How Much can you Earn as an Ethical Hacker?
The rise of ethical hacking and a simultaneous boom in cybersecurity awareness now means that hackers can earn a fantastic living. This is a living made completely legitimately, often working directly for blue chip companies – not by collecting cyberattack ransoms, or even by freelancing and attempting to collect bug bounties!
Wikipedia states that “some computer security professionals have objected to the term "ethical hacker" as a "contradiction in terms.”” However, this isn’t something that seems to concern the numerous household-name firms who are openly advertising lucrative ethical hacking jobs online.
According to The Infosec Institute, typical annual salary ranges for ethical hackers in the US range from $24,760 to $111,502. However, the average salary is nearer the top of that range at $71.331 per year. Average salaries in some locations are notably higher, with jobs for Certified Ethical Hackers in New York City paying nearly $120,000 per annum.
Salaries for these roles in the United Kingdom seem to be slightly lower, at least according to figures from Payscale.com. In the UK, the average salary for a CEH role is £42,799, equivalent to just under US$61,000, calculated using the exchange rate at the time of writing.
Who is Recruiting?
It only takes a short surf around the Internet’s mainstream job boards to discover how many big-name firms are keen to find ethical hackers to help keep their computer systems and networks safe.
Here are a few examples found as this article was produced:
Hydrogen Group, a specialist recruitment agency, were advertising an ethical hacker role for a client in the UK. With an advertised salary of GB£80-100,000, this role was paying far in excess of the average UK salary mentioned above.
Pfizer were advertising for a CEH-certified Cybersecurity Attack and Penetration Security Tester, based in the USA.
American Express were seeking a Red Team Ethical Hacker to join them in Arizona.
These are just three examples. Other companies recruiting for such positions included Lockheed Martin, AIG, Procter and Gamble and PwC. Perhaps unsurprisingly in the wake of their high-profile data breach, Equifax were also recruiting for a wide range of IT security-related roles at the time of writing.
What Training is Required?
The vast majority of advertised jobs in ethical hacking specifically require a Certified Ethical Hacker (CEH) certification. This is a credential issued by EC-Council, who also offer a range of certification tracks into relevant qualifications.
Related training courses are available in over 145 countries and at over 2000 specific locations, according to information from the EC Council’s website. While there is a “foundation track” training option for people starting from scratch, many of the certification tracks have considerable prerequisites in terms of existing qualifications. For example, some training paths are aimed at graduate level candidates.
There are a wide range of different qualifications on offer, including specialities in cyber forensics and Vulnerability Assessment and Penetration Testing. Some proctored examinations are available online, but higher-level certifications such as the Certified Ethical Hacker (CEH) accreditation are taken “on site” at Pearson VUE accredited locations. That particular exam takes four hours and includes 125 different multiple choice questions.
According to Wikipedia, the CEH qualification has been criticised in some technical circles for a variety of reasons including “higher than average preparation costs,” with some people unhappy with the content of the exam itself. However, job adverts in this industry indicate that it’s the certification of choice for companies recruiting for such roles.
So, if you’re interested in joining a large company and shoring up their networks, CEH training looks like the most certain route. The good news is that once it’s complete, there are not only plenty of jobs out there, but many of them pay significant salaries too.