How I Got My First CEH Certification Without Any IT Experience
Follow a real CEH certification guide — the exact 12-week study plan, exam domains breakdown, and strategies that helped pass the Certified Ethical Hacker exam.
Get more content like this on Telegram!
Daily AI tips, notes & resources — free
How I Got My First CEH Certification Without Any IT Experience
Eighteen months ago, I was a marketing analyst who had zero professional IT experience. I understood basic computer usage, knew a little HTML from tinkering with websites years ago, and had developed an obsession with cybersecurity through YouTube rabbit holes that started with a documentary about Kevin Mitnick.
Today I hold a CEH (Certified Ethical Hacker) certification and recently started a junior security analyst role. The path was not easy, and I made expensive mistakes along the way that I am going to help you avoid.
This is not an aspirational story about talent or special advantages. I passed the CEH after 12 weeks of structured study, no prior IT job experience, and by following a methodical plan that I am going to lay out for you in this guide.
The most important thing I learned: the CEH is absolutely passable for a motivated beginner, but only if you understand what the exam actually tests and study accordingly. I see many people fail not because they are not smart enough, but because they studied the wrong things or in the wrong order.
What the CEH Certification Actually Tests
Before diving into study strategy, understand what you are preparing for. The CEH (EC-Council Certified Ethical Hacker) is a 125-question multiple-choice exam with a four-hour time limit. The current version is CEH v13, which EC-Council updated in 2024.
The exam is conceptual and knowledge-based, not hands-on. You will not be exploiting machines during the exam (that is OSCP territory). You will be answering questions about how attacks work, which tools perform specific functions, what commands produce what outputs, and how defenders should respond.
This means your study strategy should prioritize breadth of conceptual understanding over depth of hands-on skill in any one area. You need to know what Nikto does, what a SQL injection looks like, and what the phases of ethical hacking are — at a conceptual level that a multiple-choice question can probe.
CEH Exam Domain Breakdown
The exam covers 20 knowledge domains. Knowing the weighting helps you prioritize study time:
| Domain | Approximate Weight | Difficulty for Beginners |
|---|---|---|
| Introduction to Ethical Hacking | 6% | Low |
| Footprinting and Reconnaissance | 6% | Low |
| Scanning Networks | 6% | Medium |
| Enumeration | 6% | Medium |
| Vulnerability Analysis | 5% | Medium |
| System Hacking | 5% | High |
| Malware Threats | 5% | Medium |
| Sniffing | 5% | Medium |
| Social Engineering | 4% | Low |
| Denial-of-Service | 4% | Medium |
| Session Hijacking | 4% | High |
| Evading IDS, Firewalls, Honeypots | 4% | High |
| Hacking Web Servers | 5% | Medium |
| Hacking Web Applications | 5% | High |
| SQL Injection | 5% | High |
| Hacking Wireless Networks | 4% | Medium |
| Hacking Mobile Platforms | 4% | Medium |
| IoT and OT Hacking | 5% | Medium |
| Cloud Computing | 5% | Medium |
| Cryptography | 6% | Medium |
My study recommendation: allocate proportional time to domain weight, but add extra time to domains you find difficult. I spent extra time on System Hacking, Web Applications, and SQL Injection — the hands-on domains that I found harder to understand conceptually without practical experience.
The 12-Week CEH Study Plan
This is the exact study schedule I followed. It assumes approximately 1-1.5 hours of daily study (roughly 7-10 hours per week, 80-100 hours total).
