Penetration testing

How Much Does it Cost to Become a Penetration Tester?

Nick Congleton
August 30, 2018 by
Nick Congleton

Being a professional penetration tester sounds appealing. How could it not? It has all the flash and intrigue of being a hacker, but you get to do what you enjoy legally and for a great salary.

But if you've ever looked into the path towards becoming a pentester (short for penetration tester), it can be pretty confusing. That's because there isn't one tried-and-true path towards this in-demand career. There are multiple ways to get there and all of them come with their own unique costs and benefits.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Your goal in any of these paths is to establish that you do have the skills necessary to do the job and that you're a reputable professional, not one of the shady individuals that a client would find in hacking communities on the Dark Web.

Online University

It's hard to ignore the amount of noise around online university programs. The idea is certainly tempting, and it can lead to some real results for your career. If you're looking to begin a career as a penetration tester, online degree programs can be a good option.

Plenty of schools are offering programs with a focus in cybersecurity and a good number of them are well-accredited. That includes graduate programs as well. If you choose the right school, you can absolutely learn enough and have a degree to start your career.

There is a downside, though. Online universities still aren't as highly regarded as traditional universities. To complicate things more, there are less-than-reputable for-profit schools that don't provide a quality education. If you're going to take this route, do your research and make sure that you're getting what you pay for.

Estimated Total Cost: $40,000 - $60,000

Traditional University

The traditional university experience might not be accessible to everyone, but it's still considered the gold standard in readying yourself for a career in technology. Employers universally respect a computer science degree and it would be hard not to learn what you need over the course of the four years that it takes to complete most programs.

While university programs tend to lag behind the industry in terms of updated content, some schools have gotten much better and have adapted to the pace of the rest of the world. A traditional university education also affords valuable relationship-building and networking opportunities with both fellow students and professors.

A traditional university is a costly and lengthy commitment. For many people, it simply isn't practical. Unless you're fresh out of high school, this path will be exceptionally challenging and the benefits, while great, aren't going to solve all your problems on your road to becoming a penetration tester. You'll still be viewed as a junior-level candidate fresh out of school and you probably won't be someone's first choice as an independent contractor without experience.

Estimated Total Cost: $40,000 - $100,000+

Work Experience

Maybe you already work in the tech industry and you're looking to branch into penetration testing. That's absolutely possible too, though it isn't easy to say exactly how to do it.

The first step that you can take is focusing on the security aspects of the career that you already have. Programmers can concentrate on secure programming techniques or scripting pentesting tools. System admins can secure their networks and systems. Make it known that you're taking on that role, too: you might just become the go-to security person in your department.

You also have the option of making a more drastic change. Take an entry-level position at a more security-focused company or transfer to a different branch with your current employer. The goal here is to get as much hands-on experience as you can and for that experience to be verifiable.

It will take significant time, and you may still need multiple industry certificates to further substantiate your expertise. If you want to transition to pentesting faster, you'll need even more certification to be taken seriously.

It's not exactly easy to nail down an exact cost because there are so many ways to approach this, but this range should be fairly common.

Estimated Total Cost: $0 - $4,000+

Online Classes, Videos and Certifications

With the vast amount information freely available online, it might seem appealing to teach yourself to become a penetration tester. It is possible to learn independently, but it's probably the hardest possible route to take.

If you plan on learning with online materials, you need to first ensure that those materials are accurate. Anyone can post what they want on YouTube, regardless of whether it actually works. Paid sites and services can be better, but many are superficial in the information that they cover.

Specific exam prep courses can be better. The courses offered directly by the authority issuing a certification or a trusted school tend to be best. They tend to run around $2,000 for the course, materials and exam. These almost always need to be paid in full before you get access. If you fail, you'll usually need to purchase an opportunity to retake the exam and you'll probably need to wait a set period of time before you can.

No single course or series of videos that you find online can prepare you for a career as a penetration tester alone. You'll need to curate your own program of study and research both educational materials and the certifications that you want to make your goals. You'll also be responsible for configuring your own testing lab to practice using tools and carrying out attacks, like data exfiltration on an improperly-secured SQL server.

Even still, this route can be a long one and still doesn't guarantee your recognition from employers. It does work well a supplement to another career path, though, and online resources can't be discounted for additional enrichment.

As with translating your work experience into a career as a pentester, going it alone is fairly unpredictable. This is a best-guess estimate based on training and certifications.

Estimated Total Cost: $5,000 - $12,000+

Boot Camps

Imagine that there's a middle ground in all of this. Say there was an educational institution that had knowledgeable instructors from the industry, real industry recognition and a cutting-edge curriculum. That same institution doesn't cost nearly as much as a university degree, and it doesn't require years to complete. That type of education is real and it's a boot camp.

Technology boot camps are a relatively new thing, but they've really caught fire as of late. That's mostly due to the fact that they solve many of the problems with other education methods while remaining current and accessible to anyone. This is especially true because many schools offer payment plans or work with lenders to make tuition more manageable.

Boot camps take place over the course of several days to several months, though some can be completed online. In either case, they can take you from novice to job-ready as efficiently as possible. They cut out all the extra prerequisite junk of a university, choosing instead to focus on practical topic related directly to your area of study. So when you sign on for a penetration testing bootcamp, you'll actually be learning penetration testing the whole time.

As with any route to your career, there are drawbacks. There are disreputable boot camps just like there are disreputable online universities, so do your research and choose one that's well-respected and has a proven track record for success. There are still some employers that don't value boot camps like they do universities, but that perception is changing over time.

Estimated Total Cost: $7,000 - $20,000+

Closing Thoughts

If you're planning on pursuing a career as a penetration tester, you have options. No one can tell you what the right path is for you or whether one option is worth the additional cost over another. Evaluate your options, talk to people in the industry and make an informed decision.

You're not going to become a penetration tester without a significant investment, and that includes your own time. Remember that it is an investment and it's one where the returns look exceptionally promising.

Sources

Global Security Testing Market Share, Size, Estimates, Trends and Forecast 2023, Reuters

College Costs: FAQs, CollegeBoard

Online Tuition & Fees, Southern New Hampshire University

Maximizing the value of your IT degree—not the cost, Western Governors University Tuition and Fees, University of Phoenix

DeVry University Tuition, DeVry University

Offensive Security Certified Professional, Offensive Security

Become a Certified Ethical Hacker, guaranteed!

Become a Certified Ethical Hacker, guaranteed!

Get training from anywhere to earn your Certified Ethical Hacker (CEH) Certification — backed with an Exam Pass Guarantee.

Certified Ethical Hacker, EC-Council

Nick Congleton
Nick Congleton

Nick is a freelance tech blogger who specializes in topics of security and open source software. He has a passion for technology and looks to make tech more accessible for everyone.