Salary Survey Extra is a series of dispatches that give added insight into the findings of our annual Salary Survey. These posts contain previously unpublished Salary Survey data.
If you have an interest in hacking, but you don't want to worry about getting tangled up with law enforcement, then what could be cooler than doing a job where you get to pursue your passion without looking over your shoulder? Penetration testing lets your try your darnedest — with permission, in a contained environment — to crack systems and get access.
One of the key credentials available to both experienced and aspiring penetration testers is a relatively recent addition to the industry-wide cybersecurit canon from tech industry association CompTIA. CompTIA PenTest+, No. 46 on our most recent Salary Survey 75 list, is a great way to determine whether you have the most current knowledge of penetration testing and vulnerability assessment.
Here’s what the salary picture looks like for PenTest+ holders who responded to the Salary Survey:
All U.S. Respondents
Average Annual Salary: $111,060
Median Annual Salary: $104,580
How satisfied are you with your current salary?
Completely Satisfied: 7.6 percent
Very Satisfied: 25.8 percent
Satisfied: 34.8 percent
Not Very Satisfied: 24.2 percent
Not At All Satisfied: 7.6 percent
All Non-U.S. Respondents
Average Annual Salary: $56,820
Median Annual Salary: $51,250
How satisfied are you with your current salary?
Completely Satisfied: 5.4 percent
Very Satisfied: 10.8 percent
Satisfied: 24.4 percent
Not Very Satisfied: 35.1 percent
Not At All Satisfied: 24.3 percent
CompTIA’s long-lived IT certification program has a global footprint, and some of that breadth is reflected in this year’s pool of PenTest+ holders: only 64.1 percent are U.S. residents. We also heard from credential holders in 25 other countries: Afghanistan, Albania, Australia, Bolivia, Bulgaria, Canada, Croatia, Djibouti, Germany, India, Ireland, Jamaica, Japan, Malaysia, Nigeria, Norway, Pakistan, Peru, Philippines, Saudi Arabia, Seychelles, South Africa, Trinidad and Tobago, United Kingdom, and Vietnam.
The information security sector of the wider IT universe is largely dominated by male professionals, but that dynamic may be changing: 74.7 percent of PenTest+ holders who responded to the survey are men, but a remarkable 21.9 percent are women. The rest are either transgender female (1.4 percent), transgender male (0.7 percent), chose not identify a gender (also 0.7 percent), or are gender variant/nonconforming (0.6 percent). The survey pool of PenTest+ holders is a surprisingly youthful bunch, with 72 percent of those surveyed younger than 45, either between the ages of 35 and 44 (40.8 percent), between the ages of 25 and 34 (30.1 percent), or between the ages of 19 and 24 (1 percent). Most of the PenTest+ “senior citizens” are youngish as well, with a further 26.2 percent of respondents between the ages of 45 and 54, and just 1.9 percent between the ages of 55 and 64.
More than 95 percent of PenTest+ holders who responded to the survey have an educational background that includes time spent at a college or university. The highest level of formal education completed by most PenTest+ holders is either a bachelor’s degree (60.2 percent of respondents), master’s degree (22.3 percent), associate’s degree (6.8 percent), professional degree (3.9 percent), or doctorate (1.9 percent). The outliers are the 2 percent of those surveyed who completed some level of technical training after high school and the 2.9 percent who exited the realm of formal education after completing high school.
An unusually low 70.6 percent of PenTest+ holders who responded to the survey are employed full-time. The rest either have part-time jobs (9.6 percent of those surveyed), are students (7.5 percent), are on sabbatical (also 7.5 percent), or are unemployed (4.8 percent). Among those who have full-time jobs, most have either a standard 40-hour work week (47 percent of respondents) or put in between 41 and 50 hours per week (also 30 percent). The remaining roughly one-third of respondents are divided between those who work more than 50 hours per week (13 percent), those who put in between 31 and 39 hours per week (7 percent), those who put in between 20 and 30 hours per week (1 percent), and those who have the luxury of cramming their full-time work schedule into fewer than 20 hours per week (2 percent).
Like most other information security professionals, CompTIA-certified penetration testers appear to have been at least somewhat impacted by the COVID pandemic. A notable 43 percent of respondents either put in 40 hours per week from home (21.3 percent) or more than 40 hours per week from home (22.3 percent). About 28 percent of respondents work some (if not all) of their hours outside a traditional workplace, with 4.9 percent of those surveyed at home between 31 and 39 hours per week, 10.7 percent at home between 21 and 30 hours per week, and 13.6 percent at home between 10 and 20 hours per week. The balance of PenTest+ holders who responded to the survey — 27.2 percent — are more tied to a traditional office setting, working from home fewer than 10 hours per week.
In terms of workplace standing, the largest single group of PenTest+ holders we heard from is actually two groups: identical 20.5 percent segments of survey respondents are either specialists or senior specialists. The rest, in descending order, are either senior managers (17.1 percent of respondents), managers (15.1 percent), directors (13 percent), rank-and-file employees (9 percent), or executives (4.8 percent).
A notable 28.8 percent of PenTest+ holders who responded to the survey are relative IT newcomers, having worked in a role that directly utilizes one or more of their certified skills for between 3 and 5 years. The rest have been plying their certified skills for either between zero years (1 to 11 months) and 2 years (14.4 percent of those surveyed), between 6 and 8 years (23.3 percent), between 9 and 10 years (5.5 percent), or for more than a decade (28 percent).
Finally, here’s the view of PenTest+ holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 46.7 percent
Several times a week: 30.1 percent
Several times a month: 4.1 percent
Occasionally: 11.6 percent
Rarely: 7.5 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 37.7 percent
Agree: 36.3 percent
Neither Agree nor Disagree: 9.6 percent
Disagree: 8.2 percent
Strongly Disagree: 8.2 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 41.1 percent
Agree: 32.9 percent
Neither Agree nor Disagree: 16.4 percent
Disagree: 5.5 percent
Strongly Disagree: 4.1 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 26 percent
Agree: 41.1 percent
Neither Agree nor Disagree: 21.2 percent
Disagree: 8.2 percent
Strongly Disagree: 3.5 percent
PAST COMPTIA PENTEST+ DEEP FOCUS FEATURES