12-Week CEH Study Schedule
| Week | Topics | Activities | Resources |
|---|---|---|---|
| Week 1 | Ethical hacking intro, footprinting | Read CEH v13 Study Guide Ch 1-2, watch intro videos | Matt Walker CEH Study Guide, YouTube |
| Week 2 | Scanning, enumeration | Lab: Nmap on Metasploitable, practice enumeration techniques | TryHackMe Nmap room, Study Guide Ch 3-4 |
| Week 3 | Vulnerability analysis, system hacking | Metasploit basics on Metasploitable VM, CVE research | Study Guide Ch 5-6, Professor Heath Adams |
| Week 4 | Malware, sniffing | Wireshark capture analysis, malware type identification | Wireshark labs, Study Guide Ch 7-8 |
| Week 5 | Social engineering, DoS | Study attack types, scenario-based practice questions | Study Guide Ch 9-10 |
| Week 6 | Session hijacking, IDS/Firewall evasion | Review concepts, watch walkthrough videos | Study Guide Ch 11-12, HackerSploit |
| Week 7 | Web server hacking, web app attacks | DVWA labs (SQL injection, XSS), Burp Suite intro | OWASP Top 10, Study Guide Ch 13-14 |
| Week 8 | SQL injection deep dive, wireless | SQLMap practice on DVWA, WPA/WPA2 concepts | Study Guide Ch 15-16 |
| Week 9 | Mobile, IoT/OT hacking | Concept review, scenario questions | Study Guide Ch 17-18 |
| Week 10 | Cloud security, cryptography | AWS/Azure security concepts, encryption types, PKI | Study Guide Ch 19-20 |
| Week 11 | Full review pass | Re-read weaker domains, flashcard review | Anki decks, EC-Council official material |
| Week 12 | Practice exams | 3 full practice exams (125 questions each), review wrong answers | Boson CEH Practice Exams, ExamCompass |
The Most Important Week: Week 12
I cannot overstate how critical practice exams are in the final week. After 11 weeks of studying, I thought I was ready. My first practice exam score was 68% — below the typical passing threshold of 70%. The gap was almost entirely terminology: EC-Council uses specific terminology for tools and techniques that does not always match how the broader security community refers to the same things.
Three full practice exams in the final week, with careful review of every wrong answer and why it was wrong, brought my practice scores to 82-88%. I passed the actual exam with a 76% — lower than practice but comfortably passing.
The Study Resources That Actually Helped
After spending significant money on resources, here is my honest ranking:
Essential:
- Matt Walker's CEH v13 All-in-One Study Guide — the most comprehensive single resource, well-organized by domain, and worth every dollar. If you buy one book, buy this one.
- Boson CEH Practice Exams — expensive ($99) but the most accurate simulation of the actual exam. The explanations for wrong answers are excellent. I credit this tool with half my preparation success.
- TryHackMe — free tier has enough content to build hands-on understanding of the concepts tested on the exam. Complete the "Jr Penetration Tester" path.
Helpful but not essential:
- Professor Heath Adams (The Cyber Mentor) on YouTube — excellent free video content covering many CEH topics
- HackerSploit on YouTube — good walkthroughs of tools referenced in the exam
- Udemy CEH prep courses (look for those with recent reviews from CEH v12/v13 candidates)
I would skip:
- The official EC-Council courseware (overpriced, verbose, and not well-calibrated to the exam)
- Generic "CEH dumps" sites — memorizing answers without understanding concepts is both ethically problematic and ineffective since EC-Council rotates questions
Building Your Lab Environment for Hands-On Practice
Even though the CEH is a multiple-choice exam, hands-on practice dramatically improves your understanding of how attacks and tools work. This makes the conceptual knowledge stick in ways that reading alone cannot.
Minimum lab setup:
- VirtualBox (free) on your host machine
- Kali Linux VM (free, download from kali.org)
- Metasploitable 2 VM (deliberately vulnerable, free from SourceForge)
- DVWA on a local web server or via Docker
With this setup, you can legally practice:
- Nmap scanning and enumeration against Metasploitable
- Metasploit exploitation of Metasploitable vulnerabilities
- SQL injection and XSS attacks against DVWA
- Wireshark capture of your own lab traffic
Spend at least one session per week in the lab. Understanding what a Nmap output actually looks like, or experiencing a successful SQL injection, makes the exam questions about these techniques much more intuitive.
If you want to go deeper on hands-on testing methodology, check out our penetration testing beginners guide which covers the full pentest process in detail.
Exam Day Strategy
I took my exam at a Pearson VUE testing center, which I recommend over online proctoring for your first high-stakes exam — fewer technical variables.
The question approach I used:
For every question, I eliminated answers I was confident were wrong first. CEH questions often include one or two clearly incorrect options, reducing a four-choice question to a two-choice decision. This significantly improves your odds on questions where you are uncertain.
Flag and move: If a question stumped me completely, I flagged it and moved on immediately. Do not let one hard question consume ten minutes that you need elsewhere. I had about 20 flagged questions and reviewed them all in the last 45 minutes.
