Make a Pentester's Salary - Here's Where to Start

The Ethical Hacking Salary: What’s a Good Starting Point?Cybersecurity is the fastest-growing subset of IT as organizations look for ways to shore up network defense and reduce the risk of a large-scale data breach. As noted by Forbes, U.S. companies are looking to fill more than 200,000 infosec positions but simply can’t find the personnel — and this cybersecurity skills gap is predicted to widen over the next five years.The result? It’s a great time for IT pros interested in cybersecurity to make the jump, and one particularly in-demand area is ethical hacking. But what can you expect as an ethical hacker? What are your job responsibilities? What qualifications are required? And what’s a good starting point for an ethical hacking salary?Wearing the White Hat — What do Ethical Hackers Do?Ethical hackers are often called “white hat”, meaning they use their training and talents to benefit businesses rather than attempting to illegally breach or infiltrate systems. Blackhat hackers are the other end of the spectrum as the “bad guys” motivated by greed or politics, while “grey hat” hackers fall in the middle — mostly operating within the law but occasionally breaking the rules.According to IT Pro, ethical hackers are often motivated by curiosity: They want to know how network systems work, discover ways these systems can be fooled or made to fail and create better defenses which are more resistant to hacker efforts. In terms of day-to-day job responsibilities, ethical hackers perform multiple duties, such as:

• Penetration Testing — With the approval of managers, ethical hackers attempt to penetratenetworks and discover weak points in existing IT security. This helps reduce the chance ofhackers finding the same exploit and provides a framework for businesses to improve overalldefense.
• Application Hacking and Hardening — Ethical hackers look for ways to “break” mobile and webapplications in development. This ensures apps don’t go live with critical flaws; instead, they’resent back to devops for revision and further testing. In addition, ethical hackers find ways to“harden” applications, such as preventing users from inputting custom SQL queries or injectingcode into corporate web applications.
• Security Strategy Development — Using their knowledge of current (and emerging) attackvectors, ethical hackers develop long-term business strategies that help predict potentialavenues of attack and stop malicious actors before they access critical systems.

What Qualifications do Ethical Hackers Need?Becoming an ethical hacker requires two things: Curiosity about what makes IT security tick and the right certifications to attract the interest of a reputable employer. Even with the growing skills gap, companies aren’t willing to compromise their standards — they’re looking for the right people with the right skills to help defend critical infrastructure.Some of the most popular hacking certifications include:

• Certified Ethical Hacker (CEH) — The oldest and most well-known certification, CEH testing runs around $1000. Best bet? Get ready for CEH with ethical hacking prep courses; gain the knowledge and skills you need to confidently challenge the exam.
• SANS GIAC Penetration Tester (GPEN) — The SANS Institute offering runs $6000 for the course and $1700 per exam attempt. The course covers practical penetration testing skills that ethical hackers use on a day-to-day basis.
  • Case-in-point: This is why Cybrary was founded, to help provide barrierless entry into the field of cyber security so that no one has to pay a ridiculous amount of money to learn.
• The Offensive Security Certified Professional (OSCP) — With a focus on offensive compromise — the exam requires students to compromise multiple virtual operating systems within 24-hours and document their process — the OSCP has gained a reputation for both high difficulty and high value. Costs run around $800 per course and students must have a solid working knowledge of Kali Linux.

How Much Do Ethical Hackers Make?Certifications in hand, job offers on the table — but what’s a good ethical hacking salary, and when should you walk away?First, it’s worth noting that ethical hackers can make a living outside the bound of corporate employment through “bug bounty” programs — as noted by PC Magazine, both Google and Microsoft have paid out more than $100,000 to single individuals after successful hacks via their programs.Of course, bug bounty hacking isn’t exactly stable work — and organizations are looking to fill the gaps in their security teams. According to the Infosec Institute, the average ethical hacking salary comes in at just over $71,000. High-end payouts hit $110,000 while low-end remuneration starts around $30,000.Positions may also include bonuses based on overall company performance or individual targets achieved; some companies pay upwards of $10,000 in bonuses to ethical hacking professionals. What does this mean for you, the certified ethical hacker? With at least one qualification under your belt and previous IT experience, you should be looking for at least $70,000 as a base salary plus the option to scale up with more training and time spent hacking company systems.Bottom line? Companies need skilled cybersecurity professionals to bridge the skills gap, and certified ethical hackers top the list. White-hat hackers with a passion for their work and the right credentials are on track for solid compensation.

1. https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast- growing-job- with-a- huge-skills-gap-cyber- security/#7de316fe5163
2. https://www.itpro.co.uk/hacking/30282/what-is- ethical-hacking- white-hat- hackers-explained
3. https://www.cybrary.it/catalog/
4. https://www.pcmag.com/feature/354224/7-huge- bug-bounty- payouts/2
5. http://resources.infosecinstitute.com/certified-ethical- hacker-salary/#gref