Yes, the Certified Ethical Hacker (CEH) certification expires every 3 years. EC-Council requires you to earn 120 ECE (EC-Council Continuing Education) credits with a minimum of 20 credits per year, plus maintain your EC-Council membership at $80 per year. While 120 credits sounds like a lot, each credit equals roughly 1 hour of continuing education—many activities like reading security articles, attending webinars, or participating in CTF competitions count toward your requirement.
The CEH renewal process reflects the rapidly evolving nature of cybersecurity. New attack techniques, vulnerabilities, and defensive tools emerge constantly, making ongoing education essential for ethical hackers. EC-Council's credit system ensures CEH holders stay current with the latest threats and countermeasures—a critical requirement for professionals trusted to test organizational security.
| Activity | Credits | Details |
|---|---|---|
| Training courses | 1 per hour | EC-Council, SANS, vendor, or university courses |
| Conferences | 1 per hour | DEF CON, Black Hat, RSA, BSides, etc. |
| Self-study | 1 per hour | Reading security books, articles, threat reports |
| Teaching/presenting | Up to 40 | Teaching security courses, conference presentations |
| Published articles | Up to 10 | Blog posts, research papers, whitepapers |
| Other certifications | Varies | Earning CISSP, OSCP, Security+, etc. |
| CTF competitions | 1 per hour | Capture the Flag events, Hack The Box |
For working cybersecurity professionals, earning 120 credits over 3 years (40/year) is achievable through normal professional activities. Attending a 3-day security conference earns 24+ credits. Completing a 40-hour training course earns 40 credits. Reading security news daily for 30 minutes earns ~90 credits per year. Most active security professionals accumulate credits naturally without needing dedicated study time.
| Cost Component | Annual | 3-Year Total |
|---|---|---|
| EC-Council membership | $80 | $240 |
| ECE credits (self-study/free) | $0 | $0 |
| Minimum Total | $80 | $240 |
| Certification | Cycle | Credits | 3-Year Cost |
|---|---|---|---|
| CEH | 3 years | 120 ECE | $240 |
| CISSP | 3 years | 120 CPEs | $375 |
| CompTIA Security+ | 3 years | 50 CEUs | $150 |
| OSCP | Never | N/A | $0 |
CEH and CISSP both require 120 credits, but CEH's annual fee is $80 vs CISSP's $125—a 36% savings. CompTIA Security+ requires fewer credits (50 CEUs) but has its own annual fee. Notably, OSCP (OffSec Certified Professional) never expires, making it one of the only offensive security certifications with permanent validity.
Yes, every 3 years. Earn 120 ECE credits (min 20/year) and pay $80/year EC-Council membership to maintain.
120 over 3 years with a minimum of 20 per year. 1 credit ≈ 1 hour of qualifying education activity.
$80/year EC-Council membership ($240 over 3 years). ECE credits can be earned free through self-study and community activities.
Training courses, conferences, self-study, publishing articles, teaching, CTF competitions, and earning other certifications.
You lose active status. Pay outstanding membership fees and submit ECE credits to reactivate. Extended lapses may require retaking the exam.
Both require 120 credits. CISSP costs $125/year ($375 total) vs CEH's $80/year ($240). CISSP is 56% more expensive to maintain.
adaptive questions across all 20 CEH ethical hacking modules.
Start Free CEH Practice Test →