The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

CISSP, CEH and GCIH: Which Is Right for You?

There are many different cybersecurity certifications. Three of the more popular credentials are the CISSP, the CEH, the GCIH. Weighing their various aims and merits can help you determine which to pursue.

CISSP GCIH CEH Hacker hand reaching out of monitorHundreds of IT security certifications exist and it can be hard to differentiate them. EC-Council’s Certified Ethical Hacker (CEH) is often likened to GIAC’s GCIH certification, but how close are they really? And where does (ISC)²’s CISSP fit in?


The CISSP, CEH and GCIH certifications are all highly sought after but align to different careers, experience levels and salary prospects. Choosing the right one for you could open the door to a great job in security.


The sooner you start planning, the sooner you’ll get certified. So which certification should you aim to achieve?


CISSP, CEH or GCIH – Which is right for you?


Certifications vary massively in terms of content, technology, tools, learning style and difficulty. Let’s take a look at who these certifications are aimed at.




The CISSP (Certified Information Systems Security Professional) is highly sought after and widely regarded as the gold standard IT security certification. It’s provided by (ISC)², a renowned nonprofit organization that specializes in information security education.


CISSP holders help set up an organization’s security blueprint, control risk management and make tough security decisions. This benchmark certification is aimed squarely at senior security professionals and should only be attempted by veterans with at least five years’ experience.


With a tough exam and daunting prerequisites, achieving the CISSP is a large undertaking. Adding it to your résumé, however, will qualify you for some of the best roles in the industry. The CISSP is a common requirement for CISO positions


While the CISSP is one of the most renowned security certifications, it’s not designed to test technical ability. Because of this, it can often be mistakenly labelled.


That’s not to say it’s not worth attaining — it is. The CISSP tests your ability to perform a senior IT security role, ensuring you understand the concepts and principles that guide any good security plan.


EC-Council CEH


Achieving EC-Council’s Certified Ethical Hacker (CEH) proves you know how to use the same tools and techniques that malicious black hat hackers use to conduct catastrophic cyberattacks.


You’ll be trained, however, to use your knowledge for good — the more you know about hacking tools and techniques, the better you’ll be able to defend against them. Achieve this intermediate-level certification and you’ll learn how to crack systems and networks using hacking tools, how to find faults, backdoors and vulnerabilities which can then be fixed.


This ethical hacking certification is aimed at those who want to break into the field of penetration testing (ethical hacking), providing an introduction to cybersecurity for entry-to-intermediate IT professionals.


For a real deep-dive into penetration testing, you should take EC-Council’s ECSA, the follow-up certification to the CEH. The ECSA will put into practice the tools and techniques you studied during your CEH.


The vendor, EC-Council, is a member-based organisation that certifies professionals across several areas of security. EC-Council also provide a clear track for professionals, beginning with the CEH certification.




The GCIH (GIAC Certified Incident Handler) focuses on the skills needed to detect, respond to and resolve IT security incidents. It’s an in-depth certification, covering a wide number of incident handling topics — including how cyber criminals infiltrate networks, crack passwords and conduct session hijacking.


Aimed at professionals who want to work as Incident Handlers, the certification is also suited to system administrators and security architects who would benefit from a better knowledge of cyber security.


This certification shares similarities with EC-Council’s CEH, as both involve learning the tools and techniques used by hackers to compromise organisations. The CEH, however, is focused on offensive security — i.e. attack tools — whereas the GCIH certification focuses more on defence and incident response. If you’re goal is to become an Incident Handler, the GCIH is by far the more relevant certification.


How to get certified


Certifications demand vastly different prerequisites, and most require an exam to prove your knowledge. These factors should be taken into account when deciding which to pursue.




To achieve this prized certification, you’ll need comprehensive knowledge of the design, implementation and management of security programs. You’ll also need in-depth knowledge of the 8 CISSP domains, covering a huge range of security topics, from network security to risk management.


The CISSP is geared toward high-level security professionals and candidates for the exam must possess a minimum of five years paid, full-time work experience in two of the eight domains of the CISSP Common Body of Knowledge (CBK). Qualified professionals can then take the exam, consisting of 250 questions over six hours.


If you don’t have the required years of experience, you can still sit the exam. Pass it and you’ll become an Associate of (ISC)², proving your security knowledge and commitment to your career. Once you meet the prerequisites, you’ll then become a certified CISSP.


(ISC)² supports classroom-based and online training to study for your CISSP. To take your exam onsite at the end of your training course, look out for official (ISC)² training providers.