CEH (Certified Ethical Hacker) v13: Is It Worth It in 2026?
Updated: June 2026 · Read time: 11 min · Level: Intermediate
CEH is one of the most recognized names in cybersecurity certs — and one of the most debated. It's great at getting your resume noticed and meets several government requirements, but it's expensive and mostly multiple-choice, which frustrates people expecting a hands-on hacking exam. Here's an honest look at what CEH v13 is, what it costs, and who should actually get it.
CEH at a glance
| Full name | Certified Ethical Hacker |
| Current version | CEH v13 (adds AI-driven hacking topics) |
| Provider | EC-Council |
| Exam format | 125 multiple-choice questions |
| Time | 4 hours |
| Passing score | No single fixed score — cut scores range ~60%–85% by exam form |
| Cost | ~$950–$1,199 voucher (varies by channel) + $100 eligibility fee if self-studying |
| Eligibility | Official training or 2 years infosec experience (see below) |
| Valid for | 3 years (renew with 120 ECE credits) |
| Level | Intermediate — not an absolute-beginner first cert |
⚠️ EC-Council pricing and exam rules change and are often bundled with training. Confirm everything on the official EC-Council CEH page before you commit.
Is CEH worth it? The honest take
Where CEH genuinely helps:
- Name recognition. HR and recruiters know "Certified Ethical Hacker." It's one of the few security certs non-technical screeners recognize, which helps your resume get through filters.
- Government / DoD roles. CEH is approved under the DoD 8140 (formerly 8570) framework for several roles, so it's valuable for US government and defense-contractor jobs that require it by name.
- Broad coverage. It walks you through the full attacker playbook — recon, scanning, exploitation, malware, web attacks, wireless, cloud, and more — giving you a wide mental map of offensive techniques (now including AI-assisted attacks in v13).
Where CEH disappoints people:
- It's mostly multiple-choice. The core CEH exam tests knowledge, not hands-on skill. If you want to prove you can hack, a practical cert like OSCP carries more weight with technical interviewers.
- It's expensive. Between the voucher, eligibility/training, and renewal, CEH is one of the pricier mid-level certs.
- Depth vs. breadth. It covers a lot, but not deeply. It's a "mile wide, inch deep" credential.
Bottom line: CEH is worth it if you want a recognized knowledge credential — especially for SOC/blue-team or government roles that ask for it. If your goal is hands-on offensive security, treat CEH as a complement to (or skip it for) a practical cert. (Deeper dive: Is CEH worth it?)
Who should take CEH
- Security analysts / SOC staff who want to understand attacker techniques to defend better.
- People targeting government / DoD roles that list CEH as an approved baseline.
- IT pros moving toward security who already have fundamentals and want a recognized next step.
- Career changers aiming at "ethical hacking" roles — though you should pair it with hands-on practice.
Not ideal as a first cert. CEH assumes networking and security fundamentals. Most people do Security+ (or equivalent knowledge) first, then CEH.
The two CEH eligibility paths (this trips people up)
Unlike Security+, you can't just buy a CEH voucher and book it. There are two routes:
Path 1 — Official training (most beginners). Complete EC-Council's official course (or an authorized partner using official content). This makes you eligible to sit the exam with no experience requirement, and the exam voucher is usually bundled with the training.
Path 2 — Self-study + eligibility application. Skip official training and "challenge" the exam, but you must:
- Pay a $100 non-refundable application fee,
- Prove at least 2 years of information-security work experience, and
- Provide professional references.
Approved applications are valid for 3 months (you must buy a voucher in that window), and vouchers are valid for 1 year.
💡 If you already have 2+ years in security and just want the cert, Path 2 is cheaper than paying for official training. If you're newer or want structured prep, Path 1 is simpler.
What CEH covers
CEH is organized into 20 modules that follow the phases of an attack. v13 threads AI-driven techniques throughout. At a high level:
- Reconnaissance & footprinting, scanning, enumeration
- Vulnerability analysis, system hacking
- Malware (trojans, viruses, worms), sniffing, social engineering
- Denial-of-service, session hijacking
- Evading IDS, firewalls, and honeypots
- Hacking web servers and web apps, SQL injection
- Wireless, mobile, IoT/OT, cloud hacking
- Cryptography
📋 EC-Council publishes the official exam blueprint with the exact domains and weightings — use it as your checklist and confirm the current version before studying.
Exam format, cost & renewal
The exam. The core CEH is 125 multiple-choice questions in 4 hours. There's no single passing score — EC-Council uses multiple exam forms, and the cut score varies roughly 60%–85% depending on which form you get (a scaled approach to keep difficulty fair).
CEH Practical & Master. Separately, the optional CEH Practical is a 6-hour, hands-on exam (real challenges in a lab). Pass both the knowledge exam and the Practical and you earn CEH Master — a much stronger signal of actual skill than the MCQ exam alone.
Cost. Plan for roughly $950–$1,199 for the voucher (remote proctoring through EC-Council tends to be cheaper than a Pearson VUE test center), plus the $100 eligibility fee if you self-study, and more if you buy official training. EC-Council pricing is opaque and bundle-heavy — get a current quote directly from them. Full itemized breakdown (vouchers, retakes, training, renewal): CEH exam cost.
Renewal. CEH lasts 3 years. You renew by earning 120 ECE credits over the cycle and paying the annual fee (about $80/year) — no need to re-sit the exam.
CEH vs Security+
| Security+ | CEH | |
|---|---|---|
| Provider | CompTIA | EC-Council |
| Level | Entry | Intermediate |
| Focus | Broad defensive security | Offensive techniques (knowledge) |
| Cost | ~$425 | ~$950–$1,199 (+ fees) |
| Format | Up to 90 Q (MC + performance-based) | 125 MC questions |
| Eligibility | None | Training or 2 yrs experience |
| DoD 8140 baseline | Yes | Yes (certain roles) |
Which first? For almost everyone breaking in, Security+ first — it's cheaper, has no eligibility hurdles, and is the standard entry-level credential. Add CEH later if you're moving toward offensive-security awareness or a role that specifically requires it. Full breakdown: CEH vs Security+ · or start with the Security+ guide.
FAQ
Is CEH worth it in 2026? For recognized, resume-friendly knowledge and government/DoD roles, yes. For proving hands-on hacking skill, a practical cert like OSCP carries more weight. CEH is a knowledge credential, not proof you can hack.
What are the CEH eligibility requirements? Either complete official EC-Council training (no experience needed), or self-study and apply for eligibility with a $100 fee, proof of 2 years infosec experience, and references.
How much does CEH cost? Roughly $950–$1,199 for the voucher (channel-dependent), plus a $100 eligibility fee if self-studying, and more for training bundles. Confirm with EC-Council — pricing is opaque.
What is the CEH exam format and passing score? 125 multiple-choice questions in 4 hours; the cut score varies ~60%–85% by exam form. An optional 6-hour CEH Practical exists, and passing both earns CEH Master.
How long is CEH valid and how do I renew it? Three years; renew with 120 ECE credits over the cycle plus an annual fee (~$80/year).
CEH vs Security+: which first? Security+ first for most people — cheaper, no eligibility hurdles, entry-level standard. CEH comes after, for offensive awareness or roles that require it.
→ CEH cluster: CEH vs Security+ · Is CEH worth it? · CEH salary · CEH exam cost
→ Related: Security+ (SY0-701) guide · Security+ vs Google Cybersecurity Certificate
Figures are from EC-Council and public sources (2026) and change often; EC-Council pricing is bundle-dependent. Confirm current cost, eligibility, and exam details on the official EC-Council site before you commit.