $1199 or through an EC-Council test center for $950. Both test providers offer in-person and remote exams via computer (with the help of a proctor).

Please note that you must book the exam at least three days in advance of the desired test date. You will have one year to do this, after which your exam voucher will expire. Disabled applicants can also request special exam accommodations.

Before heading into the CEH exam, make sure you:

  • Run an equipment test
  • Bring your ID
  • Bring a valid exam voucher

The CEH exam is closed book, lasts four hours, and has 125 multiple choice questions that cover nine domain areas:

  • Information Security and Ethical Hacking Overview
  • Reconnaissance Techniques
  • System Hacking Phases and Attack Techniques
  • Network and Perimeter Hacking
  • Web Application Hacking
  • Wireless Network Hacking
  • Mobile Platform, IoT, and OT Hacking
  • Cloud Computing
  • Cryptography

To pass the CEH exam, you need to score somewhere between at least 60% and 85%, depending on what exam form you get (exam forms vary to help prevent cheating). Once you pass the exam, you will get your CEH certificate within 7 working days.

To maintain your CEH Certification, you must also earn 120 EC-Council Continued Education (ECE) credits every three years.

Now you know what the CEH Certification is and how to get it. In the next section, we’ll go over the prerequisites for doing the CEH Certification.

What Are the Prerequisites for Doing the CEH Certification?

To be eligible for the CEH Certification, you must either have two years of experience in information security (IS) or attend an official EC-Council training.

If you choose to meet the experience requirement, you must demonstrate your knowledge in the following CEH domains and sub domains that are part of the CEH exam:

  • Information Security and Ethical Hacking Overview
    • Introduction to Ethical Hacking (8 exam questions)
  • Reconnaissance Techniques
    • Foot printing and Reconnaissance (10 exam questions)
    • Scanning Networks (10 exam questions)
    • Enumeration (6 exam questions)
  • System Hacking Phases and Attack Techniques
    • Vulnerability Analysis (9 exam questions)
    • System Hacking (6 exam questions)
    • Malware Threats (6 exam questions)
  • Network and Perimeter Hacking
    • Sniffing (3 exam questions)
    • Social Engineering (5 exam questions)
    • Denial-of-Service (2 exam questions)
  • Web Application Hacking
    • Hacking Web Servers (8 exam questions)
    • Hacking Web Applications (8 exam questions)
    • SQL Injection (4 exam questions)
  • Wireless Network Hacking
    • Hacking Wireless Networks (8 exam questions)
  • Mobile Platform, IoT, and OT Hacking
    • Hacking Mobile Platforms (4 exam questions)
    • Internet of Things (IoT), Operational Technology (OT) and Hacking (6 exam questions)
  • Cloud Computing
    • Cloud Computing (7 exam questions)
  • Cryptography
    • Cryptography (7 exam questions)

Lastly, CEH Certification candidates must also meet an age requirement. The CEH Certification is open to anyone permitted by their country of origin or residency. Underage applicants must have the written consent of a parent or legal guardian and a supporting letter from an institution of higher learning.

That’s it! Those are the only prerequisites for doing the CEH Certification. If you meet them, you’re well on your way to becoming a Certified Ethical Hacker.

How Much Does CEH Certification Cost?

The total cost of getting the CEH Certification will vary, but here’s a basic breakdown:

If you meet the two-year experience requirement, you only need to pay the application fee, which is $100, and the CEH exam voucher fee, which is $1199 through Pearson VUE or $950 through an EC-Council test center. So your total would come to $1299 or $1050.

However, if you choose to complete the EC-Council training instead of the work experience, you’ll need to pay $850 for the course, which includes the application fee. That means your total cost will come to $2049 with the Pearson VUE exam voucher or $1800 with an EC-Council test center exam voucher.

Alternatively, you may want to invest in a third-party training program like the one by Readynez. It costs $3,290 for the virtual version and $4,590 for the classroom version, both of which include the exam voucher. That means that with the $100 application fee, your total would come to $3,390 or $4,690.

Whichever route you choose, the investment is well worth it. A CEH Certificate can open up new job opportunities, boost your salary, and help you network.

How Valuable Is the CEH Certification by the EC-Council?

At this point, you may wonder how valuable the CEH Certification is and whether it’s worth pursuing. Are the training, experience, and application fee all worth it?

