1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ethical hacker/security career

Discussion in 'Employment & Jobs' started by the_shadow, Jun 3, 2008.

  1. the_shadow

    the_shadow Bit Poster

    Hi everyone,

    I'm new, and am looking for some gudiance from more knowldegable peeps than myself.

    I found this article online, and it has piqued my interest. The web site is Ethical hacking.

    What I really wondered is are these sorts of claims actually based in reality? I see the computeach adverts on the telly all the time and they are a load of rubbish. What I want to know is if this articles claims is the truth about the earnings that are possible. And what sort of time frame you would be looking at to get to that level. Have a read and see what you think. Thank you.8)

  2. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    Hm - a grain of salt is required here. Paying £1000 a day for consultants isn't unusual in big corporate environments, but the consultants themselves don't get that - it goes to the agency they belong to!

    And you would have to be very good and very experienced to be billed at that level. So say about 10 years experience and have very high skills.

    There are exceptions - I've met consultants being billed at that rate that were frankly crap.

    And welcome to CF!

    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  3. GiddyG

    GiddyG Terabyte Poster Gold Member

    I'd echo Harry's comments from what I have seen in my area of work.

    I would also suggest that getting into a specific area of IT for the money, rather than for the interest/enjoyment of the actual work, may not be the ideal reason for jumping into it.
  4. dmarsh

    dmarsh Terabyte Poster

    The article seems broadly correct. What Harry says is true, consultants at senior levels can indeed earn £1k a day or more, however most of these are normally management consultants.

    The demand for Penetration Testers is not that high compared to the more common IT roles.

    You will probably only be able to work on Military projects which will probably be 50% of your work if you are a national of the country in which you are working.

    You will be lucky to earn £100k pa as a pen tester. Being a pen tester is probably a lot more like being a tester (ie repetative running of scripts, analysing results.) than being in the Matrix. In other words theres probably a lot less excitement in security than you think.

    The true hackers do not need certs like the CEH and CHFI. I'm not sure how much respect they have in the industry, the government and military seem to have their own approved schemes.
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  5. the_shadow

    the_shadow Bit Poster

    :D Thanks for the warm welcome.

    I saw the article and just wondered how much truth there was in it. They are charging a big sum of money for the course, and I was curious to know how true their claims were, and that means talking to some people who are not biased.

    I'm pretty much at the start of my career, I just finished some entry level voluntary work building pcs, and am looking at maybe doing an mcse or similar.

    It's always good to hear what sort of salaries are available if you work smart. At least I feel it is anyway.:p

    Apart from the pen testing, would any other networking specialists be able to command 80k+ a year salaries? I read ccies are quite highly respected.
  6. dmarsh

    dmarsh Terabyte Poster

    Welcome ! :D


    I find it concerning you are so fixated on money so early in your career...
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  7. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    Have to agree... :dry
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  8. zebulebu

    zebulebu Terabyte Poster

    Welcome to CF

    That article is, frankly, laughable. Its about as realistic as The Matrix itself! I was in IT Security for a police force for two years (left last December) and, amongst other responsibilities - like looking after the firewalls, IDS, AV, proxies etc - I was responsible for pen testing (internal and external). I've been in IT a long time and didn't earn anything like that and, whilst the salaries for security specialists are certainly higher than for helpdesk or support analyst roles, they are nowehere near £100k per year.

    The average Ethical Hacker in London, working for one of the well-known security firms, will probably earn about 40k a year - some will be on more, some less, dependent on experience. The more senior you are, the more you will get, but unless you run your own pen testing firm, you will never earn that sort of money (you'd need to be at partner level to do so).

    I love the bit about using a dictionary file for password cracking - four days? That is either some big-ass dictionary or some old-ass machine :biggrin

    I have taken and passed the CEH. The exam was pretty easy - especially compared with some of the MS exams I've sat in the past, but I found elements of the course useful. Certainly not two grand's worth but then, i wasn't stupid enouhg to pay that out of my own pocket - my employer did.

    My advice would be similar to the advice given in slightly less blunt terms by earlier posters: Don't try to run before you can walk. Security is one of those disciplines in IT where, unless you have a gift for it, you are highly unlikely to be any good at it. Try it out for yourself at home - read up on some of the basic concepts involved in penetrating a network. If you enjoy it, you're halfway there. Then go take some basic courses at your local college (that won't cost you an arm and a leg) get yourself into a support role somwhere and build up some experience, whilst learning at home. That way, when you've got a good solid couple of years behind you, you'll have either enough know-how to start thinking about a security career, or have decided that its not for you and will be able to focus on something else.

    Certifications: A few
    WIP: None - f*** 'em
  9. the_shadow

    the_shadow Bit Poster

    Thanks for this reply. I think I upset some of the earlier posters. I'm sorry.

    I don't want to come across as totally money minded, I really am interested in IT, and I guess you can only take my word for it as you don't know me. I think I get ahead of myself sometimes. What sort of things do you think would show if you started to learn security and were good at it?

    Also, what have you moved onto now? Is it still security?
  10. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    No, I doubt they're upset with you. They are merely looking out for your best interests. We tend to make statements like that to get you to do a little soul searching. :)

    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page