CISSP, CEH and GCIH: Which Is Right for You?

CISSP GCIH CEH Hacker hand reaching out of monitor

Hundreds of IT security certifications exist and it can be hard to differentiate them. EC-Council's Certified Ethical Hacker (CEH) is often likened to GIAC's GCIH certification, but how close are they really? And where does (ISC)2's CISSP fit in?


The CISSP, CEH and GCIH certifications are all highly sought after but align to different careers, experience levels and salary prospects. Choosing the right one for you could open the door to a great job in security.


The sooner you start planning, the sooner you'll get certified. So which certification should you aim to achieve?


CISSP, CEH or GCIH – Which is right for you?


Certifications vary massively in terms of content, technology, tools, learning style and difficulty. Let's take a look at who these certifications are aimed at.




The CISSP (Certified Information Systems Security Professional) is highly sought after and widely regarded as the gold standard IT security certification. It's provided by (ISC)2, a renowned nonprofit organization that specializes in information security education.


CISSP holders help set up an organization's security blueprint, control risk management and make tough security decisions. This benchmark certification is aimed squarely at senior security professionals and should only be attempted by veterans with at least five years' experience.


With a tough exam and daunting prerequisites, achieving the CISSP is a large undertaking. Adding it to your r�sum�, however, will qualify you for some of the best roles in the industry. The CISSP is a common requirement for CISO positions


While the CISSP is one of the most renowned security certifications, it's not designed to test technical ability. Because of this, it can often be mistakenly labelled.


That's not to say it's not worth attaining — it is. The CISSP tests your ability to perform a senior IT security role, ensuring you understand the concepts and principles that guide any good security plan.


EC-Council CEH


Achieving EC-Council's Certified Ethical Hacker (CEH) proves you know how to use the same tools and techniques that malicious black hat hackers use to conduct catastrophic cyberattacks.


You'll be trained, however, to use your knowledge for good — the more you know about hacking tools and techniques, the better you'll be able to defend against them. Achieve this intermediate-level certification and you'll learn how to crack systems and networks using hacking tools, how to find faults, backdoors and vulnerabilities which can then be fixed.


This ethical hacking certification is aimed at those who want to break into the field of penetration testing (ethical hacking), providing an introduction to cybersecurity for entry-to-intermediate IT professionals.


For a real deep-dive into penetration testing, you should take EC-Council's ECSA, the follow-up certification to the CEH. The ECSA will put into practice the tools and techniques you studied during your CEH.


The vendor, EC-Council, is a member-based organisation that certifies professionals across several areas of security. EC-Council also provide a clear track for professionals, beginning with the CEH certification.




The GCIH (GIAC Certified Incident Handler) focuses on the skills needed to detect, respond to and resolve IT security incidents. It's an in-depth certification, covering a wide number of incident handling topics — including how cyber criminals infiltrate networks, crack passwords and conduct session hijacking.


Aimed at professionals who want to work as Incident Handlers, the certification is also suited to system administrators and security architects who would benefit from a better knowledge of cyber security.


This certification shares similarities with EC-Council's CEH, as both involve learning the tools and techniques used by hackers to compromise organisations. The CEH, however, is focused on offensive security — i.e. attack tools — whereas the GCIH certification focuses more on defence and incident response. If you're goal is to become an Incident Handler, the GCIH is by far the more relevant certification.


How to get certified


Certifications demand vastly different prerequisites, and most require an exam to prove your knowledge. These factors should be taken into account when deciding which to pursue.




To achieve this prized certification, you'll need comprehensive knowledge of the design, implementation and management of security programs. You'll also need in-depth knowledge of the 8 CISSP domains, covering a huge range of security topics, from network security to risk management.


The CISSP is geared toward high-level security professionals and candidates for the exam must possess a minimum of five years paid, full-time work experience in two of the eight domains of the CISSP Common Body of Knowledge (CBK). Qualified professionals can then take the exam, consisting of 250 questions over six hours.


If you don't have the required years of experience, you can still sit the exam. Pass it and you'll become an Associate of (ISC)2, proving your security knowledge and commitment to your career. Once you meet the prerequisites, you'll then become a certified CISSP.


(ISC)2 supports classroom-based and online training to study for your CISSP. To take your exam onsite at the end of your training course, look out for official (ISC)2 training providers.


EC-Council CEH


CISSP GCIH CEH Bewildered security guy

You'll need two years of IT experience, validated through EC-Council's application process, to take the CEH certification exam.


If a candidate attends official training, however, either at an Accredited Training Centre, via the iClass platform, or at an approved academic institution, then the candidate is eligible to attempt the CEH exam without going through the application process.


To improve your chances of passing the exam, you should still ideally possess two years' worth of IT experience. You should also have a good knowledge of TCP/IP, Windows Server and a basic familiarity with Linux and/or Unix.


Certification is gained by passing CEH Exam 321-50, a 125 question, multiple choice exam. You'll have four hours to complete the exam; a passing score of 70 percent or better is required for certification.


As with (ISC)2, professionals are recommended to study for the certification through Accredited Training Centers, that will possess the most up-to-date curriculum, practical labs and official instructors.




While there are no official prerequisites for GCIH certification, you should possess an understanding of basic networking protocols and security principles as well as experience with Windows Command Line.


To achieve a GCIH certification, you must pass the GIAC Certified Incident Handler (GCIH) exam, composed of 150 questions. You'll have 4 hours to pass this proctored exam. Get a passing score of over 73 percent to achieve your GCIH certification. GIAC exams are open book and you're encouraged to take advantage of this.


While no specific training is required for GCIH certification, there are many routes to learning the certification objectives. GIAC recommend practical experience, independent study or GIAC courses from training providers.


Certification career prospects and earnings


Certifications are a brilliant way to learn new skills, but it's important to consider your potential career opportunities too.




CISSP commands a huge amount of respect across IT (and HR!) and will greatly improve your chances of landing high-paying job roles. Top roles, like the CISO (Chief Information Security Officer) in IT security often cite the CISSP in job specifications.


CISSP-certified Chief Information Security Analysts (CISO) earn an impressive median salary of $160,000 (PayScale).


EC-Council CEH


By familiarizing yourself with how criminal hackers think, you'll be better prepared to secure your own business, or any businesses that hires you.


EC-Council's CEH is a great fit for roles like penetration tester where CEH certified professionals can earn an average salary of $88,500.


It's worth noting that penetration testing is a domain in which hands on experience is highly desirable. Because of this, make sure to supplement a CEH certification with on-the-job experience.




GIAC are invested in providing certifications that align to job roles. As such, the GCIH is uniquely focused on hands-on skills necessary for the job role of an Incident Handler.


GIAC certifications are a good indication of cybersecurity skill and knowledge and are used by employers to select employees for hiring and promotion.


These certifications fill gaps in security knowledge and few other qualifications cover the same material. Plus, GIAC certifications also contain invaluable practical knowledge, proving you know how to perform the task required.


�Not only did my GIAC certification help display my capabilities to my future employer to land a new and exciting job, but the skills obtained during my training and testing saved a great deal of their budget dollars,� says GCIH-certified Jared McLaren.


GIAC GCIH holders can expect good salary prospects too. The average salary for a GIAC holder with 1-to-4 years of experience is $72,000. This increases to $100,000 for 10-to-19 years of security experience (PayScale).


Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author
Alex Bennett of Firebrand Training

Alex Bennett is a technical writer for Firebrand Training. Working at the forefront of the IT training industry, Alex uses his insider knowledge to write regularly on IT security, networking and cloud technology.