The short answer is yes. For aspiring (and existing) information security professionals, the upfront costs of getting the CEH Certification typically pay for themselves within a short amount of time.

That’s because having a CEH Certificate helps you:

  • Advance your information security (IS) career. Whether you’re just starting out or well into your IS career, the CEH Certificate will expand your job opportunities. You may even get offers to work at companies and organizations in different countries. If nothing else, you can be sure to have great job security as there’s a growing demand for ethical hackers across many industries.
  • Learn to think like a hacker. The best way to protect against a cyber attack is to think like a hacker. If you understand their thought process, you can implement safeguards to help prevent security breaches. The CEH Certificate teaches you to do just that. It gives you access to 140 real-world labs and over 2,200 hacking tools, so you have the technical skills to beat all kinds of security threats.
  • Gain business knowledge.On top of teaching you technical hacking skills, becoming a CEH will increase your business acumen. You’ll learn how to mitigate business risks and fight against human error and negligence.
  • Boost your salary. According to, the average CEH salary in the US is $109,468. However, you could make as much as $219,500 in some positions and areas. A 2021 C|EH Hall of Fame Annual Report also shows that 79% of CEHs reported a salary increase of more than 20% compared with their peers.
  • Join a global community.As a member of EC-Council, you’ll gain access to a global community of ethical hackers just like you. This means more networking opportunities and endless membership perks, including training, events, educational resources, and more.
  • Gain global recognition. The CEH Certificate is recognized worldwide as the top ethical hacking credential. It’s accredited by the American National Standards Institute (ANSI), endorsed by the National Cyber Security Centre (NCSC), and required for some positions in the US Department of Defense DOD). Wherever your career takes you, you’ll gain increased respect from employers and peers alike.

Taken together, the benefits of holding the CEH Certificate offer a ton of value. Don’t miss out on this opportunity to level up your cyber security career.

What Is the Meaning of EC-Council?

EC-Council is a member-based organization that certifies people in information security (IS) skills. It was founded by Jay Bavisi in 2001. After the 9/11 attack on the World Trade Center, Bavisi considered the impact that a cyber attack would have on the US and whether the US was sufficiently prepared. This inspired him to create EC-Council’s security trainings and certifications programs.

Today, EC-Council has certified over 220,000 information security professionals across 145 countries. It uses 3,000 tools and technologies and has 350 subject matter experts involved in course development. Here’s a list of all the available EC-Council Certifications:

According to the EC-Council website, its mission is “to validate information security professionals who are equipped with the necessary skills and knowledge required in a specialized information security domain that will help them avert a cyber conflict, should the need ever arise.”

The organization is headquartered in Albuquerque, New Mexico, and works with top companies and organizations like IBM, Microsoft, Xerox, and Cisco. When it comes to cyber security certification, EC-Council is one of the top certifiers around.

What Is the Market for Certified Ethical Hackers?

The market for Certified Ethical Hackers is growing. According to, the global security testing market is expected to reach $21.01 billion by 2026, growing at a compound annual growth rate (CAGR) of 20.3% between 2016 and 2019. And it’s no surprise.

Cybercrime is up worldwide. Since the COVID-19 pandemic, the FBI has seen a 300% increase in reported cybercrimes, including ransomware campaigns requiring payment in cryptocurrency.

Some famous incidents include the hacking of the US Colonial Pipeline in 2021 and the hacking of meat processing company JBS in June 2021. Both were devastating incidents that cost the companies millions ($4.4 million and $11 million in ransom money, respectively, not to mention lost revenue).

As a result, the magazine Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025 (up from $3 trillion in 2015).

Right now, global cybercrime damage costs are up to $6 trillion per year. That’s $500 billion per month, $115.4 billion per week, $16.4 billion per day, $684.9 million per hour, $11.4 million per minute, and $190,000 per second!

As cybercrime costs businesses and organizations more and more money, the market for Certified Ethical Hackers will only grow. Right now, ethical hackers have good career prospects and earn an average US salary of $109,468 (and will only earn more over time). So if you want to take advantage of this hot career market, now is the time.

How Do I Have to Prepare to Take a CEH Course?

To qualify for the CEH Certificate, you must either have two years of experience in information security (IS) or complete an official IC-Council training. If you opt for the training course route, there are a few things you must do to prepare.

First of all, you must buy the CE|Hv11 courseware for $850 (valid for two years). From there, it helps to have a basic knowledge of relevant programming languages, computer networks, computer hardware, and information security.

