Home » Miscellaneous

INFOSEC jobs survey stats

9 October 2013 No Comment

Hello Internet.

First of all, a million thanks for everyone who participated in this survey, thanks for taking the time to help me and others like me.
(If you participated and you want your data removed i will respect your wish just contact me via comments here on on twitter)


Here is an overview of the stats of the 22 participants that filled my survey https://www.esurveycreator.com/s/89e59b7

The first question is how happy are you, The range is being sad to being the happiest person ever:
The average happiness ratio is 62.15%

It’s good ratio but i actually expected more..
The second and third question are what’s your job title and what do you actually do here are the answers:

I’m a hacker
Pentesting web applications and secure programming

Application Security Lead
Everything to do with application security, from code reviews and testing to more management work like risk

Incident Responder

Security engineer
Security operations for enterprise customers. SIEM, database security, malware analysis, threat analysis, vulnerability management.

Software engineer
Responsible for an open-source product security. Find bugs & fix, cooperate with external pentest companies.

Computer engineer
I develop security systems such as authentication, digital signatures and I do security testing, implementation of ISO27001

Security Engineer
Mostly Web Application Security Assessments, Some Development, Some Management

Senior Vulnerability Researcher
Find vulnerabilities in software and devices. Develop proof-of-concept exploits. Develop tools to help with vulnerability research and exploitation. Write papers.

Cyber Security Specialist
Pentesting every thing every where black box and white box software and hardware

Pentesting – Ethical Hacking

Information Security Advisor
ips/ids, proxy, vulnerability scanning, pen testing, network based threat analysis, splunk, arcsight

Security Analyst

Director of Research
Develop new products, research interesting ways to solve problems, come up with solutions to customer problem

Network Engineer
Work with Cisco AND Juniper Wide Area Network Equipment

maintain and insure that all security policies and control applied and in place.

Information Security Specialist
configure and test fortinet appliances at different scenarios in enterprise/large-scale companies and banks.


Fourth question is `How much are you being paid?`:
The first pentester takes 400 ~ 700 Euros per pentest.
The second pentester takes ~$800 per pentest.
The network engineer is paid $200 per hour.
The rest of answers are (Per year):
5000, 36000, 40000, ,60000, 73000, 90000, 115000, 156000.


The fifth question is `How did you get your job?`:
Here are the answers:
– Internet
– Job website advertisement
– Through an acquaintance I met at a training event
– (Responsibly) reported a lot of sec. issues & fixes as the OS product community member, then asked to join full-time.
– The general director saw my skills and asked me to apply.
– Twitter
– A friend told the company owners to hire me.
– Via recommended me by a friend
– Recommendations
– Personal relationships
– Through advertising
– I’ve more than 9 years in this field
– Applied online at the company`s site


Are you working for a security company, or do you do security in another business?
11 said they work in a security company.
5 said they do security in a non-security company.


Did your job require previous professional security experience?
14 (93.3%) said yes.
1 (6.7%)said no.

(Bad news for me)


Do you work remotely?

9 (60.0%) said yes
6 (40.0%) said no


Last field is the comments, which TBH i didn’t expect much from but i was wrong.
Here is some comments i got:

Infosec is an awesome job, but it is what you make of it.

Security is not something you can do as “something that pays the bills”, if you are not passionate about it – just forget it.

If you are going to work in the security business, be prepared to get disappointed by people’s lack of support and understanding regarding what you do. This applies to the business, IT operations, software development, and sometimes even your own colleagues.

With that said, of course you should work in security! It’s the most passionate, loving, caring and giving community there is. There’s also a lot of douche bags in security, so be prepared for that too. Oh, and everybody knows best about everything, just wait until some pentester tells you all about how he knows more about antivirus than the actual antivirus vendors. This is of course BS, but it is also how it is.

People seem to think security is some sort of first line defence for the whole of humanity, the reality of it is no one apart from security people care about security. There is too many people in this industry that have some form of god complex. Try not to be one of those. Make sure you don’t lose your hobbies and friends for an industry that frankly won’t remember any of us when we’re gone

Thanks everyone!

Your opinion matters!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.