PrerequisitesCEH v13EC-Council · Security

CEH Prerequisites: The Two Eligibility Routes

The CEH is unusual: there is no single “you must have X years” rule. Instead there are two routes to eligibility — take official EC-Council training and need no work experience at all, or self-study and file an eligibility application proving two years in information security. Here is exactly how each route works, what it costs, and which one fits you.

Updated June 20269 min readLevel: IntermediateBy ExamCert Team

2Eligibility routes

No experienceTraining route

2 years expSelf-study route

~$100Eligibility fee

Net + security basicsRecommended

CEH v13 prerequisites and the two eligibility routes explained

01 The short answer

The CEH has two routes to exam eligibility, and which one you take decides whether work experience matters at all. Take EC-Council’s official training and there is no experience requirement and no separate application — the course makes you eligible. Choose self-study and you must file an Exam Eligibility Application showing at least two years of information-security experience, pay a non-refundable fee of around $100, and be approved before you can buy the exam.

That fork is the whole story of CEH prerequisites. Most candidates assume the certification has a fixed experience bar like the PMP; it does not. EC-Council deliberately offers an experience-free path so newcomers can train and qualify, while still allowing seasoned professionals to skip training and challenge the exam on the strength of their experience. Pick the route first — everything else follows from it.

✓

Official training route — no experience needed Route A

Attend EC-Council’s official CEH training (iLearn, iWeek, or an authorised partner) and you are eligible to sit the exam with no work-experience requirement and no eligibility application.

✓

Self-study route — two years and an application Route B

Skip training and challenge the exam directly, but first submit an Exam Eligibility Application evidencing at least two years of information-security experience, plus the ~$100 fee, and get approved.

★

Recommended background either way Recommended

Basic networking, operating-system familiarity (especially Linux/Unix), and security fundamentals will carry you through the material on either route.

02 The two routes, side by side

The cleanest way to see your options is to compare them directly. The decisive column is the last one: whether an eligibility application stands between you and the exam.

Route	What it requires	Eligibility application?
Official training (Route A)	Attend EC-Council official CEH training — no work-experience requirement	No — the training makes you eligible
Self-study / challenge (Route B)	At least 2 years of information-security experience	Yes — application + ~$100 fee, approved before you buy the exam

Official training removes two hurdles at once. It waives the experience requirement and the eligibility application, which is why complete newcomers almost always take Route A — there is simply no other way for them to qualify. The trade-off is cost: official training packages are considerably more expensive than buying a self-study voucher on its own.

Self-study does not mean “just book it.” Unlike a typical IT exam, you cannot walk up and pay for a CEH voucher on the self-study path. The eligibility application must be approved first — budget for the review time and the non-refundable fee before you plan an exam date.

03 The self-study eligibility application

If you go the self-study route, the eligibility application is the gate you must clear. It exists to verify your experience because you are not relying on training to qualify. Here is what it involves.

✓

Two years of verified information-security experience Required

You must show at least two years of work in the information-security domain, typically backed by an updated résumé and signed verification from an employer or manager.

✓

The Exam Eligibility Application form Required

Complete EC-Council’s online application detailing your role and experience. A reviewer assesses it before you are cleared to purchase a voucher.

✓

The ~$100 non-refundable application fee Required

The eligibility application carries a non-refundable fee of around $100. It is separate from the exam voucher cost and is not returned if your application is declined.

✓

Approval before you buy the exam Sequence

You cannot purchase the exam voucher until the application is approved. Approval is generally time-limited, so line up your voucher purchase and exam date once you are cleared.

Keep your evidence ready before you apply. An updated résumé, a manager willing to sign off on your role, and clear dates for your two years of experience will move the review along. Vague or unverifiable experience is the most common reason a self-study application stalls.

04 From route to exam booked

Whichever route you pick, the journey converges on the same endpoint — buying and sitting the exam. The difference is entirely in step two.

Choose your route

Official training (no experience) or self-study (two years of experience).

Training or apply

Route A: enrol in official training. Route B: submit the eligibility application and pay the fee.

Get approved

Training completion clears Route A; an approved application clears Route B.

Buy & sit the exam

Purchase the voucher, schedule with the proctor, and take the CEH exam.

Only Route B inserts a waiting step. Training candidates move straight from completing the course to buying a voucher. Self-study candidates add the application review in between — so if you are on a deadline, factor that approval window into your timeline.

05 Which route suits you?

There is no “better” route in the abstract — it comes down to how much experience you already have and how you want to spend your budget.

Take the training route

You have little or no formal information-security experience yet
You want structured, instructor-led preparation
You would rather not file an eligibility application or chase verification
Your budget can absorb the higher cost of an official training package

Take the self-study route

You already have two or more years of information-security experience
You can evidence that experience with a résumé and a sign-off
You want to save the cost of official training
You are comfortable preparing on your own and challenging the exam directly

Bottom line: newcomers take Route A because training is their only path to eligibility; experienced professionals take Route B to save money and skip the classroom. Match the route to where you genuinely sit on the experience scale, not to which sounds cheaper on paper.

06 FAQ

What are the prerequisites for the CEH exam?

The CEH has two routes to exam eligibility. If you attend EC-Council’s official CEH training (iLearn, iWeek, or an authorised partner), there is no work-experience requirement and no separate eligibility application — the training itself makes you eligible. If you self-study and want to challenge the exam directly, you must submit an Exam Eligibility Application showing at least two years of work experience in the information-security domain, pay a non-refundable application fee of around $100, and be approved before you can buy the exam. Either way, a working knowledge of networking, operating systems, and security fundamentals is strongly recommended.

Can you take the CEH without experience?

Yes — but only via the official training route. If you attend EC-Council’s official CEH training there is no work-experience requirement, so candidates with no formal information-security experience can still become eligible. The two-year experience requirement only applies to the self-study route, where you skip training and challenge the exam directly. In that case you must evidence at least two years of information-security experience in the eligibility application.

How much is the CEH eligibility application fee?

The CEH Exam Eligibility Application carries a non-refundable fee of around $100 (USD). This fee applies only to the self-study route — candidates who attend official EC-Council training do not file the eligibility application and therefore do not pay it. The fee is separate from, and in addition to, the cost of the exam voucher itself.

Do you need to take official training for the CEH?

No, official training is not mandatory. It is simply one of the two routes. Official EC-Council training removes the work-experience requirement and the eligibility application, which is why many candidates choose it. But experienced professionals can self-study and challenge the exam instead, provided they file the eligibility application, show two years of information-security experience, pay the application fee, and are approved before purchasing the exam.

ExamCert TeamCertified security & cloud pros helping you qualify and pass.