Trust your first instinct: On multiple reviews of flagged questions, I changed answers on about 10 questions. My win rate on changed answers was roughly 50% — not better than my initial instinct. Unless you have a clear logical reason to change an answer, your first impression is often correct.
Time management: 125 questions, 4 hours = approximately 1.9 minutes per question. You have time. Do not rush. I finished my initial pass with 90 minutes remaining.
What Comes After CEH
The CEH opened doors that were previously closed to me professionally. The certification signals to HR teams and hiring managers that you have validated foundational security knowledge, even without a long professional track record.
My personal next steps after CEH:
- OSCP (Offensive Security Certified Professional) — the most respected hands-on penetration testing certification. Significantly harder than CEH but the gold standard for offensive security roles.
- CompTIA CySA+ — if you prefer the defensive side, this is a strong next certification covering threat analysis and incident response.
- Bug bounty programs — applied practice on real systems with real money as the reward. HackerOne and Bugcrowd are the main platforms.
For foundational security context as you continue learning, revisit our cybersecurity beginners guide and explore our cybersecurity threats 2025 overview.
The broader cybersecurity community has excellent resources for continued learning. EC-Council's official blog posts regular updates on certification changes and exam preparation tips.
Frequently Asked Questions
How hard is the CEH exam?
The CEH consists of 125 multiple-choice questions in four hours, testing conceptual knowledge rather than hands-on execution. Most successful candidates study 60-80 hours over 8-12 weeks. The primary difficulty is the breadth of material and EC-Council's specific terminology. Well-prepared candidates generally find it manageable.
Do I need a college degree to take the CEH exam?
No. EC-Council requires either completion of an official CEH course or two years of verified information security experience. A college degree is not required for either path.
What is the CEH pass rate?
EC-Council does not publish official statistics, but industry surveys suggest approximately 60-70% first-attempt pass rates for candidates who complete official training. Study EC-Council's specific terminology using official or accredited materials.
Is CEH worth it compared to OSCP?
CEH validates conceptual knowledge through a multiple-choice exam and is widely recognized by HR departments. OSCP is a 24-hour hands-on practical exam more respected in the offensive security community. CEH is a good entry point; OSCP is the more meaningful credential for serious penetration testers. Many professionals pursue both.
How much does the CEH exam cost?
The exam voucher is $950 through EC-Council. Official training adds $500-2,000. Total cost typically runs $1,500-3,000. Discounts are available for students and military personnel.
Conclusion
The CEH is genuinely achievable without prior IT experience if you approach preparation methodically. The 12-week plan in this guide, combined with consistent daily study of 60-90 minutes, will build enough foundational knowledge to pass.
The two things that matter most: use practice exams from Boson or similar providers in your final two weeks to calibrate your knowledge to the actual exam format, and spend time in your home lab doing hands-on practice so the concepts feel real rather than abstract.
I passed the CEH as a marketing analyst eighteen months ago. Now I am building toward my OSCP. The field is wide open, the demand for skilled security professionals is enormous, and the barrier to entry is lower than you might think.
Start studying today. The 12 weeks between now and your CEH certification will pass regardless — you might as well be certified at the end of them.
For free study materials and quick-reference notes to accompany your CEH preparation, download our cybersecurity study notes.
Frequently Asked Questions
AiTechWorlds Team
✓ Verified WriterThe AiTechWorlds team is passionate about AI, technology, and education. We create high-quality, research-backed content to help you learn, grow, and succeed in the modern digital world.
Related Articles
Affiliate Marketing in 2025: Which Niches Actually Make Money
Affiliate marketing in 2025 still pays well — if you pick the right niche. Here's which niches generate real affiliate income and which top programs to join.
Affiliate Marketing for Beginners: How I Made My First $1,000 in 90 Days
Complete affiliate marketing guide for beginners — choosing niches, joining programs, creating content, and the realistic timeline to your first $1,000 in commissions.
AI and Cybersecurity: How Hackers Use AI (And How to Stop Them)
AI cybersecurity threats are evolving fast — deepfake fraud, AI-powered phishing, autonomous malware. Here's exactly how hackers use AI and the AI defense tools fighting back.
How AI is Changing Digital Marketing (And What You Must Do About It)
AI digital marketing 2025 is reshaping every channel. Here's what's actually changing, which AI marketing tools are worth using, and how to adapt your strategy.