To give you a better idea of how to prepare, here are the 20 modules that the CEH course covers:

  • Introduction to Ethical Hacking
  • Foot-printing and Reconnaissance
  • Scanning Networks
  • Enumeration
  • Vulnerability Analysis
  • System Hacking
  • Malware Threats
  • Sniffing
  • Social Engineering
  • Denial-of-Service
  • Session Hijacking
  • Evading IDS, Firewalls, and Honeypots
  • Hacking Web Servers
  • Hacking Web Applications
  • SQL Injection
  • Hacking Wireless Networks
  • Hacking Mobile Platforms
  • Information of Technology (IoT) and Operational Technology (OT) Hacking
  • Cloud Computing
  • Cryptography

Alternatively, you can opt for a third-party CEH training course like the one by Readynez. It comes in virtual format for $3,290 or classroom format for $4,590. Both last five days and come with all course materials, an exam voucher, and a certification guarantee. The in-person version also includes accommodation and all meals.

Ultimately, all you need to prepare for a CEH course is a desire to learn. If you have that, you’re well on your way to acing the CEH exam.

Is It Possible to Get CEH as a College Student?

If you’re still in college (or haven’t even started college yet), don’t worry. You can still get the CEH Certification, as long as you meet all the eligibility requirements. These include having two years of experience in information security or completing an official IC-Council training course.

But if you haven’t finished college yet, chances are that you don’t have the necessary work experience and must go with the IC-Council training route. This costs $850 and is valid for two years.

If you fail the CEH exam, you can always retake it by purchasing another exam voucher at a discounted price. IC-Council also allows candidates who fail on the first attempt to retake the exam immediately.

If you fail the CEH exam a second time, you must wait 14 days to retake the exam. If you fail a third time, you must wait an additional 14 days to retake. If you fail a fourth time, you must wait yet another 14 days to retake. Finally, if you fail more than five times within a one-year period, you must wait a full year to take the exam again.

Also, keep in mind that EC-Council will never allow you to take the same version of the CEH exam twice.

At the end of the day, it doesn’t matter how far along you are in your information security (IS) career. If you want to get the CEH certification now, go for it!

Is CEH Certification Necessary to Get Ethical Hacking Jobs?

You don’t need to get CEH certified to get an ethical hacking job, but it sure helps. The CEH Certificate will certify your information security (IS) skills and knowledge and help you stand out to employers.

Think about it. A company choosing between a certified and a non-certified ethical hacker will choose the former every time. That’s because the CEH Certificate gives you more credibility. It’s respected worldwide as a badge of competence and skill.

So even though you don’t need to get the CEH certification to land an ethical hacking job, it’ll dramatically increase your chances of getting one or at least help you get a better position.

CEH Skill Requirements

To become a Certified Ethical Hacker (CEH), you must learn a broad range of technical skills. After all, hackers use a variety of methods to infiltrate computer systems and networks, and it’s your job as an ethical hacker to know these tactics inside and out.

Some skills that are useful to have as a CEH include the following:

  • Basic software skills—Ethical hackers need to know how to operate basic computer software like spreadsheets, file management, and more.
  • Basic hardware skills—Hardware refers to the physical components of computers, including monitors, motherboards, mouses, keyboards, hard drives, speakers, sound cards, and more. Ethical hackers need a sound understanding of all these components.
  • Computer networking skills—A computer network refers to interconnected devices that exchange data and share resources. Ethical hackers need to understand networks like DHCP, supernetting, and subnetting to identify potential security risks.
  • Reverse engineering skills—Reverse engineering is the ability to recover the design of a computer system or network, so you can expedite maintenance work and make it more robust against cyber attackers.
  • Cryptography skills—Cryptography is the art of protecting communication data from bad actors. Ethical hackers need to be well-versed in cryptography to protect communications.
  • Database skills—Databases are where digital information is stored, a prime target for hackers. Ethical hackers need to know how to navigate and protect databases.
  • Problem-solving skills—As an ethical hacker, your job is detect security issues and come up with solutions. So it’s important to be a critical thinker who can solve problems dynamically.
  • Programming skills—Programing refers to writing code to control a computer system. Since this is how hackers get into networks without permission, ethical hackers need to know how to program as well.

