OSCP vs. CEH: Which Should You Choose?
We’ve discussed the PenTest+ and the CEH (also known as the Certified Ethical Hacker) certifications before, and the OSCP certification by Offensive Security as well, but many of you have asked specifically about a comparison between the OSCP and other penetration testing certifications, especially the CEH. In this article, I’ll cover the differences between these two certifications, and my recommendation for which one you should consider adding to your list of credentials first.
OSCP vs. CEH: Which exam should you take? While the OSCP certification is more difficult to earn than the CEH, penetration testers that are serious about their careers will find that the OSCP is worth the extra effort and that it provides the most benefit for their future career options. Non-penetration testers should consider the CEH instead.
Some of you may be surprised by my answer here, so in the paragraphs below I’ll compare these two certification exams, explain the differences, and show why the OSCP makes the most sense for serious penetration testers that want to focus on one of these two certifications. Let’s get started.
What are the OSCP and CEH certification exams?
The OSCP is the Offensive Security Certified Professional certification, which is the lowest level (although not entry-level) certification exam offered by the organization Offensive Security. According to Offensive Security, it is intended for cybersecurity professionals that want to take a “serious and meaningful step into the world of professional penetration testing.”
The CEH is the Certified Ethical Hacker certification, which is a certification exam offered by the organization EC-Council. Like the OSCP, it is not an entry-level certification and is intended to verify the ability of individuals in the “specific network security discipline of Ethical Hacking from a vendor-neutral perspective.” Additionally, EC-Council states that the purpose of the CEH certification is to:
- Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
- Inform the public that credentialed individuals meet or exceed the minimum standards.
- Reinforce ethical hacking as a unique and self-regulating profession.
Both certifications focus on penetration testing and ethical hacking as a specific discipline within the cybersecurity field. Penetration testing is not considered an entry-level discipline, so these two exams are not entry-level either and in most cases probably will not be the first certification that a cybersecurity professional will choose to pursue.
Who are the OSCP and CEH certification exams intended for?
Both the OSCP and CEH certifications are intended for current IT or cybersecurity professionals that want to focus on penetration testing as a career, or at least add penetration testing to their personal areas of expertise. Both certifications are also designed by their respective organizations to be the first ethical hacking/penetration testing certification earned by a professional looking to focus on penetration testing. Additionally, both organizations offer higher level certification exams related to penetration testing that follow these certifications.
Should you consider taking the OSCP or CEH certification exams?
From our perspective, most IT or cyber professionals should only consider taking the OSCP or CEH certifications if they have all of the following:
- Have been working in the cybersecurity field for at least two years
- Already completed another certification exam of some sort
- Have some experience with Linux
- Want to add penetration testing as a skill set
Because these certifications are not entry-level, and penetration testing is not an entry-level skill, it is important to have some IT or cybersecurity experience, preferably related to networking, since you’ll be tested on your ability to hack into a network environment (learn how to get that experience in our article here). And Offensive Security in particular states that the OSCP is intended for existing professionals, not aspiring ones. It’s important to have some real-world technical experience, either in networking or security, before you consider these exams.
It’s also a good idea to have completed some other certification already, such as the CompTIA Network+ or Security+. We recommend that you’ve taken another certification before attempting the OSCP or CEH, so that you can build some experience with sitting for a certification exam before you attempt a bigger certification like one of these. It’s beneficial for any IT or cybersecurity professionals to know how well they test, and to know how to test. Because of this, it’s ideal to cut your teeth on lower-level certifications that help you do just that.
Linux is also a skill that you’ll need to have some familiarity with before attempting these exams, as Linux is the preferred operating system of penetration testers, and OSCP in particular is based on the Kali Linux flavor. If you’re strictly from a Windows environment (or no environment at all), it will be greatly worth your time to dive into the world of Linux and learn how the operating system works, what the commands are, and how penetration testers use it, before signing up for one of these certifications.
Lastly, we believe it’s also important to want to be knowledgeable in penetration testing and really want to add it to your skill set. Just about everyone thinks penetration testing is interesting, but given the massive amount of effort and time that either of these certifications will take, it’s also important that penetration really is a true goal of yours before committing to either certification exam.
Which should you take, the OSCP or CEH?
