Ethical Hackers vs Penetration Testers

Taylor Karl
Ethical Hackers vs Penetration Testers 2636 0

In the age of data, building a strong cybersecurity infrastructure is important for organizations to protect sensitive, business critical data. A major concern for organizations is the seemingly endless number of assaults on their infrastructure by hackers trying to find and exploit network vulnerabilities to illegally gain access so they can steal, alter, and/or destroy your sensitive data. One of the most important tools an organization can use to combat cybercriminals is a trained and certified cybersecurity staff.

In the cybersecurity realm, there are many certifications that look at security from various perspectives. These certifications focus on searching for vulnerabilities, configuring networks, demonstrating attacks, and recovering from attacks. Two popular cybersecurity certifications—EC-Council’s Certified Ethical Hacker (CEH) and CompTIA’s PenTest+ (EC-Council Certified Penetration Tester CPENT is equivalent to PenTest+)— target intermediate- and advanced-level cybersecurity professionals.

Many security professionals mistakenly assume that the two courses are interchangeable. The reality is that while there is overlap between CEH and PenTest+ (or CPENT) course content, each has their own specific focus. Before we look at the focus of the courses, we will discuss foundational knowledge about ethical hackers and penetration testers.

Are Ethical Hackers and Penetration Testers the Same Person?

When people hear the terms ‘ethical hacker’ and ‘penetration tester’, the assumption is that they represent two distinctly different roles. In reality, by definition, an ethical hacker is a penetration tester, thus the terms are synonymous.

Cybersecurity Training Solutions

So, what are the definitions for an ethical hacker and penetration tester?

Ethical Hacker: An ethical hacker is "an information security (infosec) expert who penetrates a computer system, network, application, or other computing resource on behalf of its owners—and with their authorization. Organizations call on ethical hackers to uncover potential security vulnerabilities that malicious hackers could exploit".

Penetration Tester: A penetration tester is meant to perform "security testing that mimics real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers".

Because the definitions for each are essentially the same, we will be using the term ethical hacker for the rest of this blog.

Three Types of Hackers

Anytime one hears the word hacker, the image that comes to mind is of someone who is out to steal, alter, and/or destroy an organization’s data. While not incorrect, this singular definition is also not 100% accurate. There are several types of hackers, referenced by a hat color, based on their motivation for hacking. Below are the three most recognized hacker types:

Black Hats are malicious in intent and use a variety of hacking tactics and tools to gain access to data illegally. Their motives for hacking could include stealing and destroying data, monetary gain from the theft of data, cyberespionage, or simply to show off their skill to gain prestige in the hacker community.

Grey Hats use the same tools and skills as a Black Hat, but their intent is not inherently malicious. A Grey Hat will hack a target network to search for vulnerabilities, but just like a Black Hat, their hack is done without the knowledge or approval of the organization which makes the hack illegal. However, unlike a Black Hat, Grey Hats don’t typically exploit the vulnerabilities they find. Once a Grey Hat has made their discoveries, some will reach out to the organization and request a fee, which is done out of a desire to be compensated for the work they have completed. If the targeted organization does not reply to or pay the Grey Hat’s fee request, some Grey Hats will post the vulnerabilities they found online.

White Hats use the same tools and skills as a Black Hat. They are hired to look for, find, and exploit vulnerabilities and weaknesses in a network, hardware, or software. Once their assessment is done, all discovered security vulnerabilities are disclosed to the organization. This allows an organization to fix vulnerabilities and create a more secure defensive posture.

An Ethical Hacker’s Duties

Because data is the new currency in the world of business, it needs to be protected from Black Hats who seek to do harm. Organizations hold extremely sensitive data—including internal operational data and the personal, financial, and medical data of employees and customers. The loss of sensitive information brings not only reputational harm to an organization, but it can also severely damage the lives of individuals.

Over the past several years, there have been many trusted organizations that have suffered from data breaches that impact the lives of their employees and customers: T-Mobile, Target, Facebook, Twitter, and many more. Some of these organizations had to spend millions of dollars to purchase identity monitoring services for the victims to try and mitigate the economic damage caused by potential identity theft. Proactive organizations that securely protect their sensitive data will reduce the likelihood of losing large sums of money due to regulatory compliance fines and the loss of current and future customers due to a tarnished reputation.

