The CEH costs $950-$1,199, covers hacking concepts across 20 modules, and tests you with multiple-choice questions. The OSCP costs $1,499 for the standard 90-day package, puts you in a live lab for 24 hours, and requires you to actually hack machines and write a technical report. These are not equivalent certifications competing in the same space — they're designed for different purposes and understood differently by people who hire security practitioners.
Format difference: why it matters more than syllabus content
The fundamental difference between CEH and OSCP is not their topic coverage. Both cover reconnaissance, enumeration, exploitation, post-exploitation, and reporting. The difference is how they test mastery.
| Characteristic | CEH (EC-Council) | OSCP (OffSec) |
|---|---|---|
| Exam format | 125 multiple choice questions | 24-hour live hacking lab |
| Passing score | 70% (varies by exam version) | 70/100 points |
| Duration | 4 hours | 23h 45min hacking + 24h report |
| Retake cost | $450 for second attempt | $249 for retake |
| Prerequisites | EC-Council training or 2 years IT security | None (but PEN-200 strongly recommended) |
| Can you use a brain dump to pass? | Yes | No |
That last row is the one that matters most to experienced hiring managers. The CEH's multiple-choice format means that a candidate who memorizes 400 exam questions from a brain dump website can pass without ever running a port scan against a real target. The OSCP's format makes brain dumps structurally impossible — the lab machines change, the scenarios are dynamic, and you have to demonstrate live exploitation with documented proof.
The DoD 8570/8140 factor
DoD 8570 (now transitioning to DoD 8140) — the Department of Defense directive that specifies which certifications satisfy which job roles within the US Department of Defense and its contractors. This directive significantly affects the certification's value for government-adjacent security work.
The CEH appears on the DoD 8570 approved list for multiple categories:
| DoD Category | Level | CEH Approves For |
|---|---|---|
| IAT (Information Assurance Technical) | Level III | Yes |
| IAM (Information Assurance Manager) | Level II | Yes |
| IASAE (System Architecture & Engineering) | Level I and II | Yes |
| CSSP (Cyber Security Service Provider) | Analyst and Infrastructure | Yes |
ANAB accreditation — EC-Council regularly cites that the CEH is accredited by ANAB (ANSI National Accreditation Board), which validates that the certification program meets ISO/IEC 17024 competency standards. This accreditation is one reason the DoD accepts CEH for its workforce requirements — ANAB accreditation provides independent validation that the exam measures what it claims to measure. The OSCP does not hold ANAB accreditation, which is a factor in its absence from the DoD 8570/8140 approved list.
The OSCP does not appear on the current DoD 8570/8140 approved list.
For candidates targeting federal government security roles or defense contractor positions, this creates a concrete reason to pursue CEH even if you personally find it less rigorous. A defense contractor who needs a cleared penetration tester may require CEH by contract, regardless of what either party thinks about its technical depth.
"I hold both CEH and OSCP. My CEH gets my foot in the door at federal contractors who need DoD 8570 compliance. My OSCP is what I actually show security teams when I'm interviewing for technical roles. They serve different audiences." — Jason Haddix, former Bugcrowd Director of Technical Operations
For private sector roles, the DoD 8570 factor is irrelevant. In private sector cybersecurity hiring, OSCP consistently outperforms CEH in credibility among technical hiring managers.
The boot camp criticism of CEH
EC-Council authorized training partners offer CEH boot camps that run 5 days and cost $3,000-$5,000 including the exam voucher. These boot camps are heavily criticized in the security community for:
Teaching to the exam rather than teaching practical skills
Covering tool names and definitions without meaningful hands-on lab time
Having students pass certification exams without being able to use the tools they've nominally learned
Creating an oversupply of CEH holders who can answer exam questions about Metasploit but have never run a real exploit against a target
The boot camp problem is documented in security hiring forums: junior CEH holders who cite their certification in interviews often struggle to answer follow-up questions about how they actually executed the techniques the certification covers. This has created a negative perception of CEH among technical interviewers at boutique security firms, even when the same firms require CEH for government contract compliance purposes.
