I'm looking at different certifications and the Certified Ethical Hacker (CEH) keeps popping up. However, I also see a lot of people recommending the OSCP for hands-on skills. Is the CEH still respected by HR departments in the US, or should I focus entirely on labs like Hack The Box and more technical certs?
3 answers
It depends on who you are trying to impress. The CEH is very well-known by HR departments and is often a requirement for government contracts (DoD 8570 baseline). If your goal is to get past the initial resume filters at large corporations, CEH is valuable. However, if you are in the technical interview, the OSCP carries much more weight because it proves you can actually "hack" your way through a network. My advice is to use the CEH to get the interview and the skills from OSCP or HTB to pass the interview. Having both on your resume makes you a very strong candidate for any junior role.
That makes sense for the resume, but isn't the cost of the CEH exam quite high compared to other certifications that offer more practical, hands-on training?
Don't underestimate networking. A solid LinkedIn profile showing your write-ups from TryHackMe can sometimes be more effective than any single certification.
Rebecca is right. Showing a portfolio of your work and your thought process through blog posts or GitHub repos is a huge "green flag" for hiring managers.
The cost is definitely a factor, Matthew. It's over $1,000 now, which is a lot for a multiple-choice exam. If you are on a tight budget, I’d suggest looking at the eJPT or the PNPT. They are much cheaper, fully practical, and are rapidly gaining respect in the community for teaching actual penetration testing workflows rather than just memorizing tool syntax.