The word “Hacker” was not always considered a bad word, rather the word evolved with time due to bad hackers. Despite how oxymoronic the term “ethical hacker” may seem, the Certified Ethical Hacker credential is no joke.

Certified Ethical Hacker (CEH) is a computer certification that is given to indicate that the holder is proficient in network security, especially in frustrating the efforts of black hat hackers through pre-emptive countermeasures. Malicious hacking is a crime under the laws of the United States and most countries, but in order to catch these malicious hackers, you have to know what they know. The CEH credential is a vendor-neutral certification for information technology professionals who wish to specialize in stopping and identifying malicious hackers by using the same knowledge and tools the criminals use.

Before this certification was introduced, private firms and government agencies usually hired reformed black hat hackers because they believed that they are their best bet for securing their network. In order to ensure that the students who pursue this certificate always use it for good, The CEH credential requires those who earn it to agree in writing to abide by the law and honor a code of ethics.

The certification is sponsored by the International Council of E-Commerce Consultants (EC-Council), a member-supported professional organization. Its main aim is to establish and maintain standards and credentials for ethical hacking as a profession and to educate IT professionals and the public on the role and value of such specialists. The EC-council does not just offer the CEH certification alone, it also offers other relevant certifications such as those for secure programming, e-business, and computer forensics jobs. Certification proficiency levels range from entry-level to consultant (independent contractor).

As security breaches continue to grow both in frequency and in the amount of damage they cause (according to Symantec, the average organization incurred $470,000 in losses from endpoint cyber-attacks in 2011), penetration testing is becoming increasingly important for organizations of all sizes. For IT professionals seeking to expand their knowledge in that area, the EC-Council’s Certified Ethical Hacker (CEH) credential offers a solid base of expertise.

How to Become a Certified Ethical Hacker

If you have at least 2 years of security-related job experience, then you can apply for approval to take the EC-Council exam. On the other hand, if you do not have this amount of experience (2 years), you will be required to attend training at an accredited training center, through an approved online program, or at an approved academic institution. These requirements prepare applicants for the exam and help screen out malicious hackers and hobbyists.

The particular path you will choose towards becoming an ethical hacker can depend on your level of knowledge and expertise in the IT industry. If you are a total novice to IT careers, then you may want to consider joining the army. The United States military provides a lot of IT opportunities and you even get paid for going to school; even if you enlist in a part-time branch such as the National Guard or Reserves. Military service also looks good to employers that require security clearances.

You will have to start your ethical career journey from the basis by first earning an A+ Certification and then getting a tech support position. After some experience and additional certification (Network+ or CCNA), you can then move up to a network support or admin role, and then to network engineer after a few years. Next, put some time into earning security certifications (Security+, CISSP, or TICSA) and find an information security position. While you’re there, try to concentrate on penetration testing–and get some experience with the tools of the trade. Then work towards the Certified Ethical Hacker (CEH) certification offered by the International Council of Electronic Commerce Consultants (EC-Council for short). At that point, you can start marketing yourself as an ethical hacker.

The price for the courseware for the 5 day certification course stands around $850. The application fee for those seeking to bypass the training course is $100, and the exam voucher price is $950.

The Certified Ethical Hacker Training Program prepares students to take the CEH 312-50 exam. The exam itself is made up of 18 modules covering 270 attack technologies and mimics real-life scenarios in 140 labs. The course is run on an intensive five-day schedule with training eight hours per day. The end goal is to train the students to not only be ready for the exam but to also be ready to face and surmount any penetration testing or ethical hacking scenarios that come their way in their IT security careers.

The 312-50 exam lasts for a duration of four hours and it is made up of 125 multiple-choice questions, and tests CEH candidates on the following 18 areas:

  • Introduction to ethical hacking
  • Foot printing and reconnaissance
  • Scanning networks
  • Enumeration
  • System hacking
  • Malware threats
  • Sniffing
  • Social engineering
  • Denial of service
  • Session hijacking
  • Hacking webservers
  • Hacking web applications
  • SQL injection
  • Hacking wireless networks
  • Hacking mobile platforms
  • Evading IDS, firewalls, and honeypots
  • Cloud computing
  • Cryptography

The career field of IT security has been on a rapid rise and the United States Bureau for Labor Statistics (BLS) projects job growth at a rate of 28 percent for the decade ending in 2026. This is far greater than job growth of 7 percent projected for all professions combined. According to the bureau, IT security analysts earned a minimum wage of $95,000 in 2017.

A lot of the jobs that most certified ethical hackers go for require extensive background checks or more rigid personnel security investigations (PSIs). Security clearances likely will be required at government agencies or private firms with government contracts.

In conclusion, always stay legal in all you do. It’s important never to engage in “black hat” hacking–that is, intruding or attacking anyone’s network without their full permission. Engaging in illegal activities, even if it doesn’t lead to a conviction, will likely kill your ethical hacking career. Many of the available jobs are with government-related organizations and require security clearances and polygraph testing. Even regular companies will perform at least a basic background check.

Ajaero Tony Martins