I recently started a computer forensic internship, so I am gaining the oh so valuable experience...but I still can't decide if I want to have a career in computer forensics or pentesting. I've been searching keywords of CF and pentest jobs on Dice, Indeed, and Simply Hired and there are a few things that scare me about the two fields.

#1. The number of jobs for each CF and Pentration testing. I would hate to spend so much time and effort on learning and certs, to find I can't land a job in the field I love.

**What's your opinion on the career outlook for either job?

#2. Salary; I know money isn't everything but I definitely want to make a good living for myself and future family. When I google "computer forensic" and "penetration tester" salaries, I get different numbers from every website.

**I know it depends on so many factors, but from your experience how much should a professional with 0-5 years make per year?

#3. Here are the words I use to search for jobs, let me know if there are some words I should add.

**CF: EnCE, GCFA, GCFE, GREM, EnCase, FTK, CCE, CHFI, computer forensics, digital forensics

**Pentesting: OSCP, OSCE, GPEN, GWAPT, metasploit, CISSP, pentration tester, ethical hacker, backtrack, wireshark, CEH, vulnerability

Please add any other comments that could help, thanks again everybody .

i would not worry so much about that. there is still a high demand for security specialists in the pentesting and forensic field. Also if you are motivated to get such a job, maybe you should take a step back and take a job that eventually lead you to your ultimate goal. remember that sometimes taking a step back get you to your ultimate goal.

This differs alot per country, heck even per state if you are located in the US. just do some research on different forum's and see if it is equal to other specialized IT jobs. Even if we have a somewhat different occupation, down  the line we are still "just" an specialized IT employee.


This seems about right, but remember because it is such a niche market most organizations use other ways to seek there employees, think of conferences where there are boothstands, a great place is to look for organizations that are specialized in the pentesting or forensic working field and look at there website, if there are any openings they surely will be noted there and ofcourse forums/board like these (see the pentest request in san francisco posted a few days ago). Go ahead and search the web and do not rely on sites like monsterboard or whatever they use most in your country.

Seems to me that with no security experience, but IT experience (and couple with a degree and coursework I've completed) I've always been offered pay in the $50k area.  This has been in two different parts of the country, so I tend to think that for the entry-levelish computer security position $50k is about the norm.