Pentesting Certifications

The business value of the CompTIA PenTest+ employee certification

April 27, 2020 by Susan Morrow

Introduction

Vulnerabilities in our technology-enabled systems and services are the Achilles heel of our extended IT networks. In 2019, CVE Details recorded 16,556 such vulnerabilities across thousands of technology products. This is a concern, as cybercriminals are opportunists: one of the main methods they use to cause data breaches and other IT resource damage is by exploiting vulnerabilities (flaws) in software.

Finding software vulnerabilities can be a complex and intensive task. It requires many skills across IT architecture, cloud and mobile computing and cybersecurity. Dedicated penetration testers (pentesters) or information security professionals with pentest skills use this combination of know-how to security test IT systems. 

When carrying out a penetration test, your team must think like hackers but act like cybersecurity professionals. This is why a CompTIA PenTest+ certificate is an important way to judge the expertise and professionalism of your employees.   

What is the CompTIA PenTest+ certification?

The CompTIA PenTest+ certification is designed to test the skills of those security professionals who are involved in penetration testing of IT networks and vulnerability management. Assessment is by means of hands-on, performance-based questions and multiple-choice questions. 

The certification is of dual use. Not only does it test the capability of penetration testers, but it also looks at the individual’s management skills in planning, understanding of a scope of work and system weakness management.

The assessment covers everything from traditional desktops through cloud and web servers to mobile devices. The CompTIA PenTest+ meets the ISO 17024 standard.

The CompTIA PenTest+ exam is typically taken by employees with the following prerequisites:

  • CompTIA Network+
  • Security+ or equivalent knowledge
  • Minimum of three to four years of hands-on information security or related experience.

PenTest+ is intended to follow the CompTIA Security+ or equivalent experience.

What roles need the CompTIA PenTest+ certification?

Ownership of a CompTIA PenTest+ certificate is validation that an individual has the right mix of skills to be a professional pentester. Individuals who work in the area of penetration testing of IT networks must be self-reliant but also have great team working skills. 

Penetration testing is a challenging role; it requires deep insight into how cybercriminals operate. It also requires expertise in general IT and computing to understand how these systems are compromised. Pentesters need to be able to think like a hacker and discover weaknesses and vulnerabilities across an enterprise’s extended networks. 

The roles that are enhanced by having a CompTIA PenTest+ certification include:

  • Penetration tester
  • Vulnerability tester
  • Security analyst
  • Vulnerability assessment analyst

Individuals who work in the following areas will also benefit from taking the exam:

  • Network security operations
  • Application security vulnerability

What knowledge and skills does the CompTIA PenTest+ certification validate?

CompTIA PenTest+ certification and training associated with preparing for the exam will cover the following areas:

  1. Planning and scope: How to plan for compliance-based assessments
  2. The tools used in penetration testing: This includes tools used for detection and analysis but is currently limited to Bash, Python, Ruby and PowerShell
  3. Information gathering and vulnerability identification: Perhaps the most interesting part of the job for many pentesters is in the detection of vulnerabilities. This part of the certification looks at how to perform a vulnerability scan and analyze the results
  4. Attack and exploits: Part of being a good pentester is knowing how to hack. This section of the certification looks at exploitation techniques. It also assesses the individual’s capability in terms of performing post-exploitation techniques
  5. Reporting and communication: Being able to report findings in an effective and systematic manner is an important aspect of a pentester’s role

The CompTIA PenTest+ training and certification demonstrates competency in a number of areas:

  • Deep-level understanding of IT systems vulnerabilities and risks
  • Ability to test out an IT system against known security issues
  • To be able to use initiative to discover areas of risk
  • To be able to classify and set risk levels in alignment with business and compliance needs
  • To be able to use pentesting tools correctly
  • Data analysis skills
  • Good, clear, precise reporting and communication skills

How does the CompTIA PenTest+ certification benefit my business?

Employees with penetration testing skills are an important resource in an organization. While data breaches, ransomware and general hacking attempts create massive challenges for an organization, pentesters can work to spot issues and vulnerabilities in IT systems before they become a security incident. 

Pentesting simulates how cybercriminals exploit security flaws to attack your infrastructure to steal data and damage assets. By doing so, pentesters act to reduce security risk and prepare an organization to mitigate risk.

CompTIA PenTest+ certification is a hands-on practical exam; a successful candidate has demonstrated proficiency in all of the areas covered by the exam. As such, an employee that has achieved CompTIA PenTest+ certification is a valuable member of any security team. They will be able to help towards making a business a safer place to work. They will work to ensure that your extended IT systems, out into your vendor ecosystem, are as secure as they can be.

How can I help my team prepare for CompTIA PenTest+ certification success?

The CompTIA PenTest+ certification exam is a mix of multiple-choice questions and hands-on practical assessment. This is an intense exam and training is highly recommended. Infosec offers a CompTIA PenTest+ certification path which takes your employees through multiple courses dedicated to different aspects of the certification exam. Systematic and focused training, such as the CompTIA PenTest+ certification path, ensures that your employees are fully prepared for the CompTIA PenTest+ certification exam. 

CompTIA PenTest+ certification is an important way to validate the skill level of anyone involved in Penetration Testing. PenTest+ validated staff are a rich resource for an organization in a climate where cybercriminals are continually finding new ways to exploit vulnerabilities in IT systems. 

Specialist training used to prepare employees for PenTest+ exam success is also important. Offering employees dedicated training sessions to prepare for the PenTest+ exam ensures that an individual has the confidence to sit this very practical and important exam.

 

Sources

  1. Current CVSS Score Distribution For All Vulnerabilities, CVE Details
Posted: April 27, 2020
Articles Author
Susan Morrow
View Profile

Susan has worked in the IT security sector since the early 90s; working across diverse sectors such as file encryption, digital rights management, digital signing, and online identity. Her mantra is that security is about human beings as much as it is about technology. She tweets @avocoidentity