To protect an organization’s data, there are many important duties associated with an ethical hacker role. Some of the most common duties are:

  • Identify the Tactics, Techniques, and Procedures (TTP), knowledge, and the tools available to your adversaries, which provides insight into the methods and vectors a hacker would use to compromise a network
  • Assess the security of a specific computer system, network, application, or other computing resource as defined by baseline security requirements
  • Perform real-life attack scenario tests to determine if vulnerabilities can be exploited to push past security measures and gain access to an organization’s infrastructure based on three different testing scenarios:
    • Black-box (no visibility): no knowledge about the infrastructure of the systems, network, application, or other computing resources being targeted in the test
    • Grey-box (partial visibility): some knowledge about the infrastructure of the systems, network, application, or other computing resources being targeted in the test
    • White-box (full visibility): extensive insider knowledge about the infrastructure of the systems, network, application, or other computing resources being targeted in the test
  • Aid security operations centers and incident response teams to identify and contain cybercriminal intrusions
  • Document all the activities during the penetration test to verify if security tools and measures that protect resources properly logged the actions; any failure to recognize the incursion activities of the penetration test should trigger changes to the security measures used

One of the best methods to protect against, and defeat, cybercriminals is to think and act them to find vulnerabilities that can compromise a network. The best way for an ethical hacker to be prepared is with continuous learning through training and certification.

Becoming a Certified Ethical Hacker

Some people believe that attaining a single certification will give them all the knowledge and insight they need to become an Ethical Hacker. In reality, having certifications in both CEH and PenTest+ (or CPENT) showcases a well-rounded knowledge for work in cybersecurity. CEH and PenTest+ are DoD Directive 8570/8140 approved, which is of concern for anyone who is currently working for, or intends to work for, the government’s Information Assurance (IA) workforce. While CPENT is not an approved course for DoD 8570/8140, it does match to the NIST Framework in the Analyze and Collect and Operate categories.

There is some overlap between the topics taught in CEH, PenTest+, and CPENT to prepare you for certification. However, there are distinct differences between them based on the perspective each course focuses on. Below are the basic course perspectives, as well as a link to each course for further information on their objectives.

The EC-Council CEH course is a five-day course covering 20 modules. CEH teaches, from an offensive approach, the Tactics, Techniques, and Procedures (TTP) of Black Hats, as well as the tools they use, to compromise an organization’s infrastructure

The EC-Council CPENT and CompTIA PenTest+ courses are both five-day courses covering 14 and 20 modules respectively. CPENT and PenTest+ teaches, from an offensive approach, the steps required to carry out a successful penetration test.

Certification Requirements

EC-Council has the following requirements to attain CEH certification:

Candidates must attend an official CEH course by an Authorized Training Center (ATC). Acceptable training solutions include web-based training (WBT), computer-based training (CBT), instructor-led training (ILT), or academic learning.


If a candidate has not attended an official CEH course taught by an ATC, they must meet the following requirements:

  • Have two (2) years of verifiable work experience in the information security field
  • Pay a non-refundable $100 application fee
  • Submit a completed exam eligibility application

Currently, EC-Council does not have any eligibility requirements to attain CPENT certification.

CompTIA has the following recommendations for PenTest+ certification:

  • Have CompTIA Network+ and Security+ or equivalent knowledge
  • Three to four years of hands-on information security experience

Comparing the CEH, CPENT, and PenTest+ Exams

EC-Council CEH:

  • Number of questions: Total of 125
  • Test question format: Multiple-choice
  • Test duration: 240 minutes (4 hours)
  • Passing score: 60% - 85% depending on the exam question bank used for your exam
  • Price: $1,199

EC-Council CPENT

  • Number of questions: n/a
  • Test question format: Real-time performance-based tasks completed online
  • Test duration: 24 hours (1 day @24 hours or 2 days @ 12 hours each day)
  • Passing score: 70%
  • Price: $1,050 (sold as a training bundle with eCourseware, iLabs, 30-day Range Access, and exam with remote proctoring)

CompTIA PenTest+

  • Number of questions: Maximum of 85
  • Test question format: Multiple-choice and performance-based
  • Test duration: 165 minutes (2 hours 45 minutes)
  • Passing score: 750 (based on a scale of 100 - 900 points)
  • Price: $370

Additional Cybersecurity Certifications

Below is a list of additional cybersecurity certifications that will give you the knowledge necessary to defend against hacking incursions and provide you with more tools to strengthen your security posture.

  • CompTIA: Security+, CASP+, CYSA+

The Final Word

Ethical hackers are an important resource to build, maintain, and defend infrastructure that contains highly sensitive data about an organization, its employees, and its customers. To prevent incursions by Black Hat hackers, ethical hackers need to understand the methods, vectors, and tools used—in other words, they need to be trained to think and attack like their adversaries to find any vulnerabilities that can be exploited.

Not sure about the certification path to follow? Let United Training help you determine the right courses to take.