Certified Ethical Hacker salary in 2024: What to expect
Companies are increasingly hiring ethical hackers to stop cybercriminals from infiltrating systems in almost every industry and sector, from government and healthcare to commerce, retail, transport and hospitality. The market for ethical hackers is growing, projected to rise from $3.4 billion in 2023 to $10.24 billion in 2028. Employers seek trained professionals who can prove their expertise and play key roles in safeguarding the organization's digital assets.
Understanding the role of an ethical hacker
A career as an ethical hacker requires the ability to access a computer, with the owner's authorization, employing techniques used by cyberattackers. In a growing cybersecurity job market, ethical hackers are often asked to perform security assessments, use security testing methodologies to assess the vulnerabilities in a network and utilize countermeasures to eliminate identified weak points. Afterward, they report any breaches and compromises that could be exploited.
On a day-to-day basis, an ethical hacker targets specific elements of an organization's network with the permission of the company they're working for. This may involve:
-
Exploiting vulnerabilities in a company's web applications
-
Using phishing techniques to try to steal authentication credentials
-
Trying to move laterally through to access additional endpoints, databases, servers or other components after accessing an organization's network
-
Writing reports regarding what they've found while hacking the network, as well as recommendations for ways the company can bolster its security
Earn your CEH, guaranteed!
Factors influencing ethical hacker salaries
Experience plays a big role in your salary as a Certified Ethical Hacker because the more experience you have, the more versatile your skill set is. A beginning ethical hacker can expect to earn around $72,000 a year, while an experienced hacker can earn upwards of $200,000. So, it's best to start immediately if you're diving into the field. You also want to document all ethical hacking activity, using that to create a portfolio.
Your geographic location can also play a significant role because the amount you get paid may vary based on:
-
The average pay for IT-related jobs where you live
-
The number of other ethical hackers vying for positions in the market
-
The types of companies with open positions and their needs in your area
For instance, in a tech hotspot like San Francisco, the average base salary is around $134,821. In Chicago, you can expect to bring in around $113,778; in Birmingham, Alabama, the average base salary is $113,778.
Education and certifications are another factor because they reassure companies that they have the knowledge base to exploit vulnerabilities and provide comprehensive improvement reports. For those pursuing cybersecurity career paths, certifications, in particular, can be powerful assets in your job search.
For instance, in a boot camp featuring ethical hacking certification details, you can gain experience and knowledge in accessing systems, exploiting vulnerabilities, performing reconnaissance and exfiltrating data. Armed with these skills, it's much easier to demonstrate to prospective employers that you can improve their network security.
Average ethical hacker salary data and trends
As a certified security professional, you will probably earn a higher salary than non-certified professionals because you can use credentials like the CEH to improve your chances of landing a high-paying job.
- According to Salary.com, an ethical hacker's salary range typically falls between $96,580 and $121,221, with an average base salary of $107,577.
- PayScale puts the average base salary of a Certified Ethical Hacker at $101,000 per year.
- According to Glassdoor, the average CEH salary is $101,946.
Based on these sources, the average pay for a Certified Ethical Hacker ranges between $96,580 and $107,577, which gives us an average base salary of $102,078, not counting bonuses and other compensation.
However, your earnings could be significantly more when you factor in additional pay. For example, Salary.com reports that ethical hackers make an additional $5,764 yearly when you include bonuses.
These numbers represent a significant improvement over previous years. For example, in 2022, the average pay for Certified Ethical Hackers was around $93,000, a 9.8% increase.
Interestingly, Certified Ethical Hackers make more than some other professionals in the cybersecurity sector. For example, the average cybersecurity analyst, according to payscale.com, makes around $89,456 per year, and a security analyst comes in at about $76,186 per year.
Certification's impact on salaries
Popular certifications, like CEH, may motivate employees to pay more because they prove your abilities. For instance, according to payscale.com's stats, while a Certified Ethical Hacker makes about $101,000, a penetration tester who does the same thing makes about 3.5% less at $97,561.
