Salary Survey Extra is a series of dispatches that give added insight into the findings of our annual Salary Survey. These posts contain previously unpublished Salary Survey data.

There’s a cloak-and-dagger element to penetration testing that probably makes it seem a bit more glamorous than some IT jobs. A tester with an active imagination might picture himself (or herself) as the tech-savvy sidekick in a heist film whose job is to figure out how to break into a supposedly secure computer network or corporate database.

We didn’t ask the real life penetration testers who participated in our most recent Salary Survey whether they actually ever think that way, but we did ask them a bunch of other stuff. One related credential in particular, the GIAC Certified Penetration Tester (GPEN), checked an impressive box, rating as the tenth-highest salaried certification on our Salary Survey 75 list.

Here’s what the salary picture looks like for GPEN holders who responded to the Salary Survey:

All U.S. Respondents
Average Annual Salary: $137,360
Median Annual Salary: $137,500
How satisfied are you with your current salary?
Completely Satisfied: 3 percent
Very Satisfied: 32.4 percent
Satisfied: 45.9 percent
Not Very Satisfied: 16.2 percent
Not At All Satisfied: 2.5 percent

All Non-U.S. Respondents
Average Annual Salary: $102,500
Median Annual Salary: $115,000
How satisfied are you with your current salary?
Completely Satisfied: [No responses]
Very Satisfied: 32.2 percent
Satisfied: 24.5 percent
Not Very Satisfied: 43.3 percent
Not At All Satisfied: [No responses]

The largest single body of GPEN holders who responded to the survey is made up U.S. residents (84.1 percent). Although GIAC certifications are available worldwide, there were just 5 other countries represented in our results:  Canada, India, Switzerland, Thailand, and the United Kingdom.

Cybersecurity certifications tend to skew heavily male, which is also the case here: 93.2 percent of GPEN holders in the survey are men. A bit more than half (52.3 percent) of GPEN-certified respondents are also entering middle-age between the ages of 35 and 44, while a further 25 percent are solidly ensconced there between the ages of 45 and 54, and 16.6 percent are headed into retirement between the ages of 55 and 64. The only youngsters in the GPEN crowd are the 9.1 percent of respondents who are between the ages 25 and 34.

More than 85 percent of GPEN holders who responded to the survey are college graduates. The highest level of formal education completed for most is either a bachelor’s degree (40.5 percent of respondents) or master’s degree (37.8 percent), with a handful who either have doctorates (2.7 percent) or topped out with an associate’s (two-year) degree (5.7 percent). The outliers are either plain old high school graduates (5.1 percent of those surveyed) or completed some level of post high school technical training (8.1 percent).

Full-time employment among GPEN holders should probably be considered 100 percent. A sterling 97.4 percent of those surveyed have regular full-time jobs, and the remaining 2.6 percent are presently on sabbatical, presumably having taken leave from full-time jobs of their own. Among those presently on the job, roughly a third (31.1 percent of those surveyed) have a regular 40-hour work schedule, while 45.2 percent put in between 41 and 50 hours per week, and 16.6 percent work more than 50 hours per week. The rest, a fortunate 7.1 percent of respondents are only on the clock for between 31 and 39 hours per week.

In terms of workplace standing, almost everyone in the GPEN crowd is at least a couple of rungs up the corporate ladder. We did hear from 4.2 percent of respondents who are rank-and-file employees and 4.6 percent who are specialists, but the biggest single group is the 46.8 percent of those surveyed who are senior specialists, and everyone else is in a leadership role: 13.5 percent are managers, 13.1 percent are senior managers, 11.1 percent are directors, and 6.7 percent are executives.

Most GPEN holders who responded to the survey are veteran penetration testers. There are some rookies out there, with 15.5 percent of those surveyed having worked in a role that directly utilizes one or more of their certified skills for either between zero years (1 to 11 months) and two years (11.1 percent of those surveyed) or between 3 and 5 years (4.4 percent). There are also some GPEN journeymen in the mix, with 17.8 percent of those surveyed having applied their certified skills for either between 6 and 8 years (17.8 percent of those surveyed) or between 9 and 10 years (6.7 percent). Most, however, are veterans: 60 percent of GPEN holders in the survey have been in the game for more than a decade.

Finally, here’s the view of GPEN holders on key questions from the survey about how certification impacts job performance:

At my current job I use skills learned or enhanced through certification:
Several times a day: 60 percent
Several times a week: 28.9 percent
Several times a month: 2.4 percent
Occasionally: 6.7 percent
Rarely: 2 percent

Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 42.4 percent
Agree: 40 percent
Neither Agree nor Disagree: 13.4 percent
Disagree: 2.2 percent
Strongly Disagree: 2.2 percent

Becoming certified has increased my problem-solving skills.
Strongly agree: 26.7 percent
Agree: 53.3 percent
Neither Agree nor Disagree: 8.9 percent
Disagree: 6.7 percent
Strongly Disagree: 4.4 percent

Becoming certified has increased my workplace productivity.
Strongly agree: 26.7 percent
Agree: 42.2 percent
Neither Agree nor Disagree: 20 percent
Disagree: 4.4 percent
Strongly Disagree: 6.7 percent