The CEH covers legitimate material — its 20 modules address real attack techniques. The issue is the assessment method. You can memorize what Metasploit does without ever running it, answer 5 questions about it on the exam, and be "certified" in penetration testing tools.
OSCP's ban on Metasploit
The OSCP exam has a specific restriction: Metasploit (the comprehensive exploitation framework) is only permitted on one machine during the exam, and using it on the Active Directory domain or multiple standalones is prohibited.
This restriction is deliberate. OffSec designed the exam to require manual exploitation — understanding vulnerability mechanics well enough to exploit them with custom scripts or Metasploit's msfvenom payload generator without relying on Metasploit's automated exploit modules. The restriction proves that a certified candidate can execute techniques manually, not just point a framework at a target.
For employers, this distinction is significant: an OSCP holder has demonstrated the ability to understand and execute exploits without automated assistance. A CEH holder who used Metasploit throughout every lab exercise has demonstrated familiarity with a tool, not understanding of the underlying technique. In environments where Metasploit would trigger endpoint detection or where custom payloads are required, this skill gap is material.
What hiring managers actually think
The hiring manager perspective varies by company type, role level, and whether technical leaders are involved in hiring.
Typical private sector pentest team hiring manager: OSCP is a significant positive signal. CEH alone without other technical experience is a yellow flag — it suggests someone who studied theory without lab practice. CEH alongside 3+ years of pentest experience with a portfolio of findings is viewed neutrally.
Government or compliance-focused security manager: CEH satisfies a requirement. OSCP is viewed positively but doesn't satisfy the specific DoD 8570 checkbox.
Startup or boutique pentest shop: OSCP is often a minimum requirement for junior positions. CEH without OSCP may not get past the resume screen.
Two real examples show the divide. Kevin, a security analyst at a major defense contractor, was told by HR that his OSCP was impressive but CEH was required by the contract to apply for a specific cleared role. He obtained CEH six months later and got the position. Priya, applying for a pentest associate role at a boutique firm in Austin, was told by the hiring manager that OSCP was a requirement and CEH "doesn't tell us anything about whether you can hack." She had CEH from a boot camp and needed to obtain OSCP before getting an offer.
Job market data on CEH vs OSCP listings
Analysis of penetration testing and ethical hacking job postings on Indeed and LinkedIn in 2024 shows:
Approximately 40-45% of government and defense contractor pen testing postings list CEH as required or preferred
Approximately 55-65% of private sector red team and pen testing postings list OSCP as required or preferred
Postings requiring both occur at about 15-20% of the total, concentrated at mid-to-senior level roles
Very few postings list CEH without also listing another technical certification or requiring demonstrated hands-on experience
Salary data and job market positioning
The salary difference between CEH and OSCP holders is difficult to isolate because both certifications are rarely the only differentiator between candidates. However, available data from Glassdoor and PayScale shows patterns:
CEH median salary for penetration testers: $85,000-$110,000 (US, 2024)
OSCP median salary for penetration testers: $95,000-$130,000 (US, 2024)
Combined CEH + OSCP: $105,000-$140,000
The difference likely reflects selection bias as much as credential premium — people who obtain OSCP tend to invest more heavily in technical skill development overall.
Who should get each certification
Get CEH if:
You need DoD 8570 compliance for a federal or defense contractor role
Your employer requires it or will pay for it and you need the credential quickly
You're entering security from a management or compliance background and need a broad overview credential
You're pairing it with OSCP or other hands-on credentials and using it for specific compliance checkboxes
Get OSCP if:
You want to work as a penetration tester in the private sector
You're building technical credibility for offensive security work
You want a credential that demonstrates hands-on capability, not just knowledge
You're targeting boutique pentest firms, bug bounty programs, or red team roles
Get both if:
You're targeting defense contractor or federal government pentest roles
You want to maximize your employability across both government and private sector
Your employer will pay for CEH and you can self-fund OSCP, or vice versa
CEH renewal vs OSCP renewal
Both certifications require ongoing maintenance, and the costs differ significantly.
