CEH vs. OSCP: A Modern Analysis for the Career-minded Professional

December 13, 2016 | Views: 41139

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Rising to the surface in a sea of cybersecurity hiring candidates demands more than mere skill. Employers demand stronger assurances, and the best guarantees of employee talent come in the form of certifications.Choosing between obtaining Certified Ethical Hacker and Offensive Security Certified Professional credentials may seem difficult to the uninitiated. Here’s some vital clarification on which certs will help you outswim your professional peers.

What Is CEH?

Certified Ethical Hacker certifications are designed for those who want to demonstrate their proficiency at identifying weaknesses and vulnerabilities in networks and systems. These vendor-neutral certifications cover a number of topics relevant to penetration testing.

Prerequisites

You can take the CEH exam after you attend official training and demonstrate your experience in at least three of the five Certified Chief Information Security Officer, or CCISO, eligibility criteria. For most people, this amounts to having no less than two years’ worth of job experience. Alternatively, you can prove that you possess five years of information security experience in all five of the CCISO domains. In both cases, applying to obtain such proof from the EC-Council may take as long as six weeks.

If you completed your coursework online, you’ll need to provide your completion certificates to the EC-Council. Your CEH exam cost includes the cost of your training, which may vary, but the application is usually a nonrefundable $100.

After your application gets approved, you’ll have three months to purchase a test voucher. The CEH exam cost for the test itself is around $500.

Exam Requirements

Your exam will consist of a four-hour, multiple-choice test with 125 questions. To pass, you must earn a score of at least 70 percent.

 

What Is OSCP?

This ethical hacking certification focuses on common penetration-testing methodologies. It’s infamous for its rigorous, 24-hour exam.

Prerequisites

This certification complements a mandatory training course called Penetration Testing with Kali Linux. You should be able to write scripts and tools for penetration testing, bypass firewalls with tunneling techniques, identify and exploit web application vulnerabilities like XSS and SQL injection, and conduct attacks from the client side and remotely. Many of these topics will be covered in the class, but most people agree that going in with solid experience in Linux and TCP/IP is a must.

Exam Requirements

This certification is hands on. In other words, you can’t obtain it without passing an intense practical challenge.

For the exam, you’ll be granted access to an unfamiliar network and given 24 hours to prove that you’ve completed a given set of penetration tests, successfully penetrated systems and correctly documented your progress. Most students find out how they performed within three days of completing the test.

How Do the Certifications Differ?

Offensive Security Certified Professional holders don’t need recertification, but those who complete Certified Ethical Hacker Training and testing must recertify every three years. While this might seem like an inconvenience, the fact that you have to keep your knowledge current may ultimately make you appear more hirable. It’s also important to note that Certified Ethical Hacker training and credentialing are generally more affordable.

Career Outlooks

Certified Ethical Hacker accreditation is accepted by the U.S. government, and some Department of Defense jobs actually require it as per DoD 8750 Baseline Certifications. Even though Offensive Security Certified Professional is a rigorous certification, having it may not help you land a government job.

Salaries and Job Markets

Both of these certifications can help you become a penetration tester, security engineer, information security analyst or security consultant. Salaries for these jobs ranged widely.

Is one certification going to earn you more during your professional lifetime? According to PayScale, in late 2016, Certified Ethical Hackers earned average salaries of around $76,855, and many enjoyed hefty bonuses, profit sharing options and upward mobility. OSCP holders earned slightly more on average, but their salaries also varied more widely along with their job titles.

Choosing Your Certification

Both of these certifications are highly valued by modern employers. Many professionals even hold both certifications or combine them with other credentials, like CISSP and CompTIA’s Security+.

Of course, there’s no substitute for having a packed resume and actual job experience. Still, completing your Certified Ethical Hacker training can definitely help you keep your head above water at interviews, especially if you’re new to penetration testing.

 

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
20 Comments
  1. So in rebuttal to this article, everyone should remember that the CEH is an entry level certification, the OSCP is not. In reality these shouldn’t be compared, it should be a progression with CEH being early in your security career, and OSCP when/if you move more towards hands on pentesting. CEH will NOT get you a pentesting job as the article hints, OSCP might.

    The first thing I will point out is that the author does not seem to have first hand knowledge of either certification, and did a poor job with searching for the information. First they talk about the CEH, link to a random training company and not the EC-Council website, then go on to describe the application process for the CCISO certification, not the CEH certification. You must either take an approved training course, or have two years of general IT security experience, not specific to any domain.

