Thanks to the unrelenting stream of news about big corporations being hacked, companies all over the world are starting to become keenly attuned to the pitfalls of poor InfoSec.
Loss of data and breaches of confidential information aren’t the only risks, damage to reputation is another serious consequence. As a result, organizations are prepared to invest heavily to protect themselves and their brand.
So, it’s not terribly surprising that ethical hackers, penetration testers, and information security analysts are some of the most prized and well-paid employees in the IT workforce today. But just how highly paid are these positions?
Let’s take a look at the following stats and figures.
Information Security Analyst Salary
PayScale.com shows that entry-level information security analysts can expect $64,000 from the outset of their career. This corresponds well with Indeed.com’s average figure of $69K for 2016.
The average yearly pay for ISAs in the May 2015 Bureau of Labor survey was $93,000 with an hourly rate of $44.83. There is no distinction between entry-level, mid-level, and senior positions here, so take this as a broad estimate.
The top thee US states with the highest ISA earners are:
- New York – $111,170
- California – $109,110
- Virginia – $106,320
Certified Ethical Hacker Salary
According to a 2015 IT Salary Report by Global Knowledge, an ISA with a CompTIA Security+ certification can expect a salary around $79,000 whereas an ISA holding a Certified Ethical Hacker cert commands an average of $95,000. Out of dozens of industry standard certifications covered in the report, Certified Ethical Hacker (CEH) is the 11th most highest-paying IT certification.
Indeed.com’s 2016 stats indicate that the average salary for Certified Ethical Hacker positions is $104,000. When you compare this with Indeed’s average salary stats for senior cyber security engineers at $106,000, you get a good idea of the earning power of the CEH.
Meanwhile, 41 Ethical Hacker respondents at PayScale.com disclosed their earnings and the average salary came out to $80,000 per year, with actual salaries ranging between $35,635 and $181,825. Also at PayScale, penetration tester jobs are revealed pay in the range of $44,000 to $124,000, with a mean of $78,000.
Ethical Hacker Job Titles
The EC-Council’s Certified Ethical Hacker certification is one of a handful of security certs that benchmark proficiency in penetration testing and security analysis. Similarly, ethical hackers are not limited to a single job title. Here are some of the most common positions held by ethical hackers:
- Information security analyst
- Cyber security analyst
- Network security analyst
- Intrusion detection analyst
- IT security engineer
- IT security administrator
- Penetration tester
While these job titles are all in good demand, keep in mind that countless variations exist out there in the real-world job market.
How to Get a Higher Salary
Whether you’re a Certified Ethical Hacker or a plain vanilla white hat hacker with only first-hand experience, there are several ways you can command a greater salary in the field of ethical hacking.
Many experts emphasize the need for specialization (in application security, network security, and so on), yet, at the same time it’s also a great idea to branch out and generalize a bit. Rounding out your security skill set with experience in roles such as system administration and software engineering will go a long way toward increasing your paycheck.
On the other hand, specializing in different forms of IT security roles will absolutely benefit ethical hackers and pen testers. The most straightforward path to specialization is certification in other security-centric courses such as:
- CISSP (Certified Information Systems Security Professional)
- OSCP (Offensive Security Certified Professional)
- OSCE (Offensive Security Certified Expert)
- GPEN (GIAC Penetration Tester)
- CISM (Certified Information Security Manager)
- CISA (Certified Information Security Auditor)
Two other excellent (and free) ways of increasing your worth as an ethical hacker are by performing independent security research and participating in bug bounty hunting programs.
If you haven’t got a blog already, start one today and tell the world about your adventures in IT security. Potential employers will be looking for this kind of initiative, especially when hiring hackers — and blogs are the perfect platform to showcase your knowledge, passion, and skills!
Moving Forward: Future Projections
Between 2013 and 2015, IT security positions in the United States experienced about 12% increase in starting salary across the board for roles such as InfoSec analyst and network security engineer. It is too early to say what the stats for 2016 look like, but the overall trend is extremely positive.
In 2014, the total number of ISA jobs as reported by the Bureau of Labor was 88,880 with a projected growth rate of 18% between now and 2024. That comes out to an extra 15,000 security analyst jobs, and this number does not reflect self-employed individuals who make up a significant portion of ethical hackers.
For those interested in taking on IT security as a career, the writing is on the wall. Now is the perfect time to get started, and you can expect your earning potential to grow steadily throughout the years. In fact, even if you were to develop no new skills or specializations, you’d likely still be earning more and more, year-by-year, due to the growing demand for skilled security pros.