Cybersecurity Credential Verification
How to Verify a CEH Certification
The CEH (Certified Ethical Hacker) is one of the most widely recognized penetration testing and ethical hacking certifications. EC-Council provides a public verification tool, but the ethical hacking certification landscape is crowded — understanding what the CEH actually represents (and how it compares to alternatives) matters for hiring.
Quick answer
Verify CEH credentials through EC-Council's Aspen member portal at aspen.eccouncil.org. Members can share a verification link from their Aspen profile. Alternatively, ask the candidate for their EC-Council member ID and verify directly. For a broader credential check, EC-Council also lists active certifications on their public-facing directory.
What the CEH certification is
The CEH is issued by EC-Council (International Council of E-Commerce Consultants) and covers ethical hacking methodologies, penetration testing techniques, network attack and defense, web application security, malware analysis, and social engineering. The curriculum spans 20 modules with a focus on attack tools and techniques used by malicious hackers.
To earn the CEH, candidates must:
- › Attend EC-Council training or have two years of information security experience to apply directly
- › Pass the CEH exam (125 multiple-choice questions, 4 hours)
- › Agree to EC-Council's Code of Ethics
The CEH is widely accepted in corporate security roles, government agencies, and compliance-driven environments. It is a recognized DoD 8570.01-M (DoD 8140) approved baseline certification for the CSSP (Cyber Security Service Provider) Analyst role.
How to verify CEH certification
Option 1: Aspen member portal (preferred)
Ask the candidate to log into their EC-Council Aspen account at aspen.eccouncil.org and share their certification verification link. This link generates a public-facing page showing their active certifications, member number, and certification expiration dates.
The shareable verification link is the most reliable method — it reflects the current status of the credential in real time.
Option 2: EC-Council certificate verification
EC-Council certificates contain a unique certificate number. This number can be entered at cert.eccouncil.org to confirm the certificate is authentic and has not been altered.
This method confirms the certificate is genuine but does not confirm current active status — a certificate can be authentic but the certification may have since lapsed.
Option 3: EC-Council public directory
EC-Council maintains a searchable member directory at eccouncil.org. Search by name to find active certified members. This reflects current certification status including EC-Council continuing education (ECE) credits and renewal standing.
CEH maintenance requirements
The CEH is valid for three years. Renewal requires:
| Requirement | Details |
|---|---|
| ECE credits | 120 ECE (EC-Council Continuing Education) credits over 3 years |
| Annual membership fee | $80/year (or paid at renewal) |
| Alternative: recertification | Pass the current version of the CEH exam within the validity period |
EC-Council periodically releases new versions of the CEH exam (current: CEH v13 as of 2025). Candidates who passed older versions hold valid CEH credentials as long as they have maintained their ECE credits — the version number on a certificate does not invalidate older certifications.
CEH vs. other ethical hacking credentials
The ethical hacking and penetration testing credential landscape is fragmented. The CEH is the most recognizable name, but it is not universally regarded as the most rigorous technical credential in the field.
OSCP (Offensive Security Certified Professional)
PracticalIssued by Offensive Security. The OSCP requires a 24-hour hands-on penetration test against a live lab environment — there is no multiple-choice exam. Widely regarded by security practitioners as the gold standard for hands-on offensive security skills. Verify at offensive-security.com/certification-verification.
GPEN (GIAC Penetration Tester)
Knowledge + PracticalIssued by GIAC (Global Information Assurance Certification). Covers network and web app penetration testing. Includes a practical component. Verify at giac.org/verify.
eJPT and eCPPT (eLearnSecurity)
Entry-levelPractical exams with lower barriers to entry, suitable for junior pentester hiring. Now part of the INE Security portfolio. Verify through the candidate's INE/eLearnSecurity profile.
CompTIA PenTest+
DoD 8140Covers planning, scoping, and execution of penetration tests. Vendor-neutral. DoD 8140 approved. More management-oriented than the OSCP. Verify at verify.comptia.org.
Hiring context matters
The CEH is often preferred in government, defense contractor, and compliance-driven roles where DoD 8140 alignment matters. Technical security teams doing active red team work typically weight the OSCP or GPEN more heavily. For junior roles, consider whether any practical lab experience exists regardless of certification.
Verify the degree behind the certification
Many cybersecurity roles require computer science or information technology degrees. Use VerifyED to confirm that a candidate's degree comes from a legitimately accredited institution — and catch diploma mill credentials before they reach your security clearance process.
Search Schools and Accreditation →