What is a Certified Ethical Hacker?
A Certified Ethical Hacker (CEH) is a computer certification that indicates proficiency in network security, especially in thwarting malicious hacking attacks through pre-emptive countermeasures. Malicious hacking is a felony in the U.S. and most other countries, but catching criminals requires the same technical skills that hackers possess.
About the CEH
The CEH credential is a vendor-neutral certification for information technology professionals who wish to specialize in stopping and identifying malicious hackers by using the same knowledge and tools the criminals use.
Even before the credential was introduced, private firms and government agencies were hiring reformed malicious hackers because they believed that was the best method for securing their networks. The CEH credential takes this a step further by requiring those who earn it to agree in writing to abide by the law and honor a code of ethics.
The credential is sponsored by the International Council of E-Commerce Consultants (EC-Council), a member-supported professional organization. Its goal, according to its website, is to establish and maintain standards and credentials for ethical hacking as a profession and to educate IT professionals and the public on the role and value of such specialists.
In addition to CEH certification, the EC-Council offers several other certifications relevant for network security jobs, as well as those for secure programming, e-business, and computer forensics jobs. Certification proficiency levels range from entry-level to consultant (independent contractor).
How to Become a CEH
Students who have a minimum of two years of security-related job experience can apply for approval to take the EC-Council exam. Those without two years of experience will be required to attend training at an accredited training center, through an approved online program, or at an approved academic institution. These requirements prepare applicants for the exam and help screen out malicious hackers and hobbyists.
As of 2018, the courseware price for the five-day certification course was $850. The application fee for those seeking to bypass the training course was $100, and the exam voucher price was $950.
Courses
A CEH Training Program prepares students to take the CEH 312-50 exam. The Onyx IT Group and Stormwind Studios offer a Certified Ethical Hacker online training course that will immerse students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The Circle of Excellence award recognizes StormWind’s ongoing commitment and significant contribution to the information security community by providing leading information security certification programs. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems.
Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student completes this online training course they will have knowledge and experience in Ethical Hacking.
The 312-50 exam lasts four hours, comprises 125 multiple-choice questions, and tests CEH candidates on the following 18 areas:
- Introduction to ethical hacking
- Footprinting and reconnaissance
- Scanning networks
- Enumeration
- System hacking
- Malware threats
- Sniffing
- Social engineering
- Denial of service
- Session hijacking
- Hacking webservers
- Hacking web applications
- SQL injection
- Hacking wireless networks
- Hacking mobile platforms
- Evading IDS, firewalls, and honeypots
- Cloud computing
- Cryptography
The Job Market
IT security is a fast-growing field, and the U.S. Bureau of Labor Statistics (BLS) projects job growth at a rate of 28 percent for the decade ending in 2026. This is far greater than job growth of 7 percent projected for all professions combined. The median annual wage for IT security analysts, as of 2017, was about $95,000, according to the BLS.
A quick search on Indeed shows that many security jobs require or recommend a CEH credential, so candidates who possess one will be more marketable.
Most jobs that CEH-credentialed professionals pursue put candidates through background checks or more rigid personnel security investigations (PSIs). Security clearances likely will be required at government agencies or private firms with government contracts.
Many of the high-profile stories about ethical hackers involve the biggest companies in technology. Companies like Apple, Google, and others will challenge ethical hackers to break their security measures in order to help them find weaknesses and to make their products safer. They often offer a lot of money to anyone who can find a weakness.
In 2016, Nimbus Hosting listed some of the more famous success stories of ethical hackers. Among them are examples of a security team offering a reward to anyone who could take over an iPhone or iPad, and an anonymous hacker who went by the name Pinkie Pie who helped identify a bug in Google Chrome. Not all of these examples involve professionals following the CEH-certification route, but they show the value companies place on hiring hackers to help shore up network security.
