September 22, 2009 at 6:59 pm #4284samsungParticipant
I’m interested in IT sec, and specifically networking. It’s my ultimate aim to get into this area (pen testing). As a bit of fun and light entertainment I really enjoy reading Hacking books (true accounts) and related stories.
I have a general question though: What would a Pen tester/Secuirty expert (either FT or contractor) at the top of their game be likely to earn a year? Most seem to be in it for the thrill and love (myself included) but it must entice others if the cash rewards are there.
I would really love to hear any experiences on this.
September 22, 2009 at 7:39 pm #27146themadhatterParticipant
I am not currently in the pen testing field, although I am in IT security, so I can’t say from experience but according to the the SANS salary survey below pen testers make anywhere from 56k (0-4 years experience) to 111k (10 years experience). It would seem that according to the Salary vs. Title chart (page 3) pen testers are paid the least. Can any of you pen testers out there confirm these findings? Personally, this is the type of thing that makes me comfortable just being normal system engineer in IT security… its not as 1337 but I guess its way more money?
September 22, 2009 at 7:52 pm #27147KetchupParticipant
I think that much of it depends on the experience of the pen tester and the understanding of the value of pen testing by the employer. With such a broad range of concepts and knowledge required to be a good pen tester, experience is key, in my opinion. I think that an experienced pen tester will fetch a good salary. However, if the employer believes that the pen tester is providing the same value as an automated scanner like Nessus or IBM ISS, than chances are the pen tester is not making good money. Sadly, I think that there is a good amount of this. I also think that we are going to see more regulations that will make pen testing a necessity and more in demand.
Those are just my two cents and are probably worth less 🙂
September 22, 2009 at 9:35 pm #27148ethicalhack3rParticipant
Heres a security jobs RSS page I put together to keep an eye on the latest jobs in the UK. You can have a look at the salaries they are offering:
Also heres a salary checker from CWJobs:
September 23, 2009 at 8:56 am #27149UNIXParticipant
Beside experience I would also say that it depends on in which country you are working and if you are specialized in one or more topics.
September 23, 2009 at 8:03 pm #27150
According to the cwjobs salary checker I must be the worst paid IT professional ever lol
September 24, 2009 at 4:25 pm #27151Don DonzalKeymaster
I don’t think you’re alone. Many feel this way when reading salary surveys. I did when I was working at the University. Then when I not only looked at what I did and how the job wasn’t that demanding (no travel, rarely needed to come in on nights or weekends, etc.), and then I added in the benefits like full medical and 5 weeks vacation a year… then it put me more in line with what others were getting.
Plus, all that extra time allowed me to do EH-Net. 8)
So putting the entire picture together definitely helped make me feel better.
Hope that helps,
September 25, 2009 at 11:12 am #27152
Don I’ve just been in at the weekend completing a gap analysis and no pay… just a mail saying to the global team that we all will face consquences if we do not deliver in our region… I also have to travel 80 miles round trip….. blimey kick a bloke when his down 😉
Bet you get courses and books paid for too…. even more salt to the wound!!! lol ;D
September 25, 2009 at 7:33 pm #27153Don DonzalKeymaster
Are there any redeeming qualities about the job? If not, that may tell you something about where you are and where you want to be. Maybe it’s even another job within the same company. Maybe not. Do you have a plan to make it better? Even if it’s a 2 – 5 year plan, that’s better than no plan at all.
Always steer your own ship. If not, you’ll be placed where the river wants you and not where you want to be in the river.
Whoa… too deep for a Friday!
September 27, 2009 at 10:17 am #27154
totally agree Don! just like risk management try to influence your own destiny as best you can…. Thats why I decided to take my CISSP and CISM back to back and paid for all the fees myself without any support. Now I’m planning to take on the TIGER or CREST pentesting qualification which is the defacto needed to practice in the UK as its levels with the CHECK CESG… oh and that chapter give away on setting up a lab has come right on time 🙂 I’m just finishing the OSCP and reading reading reading to get ready for my goal of early next year… I’m actually starting to think sod working for others and starting up my own company, but I think it maybe wise to get some experience under my belt first… I might offer some services to local charity first for free.
The trouble with were I am is you can’t even discuss security out in the open and pentesting is just scripting to them… or your labelled as a techy who can’t understand the business… I strive for both thanks! some have a passion for infosec and some just do it as a job I guess… tick the box and move along and don’t put your head above the trench!
If only my middleleadership mangers had this viewpoint
right on Jay abbott
- You must be logged in to reply to this topic.