If you’ve read everything above and are still interested in moving forward with one of these two penetration testing-focused certifications, read on to see our comparison of the OSCP and CEH certification exams.
Factor #1: OSCP and CEH Exam Requirements
For the Certified Ethical Hacker, EC-Council provides two options for preparing for and sitting for the exam. First, you can take the EC-Council approved curriculum for the CEH, which costs $850, however prices may vary based on your region, whether you take the course through an authorized training provider instead of directly through EC-Council, and if you buy a bundle that includes lab time and/or a voucher for the exam. It appears that EC-Council does not provide a specific recommended amount of experience to take the training.
The second option for the CEH is to attempt the exam without going through the training, however you will be required to prove at least two years of experience when you apply. On their exam roadmap, they also recommend that you take the CND (Certified Network Defender) exam before taking the CEH, however this is not a requirement and probably isn’t necessary if you have sufficient background.
The OSCP doesn’t specify in any great detail the recommended number of years of experience that you should have before sitting for the exam. Instead, Offensive Security asks that you complete their Penetration Testing with Kali Linux course first, and their language suggests that they consider successful completion of that course to indicate that a candidate is ready to sit for the OSCP certification.
Offensive Security also states that their Penetration Testing with Kali Linux course is intended for current information security professionals, and they suggest that it is best for those that have some networking or security background in particular. In addition, Offensive Security requires that every candidate must have the following three skills:
- Solid understanding of TCP/IP networking
- Reasonable understanding of Linux
- Familiarity of Bash scripting with basic Python or Perl a plus
It would be better to err on the high side of these requirements in order to get the most from the training and have the best chance of exam success.
Note that both organizations provide a training option for candidates before they sit for the exam, and Offensive Security requires specific skills before that training, while EC-Council does not. Regardless, you would be greatly benefitted by having that same experience before taking the CEH training or sitting for the exam.
Factor #2: Cost
The Certified Ethical Hacker and the OSCP certifications are not cheap exams, however the cost of CEH is a good bit more than the OSCP. The current standard cost for the CEH is a substantial $1,199 for the exam voucher, if you take it through Pearson Vue. You also can take it remotely through EC-Council themselves (which is the organization that issues the CEH), and if you do that the cost drops to $950. Note that this doesn’t include any training, coursework, or study material. Additionally, there is a $100 non-refundable application fee if you’re bypassing the training. EC-Council does offer a training program for the CEH, of course, and the cost of that is currently $850 as mentioned above, however this price can vary. It doesn’t take long for the cost to obtain the CEH to get pretty pricey.
One thing to point out here is the variation of cost that you may see on the CEH exam and training. We were able to find some pricing options, but also noticed that there are many other options for pricing based on whether you purchased the training, bought everything in a bundle, what region you live in, and whether your employer was making the purchase for a larger group. The important point to keep in mind for the CEH is that it may be worth your time to evaluate your options, even if you are considering bypassing the training course. We tried here to provide the most accurate pricing we could find, but we leave it up to you to do your own research.
Now on to the OSCP. To us, the OSCP’s cost is much more reasonable. For as little as $850 currently, you can get a voucher for the exam, but this also includes the prerequisite course and a 30 license to access their hacking lab. The value of the course alone could easily be considered close to that price, so in one way you can almost consider the cost of the exam to be close to free. And if you don’t pass the OSCP by chance, you can purchase a retake voucher if you need one for only $150, and you also have the opportunity to purchase more lab time if you need that as well.
The final result: The OSCP seems to offer more cost effective options, and more straightforward pricing, but as it always is for cybersecurity certifications, they aren’t cheap and you’ll have to invest several hundred dollars or more to earn the certification. It’s important to make sure that you’re ready to truly learn all that you can from the training and are positioned to have the greatest chances of success on the exam.
Factor #3: Exam Difficulty
This one isn’t even close. The OSCP is a notoriously difficult exam, almost unreasonably so. With the OSCP, you’re in for a 24-hour straight (yes, one full rotation of the earth on its axis) live network hands-on penetration testing exercise, where you aren’t asked any questions, but instead are required to exploit various devices within the network that you are given. And if that’s not enough, during the next 24 hours you’re required to write up your findings and documentation, which is what you submit in order to earn the certification. That means that the OSCP is an up-to-48-hours straight exam, and their process for documentation and submission of findings is rather strict and exact. Attention to detail and time management are crucial if you want to have a shot at passing this certification.
