“To beat a hacker, you have to think like one.” This is the motto of the Certified Ethical Hacker (CEH), a certification offered by the International Council of E-Commerce Consultants (EC-Council).
With the number of data breaches on the rise, organizations are looking for ways to fortify their systems against attacks. One way to do this is to hire ethical hackers – individuals who use their hacking skills to find vulnerabilities in systems and help organizations fix them before they can be exploited.
CEH certification is one way to prove your ethical hacking skills. This certification validates your ability to identify, assess, and mitigate risks in an organization’s network infrastructure. It also demonstrates your knowledge of security tools and techniques.
So what does CEH certification entail, and what kind of job opportunities and salary can you expect with this credential?
CEH certification requirements
To become CEH certified, you must first pass the CEH exam. This exam is administered by the EC-Council and consists of 125 multiple-choice questions. You have four hours to complete the exam, and you must score at least 60% to pass (the exact passing score varies depending on the difficulty level of the exam version).
The CEH exam covers a wide range of topics, including network security, social engineering, malware reverse engineering, cloud computing, operation technology, cryptography, penetration testing, and more. It is not easy to acquire the CEH certification, but it is a valuable credential to have if you want to work in the ethical hacking field.
Is it the right time to choose a cybersecurity career?
Let’s take a look at some sobering cybercrime statistics:
- Cybercrime has increased by a staggering 600% during the COVID-19 pandemic.
- The number of malware infections per year has increased from 12.4 million in 2009 to 812.67 million in 2018.
- The global cost of cybercrime is expected to reach $10.5 trillion by 2025.
- The average cost of a data breach to a company globally is $3.86 million. Typically, organizations require an average of 191 days to recognize that a data breach occurred at all.
These numbers are just a fraction of what is happening in the cybercrime world, and they are only going to increase in the future. With the rise of cybercrime, there is also a rise in demand for ethical hackers and other cybersecurity experts.
At the moment, there are approximately 597,000 cybersecurity job openings across the United States waiting to be filled, and the supply is still relatively low.
So, in short? Yes, absolutely. Now is an excellent time to pursue a career in cybersecurity!
CEH job opportunities
With a CEH certification, you can pursue a wide range of job opportunities in the cybersecurity field. Here are some examples of positions that you may be qualified for:
- Security analyst
- Security engineer
- Security auditor
- Penetration tester
- Security consultant, and more
To better understand the kinds of positions that CEH credential holders can pursue, let’s look at the job description and salary ranges of each of these roles.
A security analyst can be a network security analyst, information security analyst, cyber security analyst, or any number of other titles. The core responsibility of a security analyst is to monitor an organization’s networks or systems for security threats, vulnerabilities, and breaches.
Their day-to-day assignments include using and maintaining cyber security software, such as firewalls, intrusion detection systems, and vulnerability scanners. They also create security reports, document any incidents that occur, and work with other members of the IT team to resolve any issues.
In 2020, there were a total of 141,200 available information security analyst positions in the United States.
According to PayScale, the salary ranges of different security analyst positions are as follows:
- Cyber security analyst: $57k – $125k
- Information security analyst: $55k – $122k
- Network security analyst: $60k – $112k
- Security analyst: $52k – $105k
A cyber security engineer, information security engineer, or network security engineer has many of the same responsibilities as a security analyst. However, their role also includes designing, developing, testing, and implementing security solutions to protect an organization’s networks and systems. Planning and executing upgrades to an organization’s security infrastructure is also typically part of a security engineer’s job duties.
They might also be tasked to respond to any incidents that occur and train other employees on cybersecurity best practices.
Here are the salary ranges for different types of security engineer positions, according to PayScale:
- Cyber security engineer: $74k – $147k
- Information security engineer: $75k – $137k
- Network security engineer: $58k – $130k
- Security engineer: $68k – $139k
Typically working as external consultants, security auditors are responsible for assessing an organization’s compliance with security policies and industry regulations. Their job duties include conducting audits, analyzing data, documenting findings, and presenting recommendations to improve an organization’s security posture.
Auditors need to have extensive knowledge of security best practices and frameworks, such as the ISO 27001 standard. They should also be familiar with different types of security auditing tools.
The salary ranges (and average salaries) for security auditor positions are:
- Information technology (IT) security auditor: $87,429 average salary
- Information systems audit manager: $132,500 average salary
- Senior IT auditor: $80k – $136k
Penetration testing has become an essential part of an organization’s cybersecurity strategy. By simulating real-world attacks, penetration testers can help identify vulnerabilities in an organization’s systems before criminals (malicious hackers) can exploit them.
Conducting a successful penetration test requires a combination of technical skills and creative thinking. Testers need to have a strong understanding of networking, web application development, and database administration. They also need to be able to think like a criminal – to figure out how they would exploit a system’s vulnerabilities.
The salary range for penetration testers in the United States is between $60k and $143k.
Security consultants are usually self-employed or work for a consulting firm. They provide expert advice to organizations on how to improve their cybersecurity posture. This can involve conducting security audits, offering training and awareness programs, and developing security policies and procedures.
Security consultants need to have a deep understanding of the latest security trends and threats. They should also be familiar with different compliance requirements and best practices.
The average salary ranges for different types of security consultant positions are:
- Security consultant: $67k – $156k
- Senior security consultant: $83k – $162k
- IT consultant: $51k – $128k
Does the geographical location make a difference in salary for any of these positions?
Yes, the geographic location does make a difference in salary for many of these positions. For example, the salary range for an ethical hacker in New York City is $109k – $139k, while the salary range for an ethical hacker in Dallas, TX is $90k – $115k.
However, several factors can affect a security professional’s salary, such as their level of experience, education, and certifications. So, it’s difficult to say definitively how much of a difference location makes.
Not to mention that different cities and states have other costs of living expenses, which can also affect how much a security professional takes home each year.
Another factor to consider is that the COVID-19 pandemic has greatly altered the way we work. While before 2020, it might have been inconceivable for a cybersecurity professional to work out of the office, now many security jobs can be done remotely. So, even if a certain city has a higher average salary for cybersecurity positions, it might not be the best place to live if you want to work remotely.
The bottom line is that there is no one-size-fits-all answer when it comes to finding the best city or state to live in as a cybersecurity professional. It depends on your specific circumstances and what you’re looking for in a job.
What are the best companies to work for as a CEH?
Both private and government organizations are looking for ethical hackers to help them improve their cybersecurity posture. So, there are many different types of companies that are great places to work as a CEH, such as:
- The US Department of Defense
- The US Navy
- The US Army
- The US Air Force
- The Boeing Company
- Linquest Corporation
- Booz Allen Hamilton, and more
It is important not to focus solely on the salary when looking for a CEH position. While salary is certainly important, it is not the only factor to consider when determining whether or not a company is a good fit. Other factors such as work/life balance, company culture, and career growth opportunities should also be considered.
Make sure you have the whole picture before deciding which company to work for.
The main takeaway from this article is that there are many different CEH jobs available, and the salary you can earn depends on the specific position.
Many factors can affect a security professional’s salary, such as their level of experience, education, certifications, and location. Additionally, the COVID-19 pandemic has changed the way we work, and many jobs that were previously only done in person can now be done remotely.
However, one thing is for sure: the demand for ethical hackers is high, and there are many great companies to work for as a CEH. So, if you’re looking to start or further your career in cybersecurity, pursuing a CEH certification is a great option.
If you’d like to take the first steps to become a CEH, don’t hesitate to contact us at the I4 Group. We offer a variety of programs and services to help you get started in your cybersecurity career. Contact us today to learn more.