Penetration Testing/IT Security/Network Security Engineer

Hi guys, have a question here.

I'm in my last year of a CIS degree at my uni and the fields in the thread title have been appealing my interests the most.

I've attended a few meetings/classes on ethical hacking, etc but was wondering, if there are any in this field already, can you confirm the results I have been seeing (that is, Penetration testers typically make a bit lower on the payscale)

Also, if I could get pointed to some good sources to read up on that would be great. Lately I've had 50+ tabs open on this stuff and it seems like everything I'm reading has been repetitious.

Thanks

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

docrice

As usual, I think it highly depends on a number of factors such as experience, etc.. Have you taken a look at the 2008 SANS salary survey already?

http://www.sans.org/security-resources/salary_survey_2008.pdf

MasterBullfrog

docrice wrote: »

As usual, I think it highly depends on a number of factors such as experience, etc.. Have you taken a look at the 2008 SANS salary survey already?

http://www.sans.org/security-resources/salary_survey_2008.pdf

Yes, checked this right before I posted this actually

docrice

I was under the impression that good pentesters are paid on the higher end of the scale, simply because they would need a solid background on networking, systems, applications, code, architecture, and communication (writing) skills for the documentation / reporting cycle. Requiring deep knowledge in all those areas makes this kind of work relatively specialized compared to being, say, a firewall / VPN admin.

phantasm

Time for my canned response. Your'e about to graduate from college, congratulations!! Well done. Now with that said, don't expect a silver platter in the IT field. You won't be a pentester or Network Security Engineer right out of school, expect to work with everyone else and start out on the helpdesk or in the NOC answering calls. If you're lucky, you might land in the SOC instead, but that is dependendant upon organization.

If you have no certs then I would look to the Security+, CCNA and CCNA Security. The higher end career certs in the infosec world are the CISSP and CEH plus a few others that elude me.

Yes top end Network Security Engineers and Pentesters get paid a good amount of money, but they have years and sometimes decades of experience. Don't let that disuade you, work hard and do your time and it'll come soon enough.