Now compare that to the Certified Ethical Hacker, which has a straight multiple choice format of 125 questions, which you must complete within the four hour time frame. The exam is completed at a testing center. While a four hour exam isn’t anything to take lightly, it does almost sound easy when you compare it to the OSCP, and it is shorter than many other certification exams, such as the OSCP and CISSP.
An important point to make here though: While the CEH is an easier exam, it’s important to keep in mind that easier isn’t necessarily better. Every cybersecurity professional should evaluate these certifications on their merit and future impact to one’s resume and career. We have to consider what we’re receiving for all of that difficulty, which we’ll cover in the next few paragraphs.
Factor #4: Employability
We had no trouble at all finding job postings that requested or required either of these certification exams, so earning either the CEH or OSCP will help you get your foot in the door at many places. It does appear that the CEH name is more recognizable to HR managers that are non-technical (the name Certified Ethical Hacker does stand out), however these professionals probably don’t know the differences between the two certifications.
On the other hand, true cybersecurity or IT hiring managers that are penetration testers or supervise them know both certifications, so you won’t be in a situation where you’ll have to explain what either of these certifications are.
With that said, it seems that the OSCP is more respected among IT hiring managers and penetration testers overall. Penetration testers in particular know how hard it is to pass the 24 hour plus 24 hour exam that is the OSCP, and most that we spoke to seem to respect it for that difficulty and it’s hands-on nature.
Factor #5: DoD Approval
The good news for those professionals that are considering going into the public sector Department of Defense route is that the CEH is a DoD 8570 baseline certification. This qualifies you for four different cybersecurity service provider positions and various government related jobs, many of which will also require a clearance.
The OSCP does not have DoD approval, which may or may not be important to you and your career path. This does not mean that the DoD dis-approves of the certification, but that they have not evaluated it and approved it.
Factor #6: Recertification
The Certified Ethical Hacker credential is valid for three years from the date of your successful completion of the exam. EC-Council does require that for the CEH you earn 120 ECE (electrical and computer engineering) credits over that three year time frame. They also require you to pay an annual membership fee that is a flat rate no matter how many certifications you have with them. The annual membership fee is currently $80.
The OSCP does not require you to renew the certification. Offensive Security states that “our certifications do not expire and they do not need to be renewed”, which is probably appropriate for a professional that is that far into their cybersecurity career.
What about online exam question dumps?
Allegedly, both the CEH and OSCP have had trouble with some actual exam materials ending up online. Using this type of material to prepare for an exam is strictly forbidden. Having actual exam questions available online weakens any certification exam, which is not what anyone who actually holds the certification wants to have happen.
What about the CEH Practical exam?
The CEH practical is the certification exam offered by EC-Council that follows the standard CEH in sequence. This is a 6-hour long exam that focuses on being able to demonstrate the application of ethical hacking techniques, and is delivered in a hands-on format, just like the OSCP (but shorter). On the CEH Practical exam, you connect into the virtual testing environment from home (or wherever else you want to work from) and complete the hands-on hacking challenges.
The CEH Practical is a good step by EC-Council to strengthen the CEH, but this new option is not as well known yet as the standard CEH. We even predict that in time EC-Council may change out this new format for the existing multiple choice exam. For most cybersecurity professionals and aspiring penetration testers, the standard CEH will be sufficient for your credentials.
We believe that both certifications are worth the time and effort that they require to earn, however for those professionals that are truly serious about becoming a top-tier penetration tester, the OSCP certification stands alone when compared to the CEH. There are many cybersecurity and IT professionals that we know that are NOT penetration testers, but have earned the CEH, which indicates that it is a more conceptual penetration testing certification exam. We haven’t found anyone with the OSCP that isn’t a penetration tester. So…
The Certified Ethical Hacker is probably your best option if you are an IT or cybersecurity professional that is not working directly in penetration testing, but who wants to add a penetration testing certification to your resume. Additionally, the CEH is probably a better choice for those professionals that want to move add penetration testing to their skill set over time.
The OSCP is probably your best option if you are a professional that is serious about making a move into penetration testing, or who works in that sector of the field already. Consider your background, your skill set, and most importantly, your five year career goals, and then make the decision that is best for you.