.

Salaries/Earnings of Top Pen testers

<<

samsung

Newbie
Newbie

Posts: 1

Joined: Tue Sep 22, 2009 1:49 pm

Post Tue Sep 22, 2009 1:59 pm

Salaries/Earnings of Top Pen testers

Hi

I'm interested in IT sec, and specifically networking. It's my ultimate aim to get into this area (pen testing). As a bit of fun and light entertainment I really enjoy reading Hacking books (true accounts) and related stories.

I have a general question though: What would a Pen tester/Secuirty expert (either FT or contractor) at the top of their game be likely to earn a year? Most seem to be in it for the thrill and love (myself included) but it must entice others if the cash rewards are there.

I would really love to hear any experiences on this.

Thanks.
<<

themadhatter

Newbie
Newbie

Posts: 30

Joined: Sat Aug 11, 2007 8:33 pm

Location: NJ

Post Tue Sep 22, 2009 2:39 pm

Re: Salaries/Earnings of Top Pen testers

I am not currently in the pen testing field, although I am in IT security, so I can't say from experience but according to the the SANS salary survey below pen testers make anywhere from 56k (0-4 years experience) to 111k (10 years experience).  It would seem that according to the Salary vs. Title chart (page 3) pen testers are paid the least.  Can any of you pen testers out there confirm these findings?  Personally, this is the type of thing that makes me comfortable just being normal system engineer in IT security... its not as 1337 but I guess its way more money?

http://www.sans.org/resources/salary_survey_2008.pdf
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Sep 22, 2009 2:52 pm

Re: Salaries/Earnings of Top Pen testers

I think that much of it depends on the experience of the pen tester and the understanding of the value of pen testing by the employer.    With such a broad range of concepts and knowledge required to be a good pen tester, experience is key, in my opinion.  I think that an experienced pen tester will fetch a good salary.  However, if the employer believes that the pen tester is providing the same value as an automated scanner like Nessus or IBM ISS, than chances are the pen tester is not making good money.  Sadly, I think that there is a good amount of this.  I also think that we are going to see more regulations that will make pen testing a necessity and more in demand.

Those are just my two cents and are probably worth less :)
~~~~~~~~~~~~~~
Ketchup
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Tue Sep 22, 2009 4:35 pm

Re: Salaries/Earnings of Top Pen testers

Heres a security jobs RSS page I put together to keep an eye on the latest jobs in the UK. You can have a look at the salaries they are offering:
http://www.ethicalhack3r.co.uk/wp-conte ... ssjobs.php

Also heres a salary checker from CWJobs:
http://www.cwjobs.co.uk/SalaryChecker/S ... earch.aspx
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1257

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Sep 23, 2009 3:56 am

Re: Salaries/Earnings of Top Pen testers

Beside experience I would also say that it depends on in which country you are working and if you are specialized in one or more topics.
<<

SJF1978

Newbie
Newbie

Posts: 19

Joined: Mon Jul 20, 2009 6:13 am

Location: London

Post Wed Sep 23, 2009 3:03 pm

Re: Salaries/Earnings of Top Pen testers

According to the cwjobs salary checker I must be the worst paid IT professional ever lol
CISSP, CISM, CEH, ISO27001, MCSE, CCNA and Security +
<<

don

User avatar

Administrator
Administrator

Posts: 4265

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Sep 24, 2009 11:25 am

Re: Salaries/Earnings of Top Pen testers

I don't think you're alone. Many feel this way when reading salary surveys. I did when I was working at the University. Then when I not only looked at what I did and how the job wasn't that demanding (no travel, rarely needed to come in on nights or weekends, etc.), and then I added in the benefits like full medical and 5 weeks vacation a year... then it put me more in line with what others were getting.

Plus, all that extra time allowed me to do EH-Net.  8)

So putting the entire picture together definitely helped make me feel better.

Hope that helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

SJF1978

Newbie
Newbie

Posts: 19

Joined: Mon Jul 20, 2009 6:13 am

Location: London

Post Fri Sep 25, 2009 6:12 am

Re: Salaries/Earnings of Top Pen testers

Don I've just been in at the weekend completing a gap analysis and no pay... just a mail saying to the global team that we all will face consquences if we do not deliver in our region... I also have to travel 80 miles round trip..... blimey kick a bloke when his down ;-)

Bet you get courses and books paid for too.... even more salt to the wound!!! lol ;D
CISSP, CISM, CEH, ISO27001, MCSE, CCNA and Security +
<<

don

User avatar

Administrator
Administrator

Posts: 4265

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Sep 25, 2009 2:33 pm

Re: Salaries/Earnings of Top Pen testers

Are there any redeeming qualities about the job? If not, that may tell you something about where you are and where you want to be. Maybe it's even another job within the same company. Maybe not. Do you have a plan to make it better? Even if it's a 2 - 5 year plan, that's better than no plan at all.

Always steer your own ship. If not, you'll be placed where the river wants you and not where you want to be in the river.

Whoa... too deep for a Friday!

Don
CISSP, MCSE, CSTA, Security+ SME
<<

SJF1978

Newbie
Newbie

Posts: 19

Joined: Mon Jul 20, 2009 6:13 am

Location: London

Post Sun Sep 27, 2009 5:17 am

Re: Salaries/Earnings of Top Pen testers

totally agree Don! just like risk management try to influence your own destiny as best you can.... Thats why I decided to take my CISSP and CISM back to back and paid for all the fees myself without any support. Now I'm planning to take on the TIGER or CREST pentesting qualification which is the defacto needed to practice in the UK as its levels with the CHECK CESG... oh and that chapter give away on setting up a lab has come right on time :-) I'm just finishing the OSCP and reading reading reading to get ready for my goal of early next year... I'm actually starting to think sod working for others and starting up my own company, but I think it maybe wise to get some experience under my belt first... I might offer some services to local charity first for free.

The trouble with were I am is you can't even discuss security out in the open and pentesting is just scripting to them... or your labelled as a techy who can't understand the business... I strive for both thanks! some have a passion for infosec and some just do it as a job I guess... tick the box and move along and don't put your head above the trench!  
If only my middle\leadership mangers had this viewpoint
http://www.accountancyage.com/accountan ... ty-4788678


right on Jay abbott
Last edited by SJF1978 on Sun Sep 27, 2009 5:20 am, edited 1 time in total.
CISSP, CISM, CEH, ISO27001, MCSE, CCNA and Security +

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software