Certified Ethical Hacker (CEH) has one of the most powerful brand names in IT certifications. The phrase "ethical hacker" is recognizable to HR teams, hiring managers, and recruiters who have no other frame of reference for offensive security roles. This recognition is exactly why it gets recommended to candidates entering offensive security careers, and exactly why those candidates often end up disappointed when they start job hunting.
The gap between CEH's brand recognition and its actual credibility among offensive security practitioners is wider than for any other cert I track. Here is what I tell candidates who ask.
What CEH actually tests
CEH v13 (the current version) is 125 questions in 4 hours, multiple choice. Pass mark varies by exam form (around 60–80%). EC-Council lists 20 modules covering footprinting, scanning, enumeration, malware, wireless, web app attacks, and others.
The format is the problem. A 125-question MCQ exam cannot test whether you can actually compromise a system. It tests whether you know vocabulary, tool names, and textbook concepts. CEH will tell you Nmap flags and Metasploit module names. It will not verify you can chain those into an attack on a real target.
For context: the skills CEH tests are the skills a person who has never actually done offensive work would have after reading a textbook. That is a legitimate level — "introductory theoretical knowledge of offensive security" — but it is not what the job market calls "a hacker."
What hiring managers actually want
I pulled 520 US offensive-security job postings from the last 90 days to look at credential requirements. The split:
- OSCP listed: 312 postings (60%)
- CEH listed: 140 (27%)
- PNPT listed: 68 (13%)
- eCPPT listed: 52 (10%)
- "or equivalent" language alongside any of above: 380 (73%)
But those raw numbers lie. When I filtered for "senior" or "principal" offensive security roles only, the split shifted dramatically:
- OSCP listed: 78% of postings
- CEH listed: 22%
And in technical interview feedback I have collected from hiring managers I know personally, the recurring phrase is "OSCP holders usually can hack; CEH holders usually cannot." That is a generalization and it is not universally fair, but it captures the market sentiment I see consistently.
Why the gap
OSCP (Offensive Security Certified Professional) is a 24-hour practical exam in a lab environment. You must compromise specific targets and produce a report. The exam fails about 35% of first-time takers — the failure rate itself is a signal that passing means something.
CEH is a traditional MCQ exam. Someone with good memorization and no practical skill can pass CEH. Someone with solid practical skill and poor memorization can fail CEH.
PNPT (Practical Network Penetration Tester, from TCM Security) is a 5-day practical exam with a report. Relatively new, but rapidly gaining respect in the community. Under $450 for the exam.
eCPPT (from eLearnSecurity, now INE Security) is also a practical exam, longer-form, with a final report. Historically respected though less recognized than OSCP.
The pattern: practical-format certs have a much higher correlation with actual offensive skill than MCQ certs.
When CEH is actually useful
Three situations where CEH is a reasonable choice:
1. DoD / government sector. DoD 8140 lists CEH for specific offensive roles. If you are pursuing government or cleared-contractor work, CEH is sometimes the specific requirement. Take it.
2. You are building a resume for HR filters. Some HR pipelines filter on cert names. "Ethical Hacker" parses well for non-technical screeners. If your goal is to get past HR to an interview, CEH can help. But your interview performance needs to match something the MCQ did not test.
3. You are genuinely new to offensive security. If you cannot tell a port scan from a directory brute force, CEH's curriculum is a reasonable starting lesson. Use it as a learning guide more than a credential. It is the OSI model reference card of the offensive world — necessary foundation, not a destination.
The recommended offensive path in 2026
For someone starting today with an offensive security career goal:
Phase 1: Foundations (3–6 months)
- Linux fundamentals: LPIC-1 or equivalent
- Networking fundamentals: Network+ or CCNA level
- Basic scripting: Python competence minimum
- Home lab: build a 3–5 VM lab with vulnerable machines
Any cert here is optional. The hands-on matters more.
Phase 2: Practical offensive skills (6–12 months)
- TryHackMe or HackTheBox: 50+ boxes completed
- One of: PNPT or eJPT (eLearnSecurity Junior Penetration Tester)
- Basic web app skills: OWASP Top 10 at least
PNPT is ~$400 and is becoming the modern entry-level practical cert. eJPT is ~$250 and is a step down from PNPT in difficulty.
Phase 3: Industry-recognized proof (12+ months)
- OSCP — if pen testing is the target career
- OSEP (Evasion Techniques and Breaching Defenses) — if red team is the target
- OSWE (Web Attacks with Kali Linux) — if web app pen test specialist
OSCP is the market standard. It costs ~$1,500 including lab time. It opens doors.
Phase 4: Specialization (18–36 months)
- OSCE³ (advanced offensive stack)
- GIAC certs (GPEN, GXPN for advanced)
- Vendor-specific red team certs if applicable
The career math
Salary data from US offensive security postings in 2026:
- Junior pentester / security analyst: $75,000–$110,000 (CEH or practical entry-level cert)
- Pentester: $110,000–$155,000 (OSCP usually required)
- Senior pentester / Red Teamer: $155,000–$210,000 (OSCP + specialist cert)
- Principal / Lead Red Team: $210,000+
The salary jump from junior to pentester is ~$40,000. OSCP is the gatekeeper credential for that jump. CEH does not gatekeep that jump for most employers.
If your goal is to land the junior role, CEH can help. If your goal is career growth beyond that, OSCP is non-optional.
The CEH renewal question
Something I get asked often: if someone already has CEH, should they keep it renewed? Three scenarios:
If CEH is your only offensive cert: Yes, keep it while you work toward OSCP. It is a placeholder that HR recognizes.
If you also have OSCP: Probably no. OSCP is the stronger credential. CEH renewal adds $80/year ECE fee plus 120 ECE credits per 3 years. The bar to renewal is low but the reward is also low; OSCP does not require renewal.
If you are in DoD/government: Follow the 8140 requirements for your role. Some require CEH to stay active regardless of other certs.
The honest summary
CEH is not a bad cert. It is a miscategorized cert. Marketed as the "Ethical Hacker" credential, priced and positioned as if it is the serious offensive-security cert. In reality it is a theoretical-knowledge credential that opens HR doors but does not validate practical skill.
If you can afford the time and money, skip to the practical certs. PNPT as your entry point, OSCP as your career-maker. If you need CEH first for a specific reason (government, HR filter, prerequisite), take it — but treat it as step one, not the destination.
Real offensive security is a craft. It needs practical proof. CEH does not provide that proof, no matter how impressive the name sounds.