One of the primary reasons for influencing better pay for Certified Ethical Hackers is how the required skills align with industry needs in 2024. Certification exam designers systematically ensure that each test adjusts to the most recent demands on the cybersecurity landscape.
For instance, the CEH certification program has at least three modules focusing on SQL injection. This attack methodology involves using code to get a database to behave how a hacker wants or to change or divulge information. This is a major attack vector in 2024 because so many businesses and traditional web apps depend on databases to function. By including so much SQL injection content in its certification program, CEH ensures its cert candidates have the knowledge to safeguard a wide range of modern apps and business data systems.
Career pathways and progression
Regardless of the cybersecurity careers you're interested in pursuing, earning your Certified Ethical Hacker credentials can open a range of professional doors, such as being a:
-
Security consultant, when you give advice and guide companies regarding the best security measures for their digital landscape
-
Security analyst, which involves monitoring and analyzing networks for security incidents
-
Security engineer, when are you implement and design security solutions, ensuring that your employer uses the most effective technology and properly configures it to keep its digital assets safe
-
Chief information security officer (CISO), is a senior-level position that involves managing a team of IT professionals as they protect the digital assets of an organization
As you gain more experience and responsibilities, your salary increases in tune. For example, a CISO would make around $174,000 a year, significantly more than someone in a more entry-level position, such as an Information security analyst, who would earn around $77,000.
High earners in ethical hacking
Even though the average pay for ethical hackers is around $102,000, you can make significantly more, depending on which company you work for. For example, at Tesla, ethical hackers earn $164,490 per year. And at IBM, you can expect to bring in around $135,875.
One of the most important factors contributing to a higher salary as an ethical hacker is how vital your role is from the perspective of the company you're working for. For instance, a tech company with an intricate, complex digital ecosystem with many potential vulnerabilities may need an ethical hacker just to keep its operations viable.
On the other hand, a retailer with a relatively straightforward e-commerce system may only need to protect a simple digital environment. In this case, your role may require less expertise than what you'd need for a more network-dependent organization.
Earn your CEH, guaranteed!
Breaking into the field
To become an ethical hacker, you need to have the technical skills to penetrate systems and manipulate or exfiltrate data once you get inside. Some of the most useful skills include:
-
The ability to work with networking protocols, hardware and software
-
An understanding of common programming languages, such as Python and Java
-
Knowing how common operating systems work, such as Linux, Windows, Unix and iOS
-
Understanding how cybersecurity tools function, as well as the kinds of attacks they can't prevent
As mentioned before, as with many cybersecurity careers, experience is another powerful asset as you step into the ethical hacking field. As you apply for different positions, it's important to highlight your experience that relates directly to the digital ecosystem of the company you're applying to — even if that experience is from a home lab, a free capture-the-flag event, a training cyber range or something else.
Getting your toe in the door with ethical hacking doesn't have to take a lot of time, especially if you have the required certifications. If you can demonstrate significant experience showcasing work you've done in cyber ranges or capture-the-flag events, for example, you can earn an employer's confidence and nail the interview.
Similarly, you can earn progressively more money and move up the ranks. As you discover and provide solutions for vulnerabilities, you demonstrate your value in concrete, easily quantifiable ways.
Ethical hacking future outlook
Over the next few years, ethical hacking will continue to rise as one of the more important cybersecurity roles. Its growth will be driven by the unique nature of cyberattacks, many of which may be difficult to detect using typical threat identification and mitigation tools. For instance, zero-day attacks, which are threats that have just been introduced into the wild, can be very difficult or impossible for some firewalls to detect because they depend on threat signatures as the scan for attacks. An ethical hacker can expose these vulnerabilities and help an organization address them.
As an ethical hacker, it's common to see salaries in the $100,000 range or above. Your actual pay will depend on experience, the diversity of your skill set and the certifications you have. Regardless of how much ethical hacking you've done, this could be a very lucrative profession, especially because so many companies need these specialized skills. It's best to get started right away to build a portfolio of experience that compels hiring managers to give you a shot at cracking their security and improving their protections.
Earn your CEH, guaranteed!
Additional CEH resources
EC-Council CEH
EC-Council CEH