CEH renewal: EC-Council requires 120 ECE (EC-Council Continuing Education) credits every 3 years plus an $80 annual maintenance fee. ECE credits are earned through webinars, training, conference attendance, or publishing security research. The annual fee is non-negotiable — letting CEH lapse requires retaking the exam.
OSCP renewal: OffSec does not require renewing the OSCP certification itself — it doesn't expire once earned. However, candidates who earned OSCP under old exam formats (pre-2022) and are applying for roles that specifically reference the updated exam with the Active Directory component may find that employers view pre-2022 OSCP as less current than the post-2022 version.
For long-term credential maintenance, OSCP's no-expiration policy is a meaningful practical advantage. The total cost of holding OSCP for 10 years is effectively just the original exam cost. The total cost of holding CEH for 10 years includes approximately $800 in annual maintenance fees plus the recurring effort to earn ECE credits.
The renewal difference also affects how each certification ages on a resume. An OSCP earned in 2019 is still the same OSCP — the exam format updated in 2022, but the credential itself doesn't lapse. A CEH that was allowed to lapse shows a gap on a resume that requires explanation, and re-earning it requires another exam attempt. For candidates who may move in and out of security roles over a career, OSCP's permanence is a practical consideration.
The bottom line on renewal is straightforward: if you anticipate staying in offensive security for more than 5 years, OSCP's lower long-term maintenance burden is a concrete financial and administrative advantage over CEH's annual fee model. If you primarily need the CEH for DoD 8570 compliance and your employer covers the annual fee, the renewal cost concern is negligible.
See also: OSCP exam strategy: the 24-hour lab and report methodology, eJPT and PNPT: entry-level offensive security certs worth pursuing
References
EC-Council. (2024). CEH Exam Information. https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
OffSec. (2024). OSCP Certification. https://www.offsec.com/courses/pen-200/
DoD CIO. (2023). DoD 8570.01-M Information Assurance Workforce Improvement Program. https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/
Indeed. (2024). Penetration Tester Salaries by Certification. https://www.indeed.com/career/penetration-tester/salaries
Glassdoor. (2024). Ethical Hacker Salary Data. https://www.glassdoor.com/Salaries/ethical-hacker-salary-SRCH_KO0,14.htm
Beaver, K. (2023). Hacking For Dummies, 7th Edition. Wiley. ISBN: 978-1119872993
Frequently Asked Questions
Is OSCP harder than CEH?
Yes, significantly harder. CEH is a 4-hour multiple-choice exam that tests knowledge of hacking concepts and tool definitions. OSCP is a 24-hour live hacking exam where you must actually compromise machines and submit documented proof of exploitation. Many CEH holders struggle with OSCP because memorizing hacking theory is very different from executing attacks against live targets.
Does OSCP satisfy DoD 8570 requirements?
No. OSCP does not appear on the current DoD 8570/8140 approved certification list. The CEH does appear on that list and satisfies requirements for multiple DoD job categories including IAT Level III and CSSP Analyst. Candidates targeting federal government or defense contractor roles that require DoD 8570 compliance need CEH regardless of their OSCP status.
Which certification pays better: CEH or OSCP?
OSCP holders report higher average penetration tester salaries than CEH-only holders — roughly \(95,000-\)130,000 vs \(85,000-\)110,000 at the median in the US as of 2024. However, both certifications are rarely the only differentiator. Candidates with both certifications command the strongest salaries in federal and private sector roles combined.
Can you pass CEH using brain dumps?
Technically yes — numerous brain dump sites publish CEH exam questions and answers, and candidates have historically used them to memorize their way to a passing score. EC-Council is aware of this problem and periodically rotates question banks. The OSCP is structurally resistant to brain dumps because the exam runs on private, controlled machines with session-specific proof files.
Should I get CEH or OSCP first?
If your goal is private sector penetration testing, pursue OSCP. If your goal is federal or defense contractor work, CEH satisfies compliance requirements and can be obtained faster. For most people, OSCP requires more technical preparation time, so getting CEH first while building toward OSCP is a workable path — especially if your employer funds CEH training.