What Is a Certified Ethical Hacker?

Key takeaways

A certified ethical hacker (CEH) is a specialized cybersecurity role and credential you can earn through the EC-Council.

• The CEH certification validates your ability to simulate cyber attacks and test system defenses.

• It’s especially valuable for professionals transitioning from roles like IT auditor, system admin, or security analyst.

• You can qualify for roles like penetration tester, security consultant, or vulnerability analyst after earning your CEH.

Studying for and earning a CEH designation can also strengthen your expertise. Use this article to learn what you'll need to pass the CEH exam and compare career options in the field that value this credential. If you're ready to start earning credentials right away, you can master core ethical hacking methodologies and earn a certificate in as little as one month with IBM's Ethical Hacking with Open Source Tools Professional Certificate program. You'll practice performing penetration testing, reporting, and executing simulated attacks using the Metasploit framework.

Are Certified Ethical Hackers in demand?

According to Statista, by 2028, it is estimated that these crimes might cost the global economy $13.82 billion [1]. Because of this upward trend, you can probably expect an increase in job opportunities for professionals with this credential.

What is a certified ethical hacker (CEH)?

A certified ethical hacker (CEH) is a cybersecurity professional who has acquired credentials from an official entity. Earning an ethical hacking certification demonstrates your ability to simulate a malicious hacker to identify vulnerabilities in a computer network or system. It's a great way to transition into white hat hacking from a related role, such as security officer or auditor.

Certified ethical hacker certification

The Certified Ethical Hacker certification is offered by EC-Council, or, the International Council of E-Commerce Consultants. The most recent version of this exam is v13, or CEH AI. It incorporates working with advancements in artificial intelligence (AI) technology and AI in cybersecurity.

How much is the certified ethical hacker exam?

If you're interested in this certification, you have options ranging from $1,699-3,499. If you're looking for a cost-effective alternative or to obtain additional training before you pursue the CEH, you can also earn a certificate from EC-Council by completing their online course, Ethical Hacking Essentials (EHE), which is part of their five-month Cybersecurity Attack and Defense Specialization. Both options are available to take at your own pace with a Coursera Plus subscription.

Read more: 4 Ethical Hacking Certifications to Boost Your Career

Certified ethical hacker salary

Acquiring this certification may help you boost your salary potential. According to Glassdoor, certified ethical hackers in the US make an average annual salary of $136,000 [3]. By gaining the certified ethical hacker credential, you tend to earn more than peers working in this same sector of the economy. 

Read more: Ethical Hacker Salary (2025): What You'll Make and Why

How to become a certified ethical hacker

The EC-Council doesn’t list having a degree as a criterion for taking the certification exam. To be eligible, you must attend the EC-Council’s Official Network Security Training or have at least two years of experience working within information security. 

Although you don’t need a degree to get certified, employers may look for candidates with a degree in computer science or a related field. According to Zippia, 44 percent of ethical hackers have a bachelor's degree, 28 percent have a high school diploma, and 9 percent have an associate degree [4]. The most common majors for ethical hackers are computer science and computer engineering.

Necessary ethical hacking skills

Each role and organization may have differing skill concentrations, however, the following skills are required of most ethical hackers and are likely to be utilized in ethical hacking exams:

• A solid foundation in networking and knowledge of computer systems

• A strong comprehension of the latest security protocols for popular operating systems, including macOS, Windows, and Linux

• The ability to scan servers, remote devices, and other network components to test and assess vulnerabilities

• Knowing how to perform countermeasures to prevent, correct, and protect systems and networks from malicious attacks

• Being able to crack different types of passwords

• Knowledge of how to erase the digital evidence of system and network intrusions

• Proficiency in cryptography and encryption techniques

• Display professional conduct and follow the certified ethical hacker code of ethics

• Knowledge of the everyday and emerging cyber threats, including identity theft, phishing, and social engineering, along with how to evade or counter them

Certified ethical hacker eligibility requirements

To qualify for the CEH exam, candidates must either complete official EC-Council training or have at least two years of professional experience in an information security role, with proof required during the application process for those not attending training.

What jobs can you get with a certified ethical hacker (CEH) credential?

Aside from being an ethical hacker or white hat hacker, becoming a CEH can be valuable expertise for a wide range of cybersecurity jobs. The following list outlines six careers that can benefit from ethical hacking skills and credentials.

1. Cloud engineer

Average annual salary (US): $149,000 [5]

Requirements: Bachelor’s degree in a field connected to information technology, such as computer security or computer science

This position is in demand as many businesses move to the cloud and need skilled professionals to support that transition. As a cloud engineer, you'll configure and protect an organization's cloud infrastructure from cyber attacks, create cloud-based applications, and manage databases. 

Read more: What Is a Cloud Engineer? Building and Maintaining the Cloud

2. Network security engineer

Average annual salary (US): $161,000 [6]

Requirements: Bachelor’s degree in computer science or programming 

As a network security engineer, you'll be tasked with monitoring systems for security breaches such as malware and hacking attempts. Additionally, you’ll need to spot current issues with the system and construct safeguards to prevent possible threats. Other responsibilities can include testing hardware and software systems.

Read more: What Is a Network Security Engineer’s Salary?

3. Penetration tester

Average annual salary (US): $152,000 [7]

Requirements: Bachelor’s degree in computer science, information technology, or cybersecurity and information assurance

Penetration testers improve an organization's cybersecurity by attacking its existing systems and networks to identify gaps vulnerable to hackers. You'll work within one facet of the ethical hacking umbrella by locating security issues and documenting all your actions.