Of course, there are many programming languages out there. Below is a list of the most important ones for ethical hackers to know:

  • When it comes to web hacking, CEHs should be prepared to know programming languages such as HTML, JavaScript, SQL, PHP, and Perl.
  • When it comes to explicit writing (i.e. advanced hacking), CEHs need to be familiar with Python, Ruby, Java, and LISP.
  • When it comes to reverse engineering (aka back engineering), CEHs must know assembly language.

If you can get a handle on the skills above, you’ll be better at shoring up defenses against black hat hackers and advancing your career as an ethical hacker.

How Much Does an Ethical Hacker Get Paid in the US?

The average salary for a certified ethical hacker in the US is $109,468 per year. That’s $9,122 per month, $2,105 per week, and $53 per hour!

The top 4% of ethical hackers make $219,500, the 75th percentile earns $132,000, and the 25th percentile earns $80,500.

Needless to say, ethical hackers have a lot of earning potential, and it’s not hard for them to break into six-digit figures. If you want to make money in the information security (IS) industry, becoming an ethical hacker is a great way to do it.

How Much Does an Ethical Hacker Get Paid in Europe?

According to, the salary for ethical hackers in Europe starts at an average of 30,000 Euros per year. However, specialized ethical hackers can make up to 70,000 Euros! That’s more than the highest average annual wages in most European countries.

Whether you’re from the UK, Germany, or another European country, becoming an ethical hacker is a great way to boost your salary.

Career & Future Scope of CEH

So what does the future look like for Certified Ethical Hackers?

According to the US Bureau of Labor Statistics (BLS), jobs for information security analysts are expected to grow by 33% between 2020 and 2030 (much faster than the average job growth), and that includes ethical hackers. Plus, there were 141,200 jobs for information security analysts in 2020.

Ethical hackers are needed across many industries, including government, healthcare, banking, and more. As businesses rely more and more on digital networks, the risk of cyber attacks grow, which means there will be more need for ethical hackers to help protect businesses. In other words, the job opportunities and the job stability for ethical hackers are phenomenal.

Ethical hackers can carry a variety of job titles depending on what they specialize in and the organization they choose to work for. Here are some of the most common job roles that CEH Certificate holders take on:

  • Cybersecurity Auditor—This person reviews security controls and information systems and tests the effectiveness of their cybersecurity defenses.
  • System Security Administrator—This person is responsible for installing, administrating, and troubleshooting all aspects of a company’s information security and virtual data resources, whether for desktops, mobile devices, or network security.
  • Cyber Defense Analyst—This person analyzes security events to determine risk and how to mitigate security threats.
  • Vulnerability Assessment Analyst—This person assesses systems and networks to identify where they may be vulnerable to cyber threats.
  • Warning Analyst—This person develops indicators to stay aware of cyber threats in dynamic environments.
  • Network Security Engineer—This person protects systems from cyber threats by identifying existing security issues and installing safeguards to prevent future threats.
  • Security Operations Center (SOC) Security Analyst—This person is a first responder to cyber incidents. They report incidents and implement changes to protect the company.
  • Security Consultant—This person identifies vulnerabilities in a company’s computer systems, software, and networks and advises on how to fix them.
  • Ethical Hacker—An ethical hacker tries to penetrate an organization’s computer systems and networks to detect vulnerabilities to be fixed.
  • Information Security Manager—This person oversees information technology (IT) and IT workers tasked with handling the company’s digital security.
  • Penetration Tester—This person (aka a pen tester) performs simulated cyberattacks on a company’s computer networks and systems to identify security vulnerabilities.
  • Solutions Architect—This person creates technical solutions to business problems of all types. They design, pitch, and manage the solution from start to finish.
  • Security Compliance Analyst—This person helps a company stay compliant with security regulations and prepares them for audits.

If you’re interested in one of these information security (IS) roles, getting the CEH Certificate can help you get there. Prepare to earn the CEH certification today by enrolling in the CEH course by Readynez.

You can sign up for the virtual version for $3,290 or the classroom version for $4,590. Both last only five days and come with all course materials, an exam voucher, and a certification guarantee. Contact us today to learn more!

Two people monitoring systems for security breaches

Unlimited Security Training

Get Unlimited access to ALL the LIVE Instructor-led Security courses you want - all for the price of less than one course. 

  • 60+ LIVE Instructor-led courses
  • Money-back Guarantee
  • Trained 50,000+ IT Pro's



Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}