Salaries/Earnings of Top Pen testers

Viewing 9 reply threads
  • Author
    • #4284


      I’m interested in IT sec, and specifically networking. It’s my ultimate aim to get into this area (pen testing). As a bit of fun and light entertainment I really enjoy reading Hacking books (true accounts) and related stories.

      I have a general question though: What would a Pen tester/Secuirty expert (either FT or contractor) at the top of their game be likely to earn a year? Most seem to be in it for the thrill and love (myself included) but it must entice others if the cash rewards are there.

      I would really love to hear any experiences on this.


    • #27146

      I am not currently in the pen testing field, although I am in IT security, so I can’t say from experience but according to the the SANS salary survey below pen testers make anywhere from 56k (0-4 years experience) to 111k (10 years experience).  It would seem that according to the Salary vs. Title chart (page 3) pen testers are paid the least.  Can any of you pen testers out there confirm these findings?  Personally, this is the type of thing that makes me comfortable just being normal system engineer in IT security… its not as 1337 but I guess its way more money?

    • #27147

      I think that much of it depends on the experience of the pen tester and the understanding of the value of pen testing by the employer.    With such a broad range of concepts and knowledge required to be a good pen tester, experience is key, in my opinion.  I think that an experienced pen tester will fetch a good salary.  However, if the employer believes that the pen tester is providing the same value as an automated scanner like Nessus or IBM ISS, than chances are the pen tester is not making good money.  Sadly, I think that there is a good amount of this.  I also think that we are going to see more regulations that will make pen testing a necessity and more in demand.

      Those are just my two cents and are probably worth less 🙂

    • #27148

      Heres a security jobs RSS page I put together to keep an eye on the latest jobs in the UK. You can have a look at the salaries they are offering:

      Also heres a salary checker from CWJobs:

    • #27149

      Beside experience I would also say that it depends on in which country you are working and if you are specialized in one or more topics.

    • #27150

      According to the cwjobs salary checker I must be the worst paid IT professional ever lol

    • #27151
      Don Donzal

      I don’t think you’re alone. Many feel this way when reading salary surveys. I did when I was working at the University. Then when I not only looked at what I did and how the job wasn’t that demanding (no travel, rarely needed to come in on nights or weekends, etc.), and then I added in the benefits like full medical and 5 weeks vacation a year… then it put me more in line with what others were getting.

      Plus, all that extra time allowed me to do EH-Net.  8)

      So putting the entire picture together definitely helped make me feel better.

      Hope that helps,

    • #27152

      Don I’ve just been in at the weekend completing a gap analysis and no pay… just a mail saying to the global team that we all will face consquences if we do not deliver in our region… I also have to travel 80 miles round trip….. blimey kick a bloke when his down 😉

      Bet you get courses and books paid for too…. even more salt to the wound!!! lol ;D

    • #27153
      Don Donzal

      Are there any redeeming qualities about the job? If not, that may tell you something about where you are and where you want to be. Maybe it’s even another job within the same company. Maybe not. Do you have a plan to make it better? Even if it’s a 2 – 5 year plan, that’s better than no plan at all.

      Always steer your own ship. If not, you’ll be placed where the river wants you and not where you want to be in the river.

      Whoa… too deep for a Friday!


    • #27154

      totally agree Don! just like risk management try to influence your own destiny as best you can…. Thats why I decided to take my CISSP and CISM back to back and paid for all the fees myself without any support. Now I’m planning to take on the TIGER or CREST pentesting qualification which is the defacto needed to practice in the UK as its levels with the CHECK CESG… oh and that chapter give away on setting up a lab has come right on time 🙂 I’m just finishing the OSCP and reading reading reading to get ready for my goal of early next year… I’m actually starting to think sod working for others and starting up my own company, but I think it maybe wise to get some experience under my belt first… I might offer some services to local charity first for free.

      The trouble with were I am is you can’t even discuss security out in the open and pentesting is just scripting to them… or your labelled as a techy who can’t understand the business… I strive for both thanks! some have a passion for infosec and some just do it as a job I guess… tick the box and move along and don’t put your head above the trench!  
      If only my middleleadership mangers had this viewpoint

      right on Jay abbott

Viewing 9 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?