Read more: What Are the Different Types of Penetration Testing?

4. Information security analyst

Average annual salary (US): $136,000 [8]

Requirements: Bachelor’s degree in a computer-science related field as well as work experience. Certain employers may prefer you have a professional certification.

As an information security analyst, you'll safeguard computer systems, networks, and databases from data breaches and cyberattacks. You’ll plan and execute strategies to protect sensitive information and data in a variety of ways, including ensuring adherence to compliance requirements, collaborating with teams across the company, and staying up to date with evolving threats and cyberattack trends. You might work in various fields, from consulting to finance to technology. 

Read more: How to Become an Information Security Analyst: Salary, Skills, and More

5. Security consultant

Average annual salary (US): $128,000 [9]

Requirements: Bachelor’s degree in computer science, information security, or cybersecurity

As a security consultant, you’ll work to protect your clients' systems, networks, and software from cyberattacks and breaches. You will typically work in multiple departments throughout your organization because you'll be responsible for a vast amount of data. Though your responsibilities can vary depending on your company, some of your responsibilities include performing security assessments, presenting recommendations for strengthening a system and training others in security awareness.  

Read more: What Is a Cybersecurity Consultant? (And How to Become One)

6. Information security manager 

Average annual salary (US): $186,000 [10]

Requirements: Bachelor’s degree in computer science, information technology, or cybersecurity

As an information security manager, your organization may task you with addressing security breaches, implementing security strategies, and training employees. You'll also mentor and guide team members, assign tasks, and make hiring decisions. 

Other ethical hacking credentials

If you're considering a certified ethical hacker role, you might start by earning your bachelor's degree in computer science and information technology with a concentration in cybersecurity and ethical hacking or computer engineering. Some common areas of knowledge to help prepare you for your career goals in this field include:

• Programming

• Network protocols

• Cryptography

• Reverse engineering

• Technical hacking abilities

Read more: Your Guide to Cybersecurity Careers

Degree alternatives

Like other computer-related fields, you may be able to begin your career by attending a cybersecurity boot camp instead of or in addition to earning a degree. Boot camps are typically intense and held for short periods, often between 12 and 14 weeks. They can help you gain skills in identifying and preventing data breaches and resolving cybersecurity issues. Depending on the program, taking an online course to familiarize yourself with cybersecurity might be helpful before starting a boot camp. 

Read more: Is Cybersecurity Hard to Learn? 9 Tips for Success

Different types of hackers

Ethical hackers are only one of five types of hackers, which also include black, gray, green, blue, and red hat hackers. At its core, ethical hacking is the authorized attempt to break into a company or organization’s computer system or network to find weaknesses that cybercriminals could exploit, but several types of hackers operate other than ethical ones. To know the differences between these, you’ll need to understand the motivations, strategies, and methods that those with malicious intent might use. 

1. Black hat 

These are the “bad guys” that you’ll be working against. Black hat hackers illegally break into the systems and networks of their victims with the intent to steal or destroy data, disrupt their operations, conduct espionage, or engage in mischief. When you work on the ethical hacking side of things, it’s critical to be able to think like a black hat so you can outsmart them. 

2. White hat 

As a certified ethical hacker, you might most commonly identify with the white hat hacker. This is a hired cybersecurity professional who finds vulnerabilities in networks and systems. If you work as a white hat hacker, you'll also report your findings and help secure weaknesses.

3. Gray hat

If you're a gray-hat hacker, you combine both black-hat and white-hat traits by probing systems and networks to find vulnerabilities without the intent to harm and without the owner's permission or knowledge. 

Gray hat hackers typically report what they find and offer to fix problems for a fee. As a certified ethical hacker, this would go against one of the important tenets of your code of ethics—to only engage in authorized penetration testing activities. 

4. Green hat

Green hat hackers are amateurs without any training, education, or advanced skills. As a certified ethical hacker, this category doesn't apply to you, but it's useful to know that these hackers do exist, and they're often eager to gain more advanced skills and get more involved.

5. Blue hat

Typically, two main types of blue hat hackers exist. The first is a hacker looking to get revenge for reasons not related to criminal activity. The second type is more positive since you could potentially work as one—a cybersecurity professional contracted by a company to assess its software for possible vulnerabilities.

6. Red hat

Red hat hackers are widely viewed as vigilantes in the hacking world. They focus on reporting black hats or even destroying their computers or shutting them down. As a certified ethical hacker, you wouldn’t work as a red hat because you could go against part of the code of ethics you need to follow as part of your credentials. 

Explore our free cybersecurity resources

Keep your finger on the pulse by subscribing to Coursera's LinkedIn newsletter, Career Chat. We explore industry trends, transferable skills, and more.

• Visualize your career pathway with the Cybersecurity Career Progression: Job Levels & Skills to Advance tool

• Hear from a learner like you and check out How This Self-Taught Web Developer Went Straight to a Master's Degree.

• Bookmark this Cybersecurity Glossary: Key Terms & Definitions for quick reference

Whether you want to develop a new skill, get comfortable with an in-demand technology, or advance your abilities, keep growing with a Coursera Plus subscription. You’ll get access to over 10,000 flexible courses. 

Build job-ready skills with Coursera Plus

Start 7-day free trial

• 
• 
• 
• 

Start 7-day free trial