How much does an ethical hacker make? (Plus other FAQs)

By Indeed Editorial Team

Published 7 December 2021

Ethical hackers are IT security experts who use their skills to help organisations improve the security of their networks and systems. With the permission of an organisation, they attack their security systems in the same way a malicious hacker might, identifying potential points of weakness the company can reinforce to lessen their risks of being attacked. Ethical hackers are very much in demand and if you're interested in potentially pursuing this career, you may wish to learn a bit more about it. In this article, learn the answer to 'how much does an ethical hacker make?' and other FAQs.

How much does an ethical hacker make?

If you're interested in this career path, It's important to know the answer to 'how much does an ethical hacker make?'. The average salary for an IT security specialist is £47,005 per year and the average salary for a penetration tester is £47,229 per year, though this can vary depending on location, industry or experience level. Though the specifics of these job titles may be slightly different from the strict definition of an ethical hacker in some cases, we frequently use these terms interchangeably to refer to an ethical hacker and typically the jobs serve similar functions to ethical hacking.

IT security and ethical hacking jobs sometimes have further benefits beyond attractive salaries. Many organisations, particularly larger organisations, may provide financial bonuses to ethical hackers they employ, including freelance ethical hackers, for the potential security weaknesses they uncover. The bonuses generally increase in value as the severity of the risk they uncover increases.

Related: What is an IT consultant?

Ethical hacker FAQs

Here are a few frequently asked questions about working as an ethical hacker:

What is ethical hacking?

Ethical hacking is a proactive form of IT security. Companies employ the services of ethical hackers to attempt to undermine their security in the same way a malicious hacker might. In this way, they identify possible points of weakness that hackers could potentially exploit and make recommendations on how to fortify these weaknesses and improve the company's defences.

The practice of using ethical hackers to test the vulnerabilities of computer systems has existed almost as long as there have been systems with the potential to be vulnerable. One of the earliest examples of ethical hacking occurred in the 1970s, when the US government employed 'red teams' to hack its own computer systems. The demand for ethical hackers has only grown as computer systems have increasingly become a part of life and business.

What does an ethical hacker do?

An ethical hacker looks to assess the security of a system or network infrastructure. They go about this in the same way a criminal hacker would, looking for weaknesses in the system's defences, generally due to hardware or software flaws or improper system configurations, that they can exploit to bypass the security measures. The difference between an ethical hacker and a malicious hacker is that they have the company's permission to attack their infrastructure. If a hacker doesn't have this permission, even if their intention isn't malicious, then they aren't an ethical hacker and their actions are illegal.

Ethical hackers research, discuss and document their methodologies and the outcomes of their security tests. They then report this back to the IT team and management of the company they 'hacked'. The company then uses the findings and recommendations of the ethical hacker to implement fixes to minimise or eliminate their risks to potential attacks, getting their security infrastructure as close to 100% secure as possible. They may then use ethical hackers to carry out further security tests to double-check that the new measures put in place have indeed fixed the problems they identified.

Where do ethical hackers work?

Ethical hacking has grown over the years along with the IT security market in general. Any business or organisation that has an Internet-connected network or offers any form of online service has likely employed the services of an IT security analyst, penetration tester or ethical hacker. Indeed, many larger organisations, especially those that may handle and process people's personal information, employ teams of ethical hackers to ensure their systems are as secure as possible.

There are many independent security firms also that offer the services of ethical hackers to organisations and many ethical hackers who provide their services on a freelance basis. This means ethical hackers may find themselves working in virtually any industry or any business where Internet-connected networks are in use. Ethical hackers may find themselves with consistent, predictable work even if they're freelance as there are statutory requirements for businesses in certain sectors to carry out regular security and penetration testing, usually annually, particularly if they make any changes to their infrastructure.

What qualifications are necessary to become an ethical hacker?

Employers do often look for applicants who have a bachelor's or masters degree in computer science, cybersecurity, computer engineering, IT management or some other related discipline. A university degree is not necessarily a prerequisite to a career in ethical hacking, though. It's not uncommon to find a good majority of ethical hacking jobs advertised not mentioning a degree as a requirement for the position.

The most valuable attribute employers may look for in an applicant is relevant experience. Good experience coupled with professional certifications may often make you as competitive as someone with a degree, or even be enough to be equivalent and satisfy any degree requirements an employer may have. Typically, it appears as though employers look for two to four years of IT security-related experience, with proven practical experience in network vulnerability assessment and penetration testing.

What can I do to help me become an ethical hacker?

Professional accreditation can be a big advantage in making yourself competitive for ethical hacker jobs. You may wish to work towards certification to become a Certified Ethical Hacker (CEH), once such professional accreditation is provided by the International Council of E-Commerce Consultants (EC-Council). Gaining these accreditations can be a time-consuming process, but there are a number of self-learning resources that you can find and many training companies regularly run courses to gain these certifications.

In general, any ways you can build skills that would-be hackers may also possess can make you a competitive applicant and improve your chances of employment. For example, you may wish to gain knowledge in some of the common computer programming languages.

Related: FAQ: What is JavaScript?

What skills do a good ethical hacker have?

Alongside their specialist technical knowledge, possibly the most valuable skill a good ethical hacker can possess is a desire to continue learning and a proactive approach to their work. To be most effective, ethical hackers likely look to keep up to date with the techniques hackers are likely to use. It's also valuable for them to keep abreast of developments in IT security systems and the technical specifications of any new products that may hit the IT security marketplace.

There are numerous other soft skills that can be valuable in the work of an ethical hacker, such as attention to detail and research skills. Strong communication skills are also an advantage as part of their work usually involves communicating their work methods, findings and recommendations to the IT and management teams of the organisations they've security tested. Some knowledge of psychology may also be valuable. Many modern hackers base their attacks on social engineering techniques in order to obtain people's passwords.

Related: 11 top job skills: transferable skills for any industry

Is ethical hacking a good career path?

Many industry analyses have found that the continued growth of the cyber security industry has meant that demand for ethical hackers far outweighs supply. This means that individuals with the relevant skills and desire to follow this career path may find themselves very much in demand. This demand is probably only going to increase as virtually every business or industry increasingly involves some form of network or Internet activity, with security measures that necessitate tests on the system. This means that a career as an ethical hacker can potentially be dynamic and diverse, as well as financially rewarding.

The emphasis also on technical skill, proven experience and professional accreditation from applicants over university degrees may also be an attractive prospect. It can eliminate the potentially costly investment in university training necessary to enter some fields. Furthermore, it may provide the opportunity for a new career path for individuals who have a relevant technical background. Many organisations are also increasingly employing remote ethical hackers. The opportunity to work remotely can provide a degree of flexibility many may find hugely valuable when trying to maintain work, life balance.

Salary figures reflect data listed on Indeed Salaries at time of writing. Salaries‌ ‌may‌ ‌‌vary‌‌ ‌depending‌ ‌on‌ ‌the‌ ‌hiring‌ ‌organisation‌ ‌and‌ ‌a‌ ‌candidate's‌ ‌experience,‌ ‌academic‌ background‌ ‌and‌ ‌location.‌

Explore more articles