Salary Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Salary Survey. These posts contain previously unpublished Salary Survey data.
What exactly does an "ethical hacker" do? Well, there's a mini-conversation that sort of sums it up in that one '90s computer thriller with Robert Redford, who plays a slightly rumpled security consultant, essentially an early analog of today's penetration tester. When he picks up a check for completing a job at a bank, the prim teller commiserates with him.
"So people hire you to break into their places, to make sure that no on can break into their places?" she asks. Redford shrugs a little: "It's a living." To which the teller, eyeing the amount on the check she's just made out to him, sympathetically responds, "Not a very good one."
On the contrary, however, individuals who have EC-Council's Certified Ethical Hacker (CEH) credential — No. 42 on this year's Salary Survey 75 list — make an excellent living. Don't be fooled by the Hollywood of 25 years ago's casual disregard: Becoming a Certified Ethical Hacker is a great way to secure (among other things) a very comfortable income.
The pool of CEH holders who responded to our 2016 Salary Survey is heavily American: 76.7 percent of respondents live in the United States. We also heard from CEH holders in 20 different countries, however, including Australia, Canada, Colombia, Germany, India, Indonesia, Jamaica, Libya, Macedonia, Mexico, Netherlands, Pakistan, Romania, Singapore, South Africa, Sweden, Taiwan, Trinidad and Tobago, the United Arab Emirates, and the United Kingdom.
Among U.S. CEH holders, the average annual salary in 2016 was $119,680, with a median annual salary of $115,910. There's some shrinkage of that figure outside the United States, but non-U.S. CEH holders still banked a considerable $78,950 in average annual salary, with a median annual salary of $78,000.
Most CEH holders in our survey pool are men (93.7 percent of those surveyed), though we did hear from a handful of female CEHs (6.3 percent). Generally speaking, there's not a lot of youth in the group: A scant 1.5 percent of those surveyed are between the ages of 19 and 24, with an additional 15 percent between the ages of 25 and 34. The bulk of the population are either between the ages of 35 and 44 (32.5 percent of those surveyed), or between the ages of 45 and 54 (32 percent). Geezers, like callow youths, are relatively few in number, with just 16.1 percent of those surveyed landing between the ages of 55 and 64, while 2.9 percent are between the ages of 65 and 74.
The highest level of education attained by most CEH holders is either a master's degree (41.7 percent) or a bachelor's degree (34.5 percent). Others topped out with an associate's (two-year) degree (8.1 percent of those surveyed), while a smallish segment of respondents have no degree but did complete some level of technical training (8.1 percent) after high school. Ethical hackers, it would seem, aren't quite the punk kids that hackers are often depicted as being: just 3.4 percent of those surveyed left the educational realm behind after getting a high school diploma.
An impressive 95.1 percent of CEH holders in the survey are employed full-time, versus just 1.9 percent who are unemployed, and a further 3 percent who are either employed part-time (1 percent), on sabbatical (1.5 percent), or recently retired (0.5 percent). Among those who have jobs, just 35 percent are fortunate enough to work a standard 40 hours per week. Less favored are the 45.6 percent who work between 41 and 50 hours per week, and especially the 12.6 percent who put in 50 hours or more.
Interestingly, the CEH credential would appear to provide an unusual level of access to management and executive positions. The bulk of CEH holders in the survey are employed at the senior specialist level (40.3 percent), but a striking 19.4 percent are managers, while seniors managers (11.2 percent), directors (13.1 percent) and executives (4.8 percent) are also uncommonly prevalent. Just 7.8 percent of those surveyed are mere specialists, and only 3.4 percent are rank-and-file employees.
Perhaps not surprisingly, given the relative age of CEH holders in the survey, most have been in the security game for quite a while: A notable 59.2 percent have worked in a role that utilizes their certified skills for more than 10 years. Just 3.9 percent of those surveyed have been thus engaged for between zero years (1 to 11 months) and 2 years, while 12.6 percent have been at it for between 3 and 5 years. Almost exactly 15 percent have pursued ethical hacking for between 6 and 8 years, and 9.2 percent have been in the field for 9 or 10 years.
Finally, here's the view of CEH holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 54.9 percent
Several times a week: 27.7 percent
Several times a month: 9.7 percent
Occasionally: 5.3 percent
Rarely: 2.4 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 44.2 percent
Agree: 37.9 percent
Neither Agree nor Disagree: 14.1 percent
Disagree: 2.4 percent
Strongly Disagree: 1.4 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 26.2 percent
Agree: 40.8 percent
Neither Agree nor Disagree: 24.8 percent
Disagree: 5.8 percent
Strongly Disagree: 2.4
Becoming certified has increased my workplace productivity.
Strongly agree: 21.8 percent
Agree: 47.2 percent
Neither Agree nor Disagree: 21.8 percent
Disagree: 6.3 percent
Strongly Disagree: 2.9 percent