Even though there’s lots of information about penetration tester salaries available on the internet, this information is not always accurate and it’s very difficult to use it to estimate the amount of money you can expect to make as a network pentester. In this article, we’ll take a careful look at pentester wages and discuss what affects the pentesters’ pay.
Table of Contents
Who is a penetration tester?
A penetration tester is a cybersecurity expert that conducts assessments of various systems, applications, networks, devices, and even physical objects such as buildings and evaluates how well they are protected by security measures and what points of entry threat actors may use to cause damage. Pentesters also assess the amount of damage threat actors could cause if they were to breach the company’s defenses. Network penetration testers are professionals who primarily assess the security of networks. Penetration testers are essentially hackers who act for the benefit of the company instead of trying to cause harm.
How much money do pentesters make?
Like most IT professionals, penetration testers get paid extremely well. Naturally, pen tester salaries in large cities such as San Francisco, New York, and Washington DC are significantly higher than those in smaller cities such as Atlanta or Cleveland. Inexperienced pentesters also make significantly less money than professionals who have 10+ years of experience under their belt. As for the specific numbers, a penetration tester in the Bay Area can expect to make between $65,000 and $135,000, depending on their experience, education, skillset, and other factors. Pentesters in Cleveland and similarly sized cities can expect to make anywhere from $65,000 at the start of their careers to $95,000 as established professionals in the field.
Experience required to become a network penetration tester
One of the reasons penetration tester salary is so high is the lack of qualified and experienced professionals in the field. According to the data from the U.S. Bureau of Labor Statistics, over 500,000 penetration tester positions remain unfilled every year because companies are unable to find suitable candidates for them. And since the amount of cybercrime and the severity of threats hackers pose rises every year, this profession is going to become even more popular in the next few years. This means that if you’re considering getting into the penetration testing field, now is a great time and you can expect to see a lot of pentester demand and high salaries in the future.
The major downside of this profession is that you need a lot of prior experience to become a pentester. First of all, you can’t become a penetration tester right out of college. Most people first work in other areas of IT as sysadmins, network or software engineers. After getting at least 3 to 5 years of experience working in a non-security job, you can move into the pentesting field but you will need at least 2 to 3 years of additional experience before you can become a pentester in your own right.
Companies that offer pen tester positions
As a penetration tester, you will have a few options when it comes to employment. Some of the larger tech companies have penetration testing specialists on staff in-house. For instance, Microsoft has two teams of cybersecurity professionals for each product they create. One team conducts penetration tests, while the other one works on improving the security of the application and the teams switch roles every quarter. Smaller companies prefer to outsource their penetration testing tasks to dedicated cybersecurity companies. Working at one of these companies provides an excellent opportunity for an expert to gain experience with different tasks, systems, applications, and networks. Government agencies also seek to hire penetration testers as the threat of cybersecurity attacks remains on the rise.
What certifications does a penetration tester need to have?
CompTIA PenTest+, OffSec OSCP, and EC-Council CEH are the most important certifications that each qualified pentester should have. OSCP is the most difficult certification to achieve but it is absolutely necessary if you want to be eligible for top penetration testing jobs in both private companies and government agencies.
How much money do penetration testers make?
The starting salary for penetration testers is around $65,000. Top-level professionals can expect to make up to $135,000 per year in larger cities and up to $95,000 in smaller cities.
What tools do penetration testers use?
Just like hackers, penetration testers usually use the Kali Linux operating system in their work. This system comes pre-equipped with over 600 hacking tools that both white-hat and black-hat cybersecurity professionals can use to break into systems, networks, and devices and exploit vulnerabilities they’ve discovered.