How does a professional hacker make money in information security?

Home / Security Introduction / How does a professional hacker make money in information security?

The national average for an ethical hacking job in the US is around $119,000. The lowest paying region is Minneapolis at around $97,000 while the highest is San Francisco where the average is $150,000. The point is that being a professional hacker is not only an interesting profession but it’s a very high paying one. In addition to a high salary there are many ways for a good hacker to make money outside of a normal job, which is good for people that want to make their own schedule or don’t want to be tied down to any one location. Here, I go over how a professional hacker makes money.

Why do companies hire professional hackers?

The reason companies hire professional hackers (generally) is for security testing. They hire hackers to try and hack into their company to get a better understanding of how effective their security controls are and what they need to change in order to be more secure. For example if a company is releasing a new web application they will hire people to hack into the web application and see what the weaknesses are before the application is released. This way when the application hits the market, it’s less likely that hackers will be able to find a weakness in the application that will cost the company money.

Secondly, private companies and governments also hire hackers to hack their competition. When it comes to private companies they have an interest in getting information on their competitors plans or in making the competitor’s services unavailable to customers so that they have no choice but to switch over to their services. This is 100% illegal and therefore not something that I would ever recommend but just as a fyi, it does happen.

Government agencies have an interest in hacking other companies as a form of espionage. Since much of a government’s information is kept in electronic form, being able to hack into a government agency or a third party provider of a government agency can provide useful information. Secondly, some government’s also use cybercrime as a means of generating revenue. The most famous example of this is North Korea that generates millions of dollars every year through a dedicated cybercrime division of their government.

Ways to make money as a Computer Hacker?

The most basic way to make money hacking computers is to work for a company as a penetration tester. This would be a full time employee where your primary job responsibility is to test the security of different areas of the company. This is probably the easiest method to make money and it’s a good place to start. You will get a chance to work with other people who are more experienced and learn the industry.

This can be done part-time along with a job or full time. Many companies have what are called bug bounty programs, these are programs where companies give people permission to hack into certain areas of their network, application, website etc. In return for the hacker disclosing what they found the company gives out a cash reward. Several companies such as Facebook, Intel, Snapchat, Cisco, Dropbox and Apple have bug bounty programs. You can find a list of the 30 top bug bounty programs here. The great thing about this is that it’s open to everyone and scalable so you can work how much or how little you want. The downside is there is a lot of competition. It can be difficult when you’re just starting out to find bugs that are significant enough to warrant a reward before someone else does. This is going to be more for intermediate to experienced computer hackers. 

Contract: The difference between this and freelance is in a contract position you’re usually working for 1 client for a short period of time, say 6-12 months. Many times companies don’t want to hire penetration testers full time. Rather they only have a need for them to test once or twice a year or to test a new product that they will be releasing. In these situations they will want to hire someone for a short period of time to do the work and then let them go if there is no need for them. 

Developing Software: If you’re someone with a programming background this is a good option for you. In order to automate many of the tasks related to hacking computers people like to use pre-made scripts or software applications. Experienced hackers usually make their own custom scripts or tools to make their job easier and faster. One way to make money as a hacker is to create software for other people to use and sell it. The upside of this method is that you get residual income because once you make a tool and keep it up to date, you can resell it to multiple people without having to do any other work.

Starting a Business: Many hackers don’t continue to hack computers full time. Many of them take their expertise and open a security business that focuses on testing company’s security. This method has the potential to bring in the most profit but will require the most experience/expertise. In some cases people have even gone from getting criminal charges related to cybercrime to creating their own business. One example of this is Kevin Mitnick who was convicted back in 1995 and served five years in prison for different computer and communications-related crimes. Today he runs Mitnick Security Consulting LLC. He is also the Chief Hacking Officer and part owner of a company known as KnowBe4 and an advisory board member of Zimperium.

Final Thoughts

Being a full time computer hacker is 100% a viable career path and business to get into. It offers more flexibility than most other jobs by giving you a lot of ways to make money outside of a job. However, the downside to this specialty is that it can take a lot of practice to learn. With the exception of creating software, every other method requires you to find security bugs in order to get paid. If you don’t have a history of producing then it will be difficult for you to find work. If you’re looking for something that’s easy to coast and slack off then this probably isn’t an area to get into. I would suggest this for people that find this area interesting and are willing to put in time outside of work to get good.