What is a certified ethical hacker, and how much does he earn? As the term implies, a certified ethical hacker is someone who companies hire to inspect the security of their online systems by attempting to hack into them. These ethical hackers, who are occasionally called “penetration testers,” identify flaws in the system that an unethical hacker would exploit. By discovering the hacks before a thief does, a company can better protect itself against fraud. The average salary ranges for CEH’s vary depending on the country. Within each country, certain cities, states, or provinces tend to pay more than others.
Average CEH Salary Ranges by Country
A certified ethical hacker’s average salary in the United States ranges from $56,930 to $82,424 annually, depending on what specific functions he or she performs, and the number of years of experience. In general, a first year CEH can expect to earn around $60,000. After five to nine years, that figure rises to roughly $71,000. After 10 years, a CEH can expect to earn about $91,500, expanding to $105,000 after 20 years. The U.S. cities with the highest paying CEH jobs are Chicago and Milwaukee; the lowest paying cities are San Antonio, Texas, and Baltimore, Maryland.
In Canada, a certified ethical hacker can expect to earn between C$62,288 and C$74,000 (approximately $64,387 to $76,400). Those with one to four years of experience earn about C$48,000. Those with 5 to 9 years earn approximately C$63,300, while those with 10 to 19 years earn $C66,100 annually. Ontario and British Columbia tend to pay the highest average salaries of all the provinces, with averages of C$67,000 and C$64,000 respectively. Quebec and Manitoba, meanwhile, are on the lower end of the scale, with average salaries of $C48,000 and C$45,200 respectively.
In the U.K., the average salary range is £16,200 to £36,000 (approximately $26,200 to $58,200). Larger cities, such as London, tend to pay more than smaller rural enclaves, such as the East Midlands. In India, the average salary range for a CEH is 178,486 to 393,054 rupees (approximately $3,974 to $8,752). A CEH with a year of experience can expect to earn 222,000 rupees, while someone with 20 years or more of experience will likely earn 488,335 rupees.
Salary data for other areas of the world is not as standardized, although CEH’s can expect to find work wherever there is a large company which works with large amounts of electronic data. These three countries have been chosen as average salary guides because each of them has a fairly prominent and thriving tech industry nationwide.
Certification Process
To be officially designated a Certified Ethical Hacker, the individual must be certified by the EC Council, also known as the International Council of Electronic Commerce Consultants. The EC-Council is organized of individuals who are dedicated to remaining abreast of any cutting-edge technology developments, and spreading that knowledge to those who enroll in its training programs. The Council prides itself on continuously interfacing with professionals in the field and incorporating examples from actual successful hacks.
The certification process involves several different components, including ethical hacking and countermeasures and penetration testing. The areas of study include foot-printing and reconnaissance, learning how to scan networks, system hacking, viruses and worms, denial of service attacks, enumeration, Trojans and backdoors, hacking web applications and webservers, SQL injection and cryptography, among others.
The program also requires all those who wish to attain the CEH title to listen to testimonials by practicing information security professionals. The idea is that by creating a community of information sharing, individual hacks are far easier to both spot and defeat. Many of the information professionals who give talks at the CEH training center have had extensive experience dealing with fairly high profile systems which require rigorous testing on a regular basis. Many of these information systems are constantly expanding or changing their structures. Each change necessitates a scan for potential vulnerabilities. Some CEH’s are freelance consultants who are called in to work on specific projects; other CEH’s remain with a particular company for years as part of an in-house team.
Specialties and Alternate Salary Ranges
The umbrella of CEH training encompasses a variety of real-life scenarios which enables those who study to better select an area of expertise. Depending on what area a CEH chooses to specialize in, he or she may earn a different salary. A penetration tester, for example, has an average salary range in the United States of $58,326 to $95,000. A security engineer in information systems may earn anywhere from $67,917 to $101,356. While these are arguably sub-fields of the same discipline, the reason to mention these other potential job titles are that many individuals who are already competent in their field may choose to earn the CEH certification, which may increase their overall earnings potential.
Summary
The earnings potential of any individual is therefore very much influenced not only by his or her training, but the environment in which he chooses to work in, and his prior experience in the field. A freelance penetration tester, for example, may be able to charge higher “consultant” rates than an in-house CEH, depending on that particular individual’s experience with the company. A software professional who decides to become certified may or may not experience a commensurate rise in salary depending on the policies of his employer, and how much that certification and its corresponding skills are valued within the company.
Source: Ralph P. Sita, Jr., CPA
