Breaking in to Security - Data
Last update 18th October 2013
First, if you don't know what this summary is for, I suggest you go and read the project introduction at Breaking In Part 1 then come back and look at the great responses I've had so far.
I'm planning to leave the survey open and update this data periodically, if anyone requires a copy and would like an up-to-date version please get in touch and I'll send a copy over.
I've also posted my slides from the BSides London talk I gave here: Breaking In BSides Slides.
Time in security?
| Time | Number | Percentage |
|---|---|---|
| 7+ years | 150 | 40% |
| 4-7 years | 94 | 25% |
| 1-3 years | 92 | 24% |
| <1 year | 41 | 11% |
Job Type?
| Job Type | Number | Percentage |
|---|---|---|
| Penetration tester | 210 | 57% |
| Vulnerability auditor | 169 | 46% |
| Sys-admin | 150 | 40% |
| IDS/Firewall admin | 118 | 32% |
| Log analyst | 114 | 31% |
| Policy writer | 114 | 31% |
| Incident response | 96 | 26% |
| Other | 83 | 22% |
| Manager | 80 | 22% |
| IT Forensices | 64 | 17% |
| Malware analyst | 57 | 15% |
| Reverse engineer | 47 | 13% |
| Helpdesk | 45 | 12% |
| Exploit developer | 42 | 11% |
| PCI auditor | 38 | 10% |
Do you need to be able to program?
| Answer | Number | Percentage |
|---|---|---|
| No, but it helps | 218 | 58% |
| Yes | 111 | 29% |
| Other | 19 | 5% |
| Don't know | 18 | 5% |
| No | 11 | 3% |
| Language | Number | Percentage |
|---|---|---|
| Python | 283 | 80% |
| Bash Scripting | 275 | 77% |
| C | 145 | 41% |
| Ruby | 142 | 40% |
| Windows Powershell | 124 | 35% |
| PHP | 122 | 34% |
| Batch Scripting | 119 | 34% |
| C++ | 86 | 24% |
| Java | 79 | 22% |
| Perl | 74 | 21% |
| Other | 63 | 18% |
| VB | 38 | 11% |
| C# | 31 | 9% |
| Lua | 25 | 7% |
Are certifications useful?
| Answer | Number | Percentage |
|---|---|---|
| Yes | 182 | 48% |
| Yes - but only to get through HR | 172 | 46% |
| No | 23 | 6% |
| Certificate | Number | Percentage |
|---|---|---|
| CISSP | 230 | 68% |
| SANS/GIAC | 220 | 65% |
| Offensive Security (PWB, AWE etc) | 132 | 39% |
| EC-Council (CEH etc) | 88 | 26% |
| CompTIA (Security+ etc) | 79 | 23% |
| Vendor specific | 77 | 23% |
| Other | 60 | 18% |
| CHECK Team Leader (CREST/Tiger Scheme) | 47 | 14% |
| CHECK Team Member (CREST/Tiger Scheme) | 46 | 14% |
Are cons useful?
| Answer | Number | Percentage |
|---|---|---|
| Yes | 320 | 85% |
| No | 25 | 7% |
| Other | 32 | 8% |