    The following statement is incorrect, “Certified Ethical Hacker certifications are designed for those who want to demonstrate their proficiency at identifying weaknesses and vulnerabilities in networks and systems.” is incorrect.

    The CEH training and exam will give you a basic understanding of the different attacks that are possible on a network. It’s also referred to as the “tour of tools” by the industry because it will go over an excessive about of attack tools and their switches, but does a poor job of teaching the underlying concepts and why the attacks work the way they do. The exam is heavily focused on memorization of the tools and their switches.

    About the paragraph: “How Do the Certifications Differ?”

    It’s true that OSCP does not have a recertification requirement and the CEH does require maintenance fees to be paid and continuing education units (CEU’s) to be earned. This however does not equate to having more knowledge or being more hire-able. In contrast in order for someone to obtain the OSCP certification they must have exponentially more knowledge to begin with than is required to obtain the CEH. Also, having demonstrated this knowledge through a hands on exam versus a multiple choice exam means that they are much more likely to be able to perform in the job role, and ultimately more “hire-able” than someone with CEH.

    As for a comparison of the cost of the certifications, this article is in direct contradiction with itself. It states that for CEH you must either already have the years of experience, or pay to take the training. The average training cost is around $1,200. On top of that you must pay the application fee of $100, and the test fee of $500. That’s a minimum of $600 if you already have experience, $1800 if you don’t. Then you must add the maintenance fees of $80 every three years to the cost. Recertification attempts are $500/each if you fail the first time.

    The OSCP cost is $800 for the 30 days of training option and includes the exam, there are no other fees unless you want a longer training time. There’s no renewal fee. Recertification attempts are $60/each if you fail the first time.

    Clearly the OSCP training and certification is more affordable.

    For job outlook, while CEH is a baseline certification for certain government positions, anyone holding an OSCP certification can easily obtain CEH, and hiring managers understand this. Typically for those positions candidates are given 6 months from hire to meet certification requirements, if given the choice I don’t know of a hiring manager that wouldn’t prefer the OSCP candidate, and have him obtain the CEH within the 6 month time frame.

    OSCP site: https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/

    EC-Council site: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/

    Eligibility requirements: https://cert.eccouncil.org/application-process-eligibility.html#ceh

  2. Nice Article (y)

  3. Hello JNOX,

    Despite some of the unprofessional comments it is a good thing that you are seeking knowledge! Yes, some of the posters are right about the CEH and its standing within the broader security practitioners thoughts. Many who have been in security for years scoff at the CEH and any certs provided by EC Council. I used the CEH as a method of entering the field, learning some of the basics and how they are applied to security as a whole and then expanding upon it with practical experience! Many employers do look at certifications, such as DOD, which does recognize the CEH, so it is something that you can’t just ignore and look down your nose at it! I know in my role as an interviewer I am interested in certifications, not as a sign of experience, but of interest and drive to learn. I am more interested in finding out what your skills actually are, beyond the certs. To get a job on my team you have to pass a practical examination and a writing test. We do check out your certs, but they aren’t the final proof of whether you would be a good employee. There are many “cert hounds” out there, those who pile on the certs and have a string of letters after their name longer than many physicians, but when the rubber meets the road, means absolutely nothing! Get your feet wet, set up a home lab, practice, practice and practice again! I think the CEH is a good entry level cert, showing your interest and drive, but remember to always move onwards and upwards!

    • @JNOX
      I appreciate your comment! I recently got my CEH and CHFI from Ec-Council, assuming they were going to go a long way in furthering my job advancement capabilities…but, right after taking the exam, I was left disappointed. Not to say the certification is worthless, but it was all theory not requiring any hands-on. I’m glad I got it, but it/they are certainly only a stepping stone to greater certs/knowledge…not that I was planning on stopping there, but knowing that I NEED to get more before advancing is disappointing.

  4. All this talk about CEH certification and paired with the picture, its like a digital James Bond but instead would be called…Hacker, Ethical Hacker! 😀 “Give me a dirty malware-tini, shaken not stirred” 😀

    So, just so that I understand this correctly, would it be accurate to say that the CEH certification, the OSCP certification, and the CPT certification really just depend on which sector you are trying to work in? (e.g.-like government or private) By the way, not a vet. so please don’t ‘bite my head off’, I’m curious to learn, as one-day I hope to obtain a certification in the Pen-testing area (or Ethical Hacker, whichever term suits your fancy 😀 )

Page 2 of 3«123»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel