Salary Survey Extra is a series of dispatches that give added insight into the findings of both our annual Salary Survey and our smaller Salary Survey PLUS polls. These posts contain previously unpublished Salary Survey data.
Remember the Robert Redford film Sneakers where Redford and his guys use computer wizardry to test the physical security measures at places like banks and suss out vulnerabilities? Now instead of a bank think of testing and poking around a computer network or application the same way. That, in a nutshell, is the fine art of penetration testing.
"Pen testing," as it's also known is among the many information security specializations that you can pick up via the SANS Institute's GIAC certification program.: the GIAC Penetration Tester (GPEN) credential was No. 28 on this year's Salary Survey 75 list. We got only minimal response on this particular certification from survey respondents outside the United States, so what follows is mostly in reference to GPEN holders who are are also U.S. residents. Among that group, the average annual salary in 2016 was $124,920, with a median annual salary of $120,000.
Almost all of our GPEN-certified surveyed respondents are men (93 percent), so as is generally the case in cybersecurity, it would seem that there's quite a bit of opportunity for women interested in this particular infosec niche. More than 95 percent of GPEN holders in the survey are fairly comfortable ensconced in middle age, either between the ages 35 and 44 (41.4 percent of those surveyed) or between the ages of 45 and 54 (55.2 percent).
Most of the GPEN holders we heard from are college educated: The highest level of education attained by more than 75 percent of respondents is either a master's degree (51.7 percent of those surveyed) or a bachelor's degree (24.3 percent). On the other hand, there is some opportunity at the other end of the spectrum: a notable 10.3 percent of respondents never completed any formal education past high school, while 7 percent put in some technical training after high school but never went to college.
Here's something that's rare: full employment. Yes, 100 percent of the GPEN holders who responded to our survey are employed full-time. Not only that, but most are putting in more than just 40 hours per week. Nearly 60 percent of respondents work between 41 and 50 hours per week, while an additional 10 percent work more than 50 hours per week. The fortunate few are most in standard 40-hour job roles (24.1 percent of those surveyed), though we did hear from a small group who put in between 31 and 39 hours per week (6.9 percent).
Penetration testing is apparently a role that commands a fair degree of organizational seniority. A notable 59 percent of those we surveyed are either at the senior specialist level (31 percent), or employed as managers (27.6 percent). A further 17.2 percent of those surveyed are in senior management roles, with notable slices of the pie encompassing director (7.1 percent) and executive (6.4 percent) positions.
Once you've joined the club, it would seem, you can expect to say put. A bit more than 65 percent of GPEN holders in the survey have worked in a role that directly utilizes their certified skills for more than 10 years. The remaining respondents are split fairly evenly: 10 percent have between 9 and 10 years of service time, 13.9 percent have been in the ranks for between 6 and 8 years, and everyone else (10.5 percent) has been in the game for at least between 3 and 5 years. We didn't hear from anyone who's just starting in.
Finally, here's the view of GPEN holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 44.8 percent
Several times a week: 27.6 percent
Several times a month: 14 percent
Occasionally: 13.6 percent
Rarely: [No responses]
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 41.4 percent
Agree: 44.8 percent
Neither Agree nor Disagree: 13.8 percent
Disagree: [No responses]
Strongly Disagree: [No responses]
Becoming certified has increased my problem-solving skills.
Strongly agree: 48.3 percent
Agree: 21 percent
Neither Agree nor Disagree: 20.4 percent
Disagree: 10.3 percent
Strongly Disagree: [No responses]
Becoming certified has increased my workplace productivity.
Strongly agree: 24.2 percent
Agree: 41.4 percent
Neither Agree nor Disagree: 27.4 percent
Disagree: 7 percent
Strongly Disagree: [No responses]
Important Update: We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)