What skills will you learn?
Planning & Scoping
Information Gathering & Vulnerability Identification
Attacks & Exploits
Penetration Testing Tools
Reporting & Communication
Cyberattacks are a constant threat to businesses, and companies are looking to invest in qualified individuals. According to Cyberseek.org, penetration testers are in high demand, with a median salary of $98,000. Their offensive, or red team, skills help companies identify and mitigate network vulnerabilities. In May, CompTIA hosted an exam development workshop, where cybersecurity experts offered their insights on the forthcoming CompTIA PenTest+ certification. Here are just a few reasons why they would recommend CompTIA PenTest+.
1. CompTIA PenTest+ is uniquely comprehensive.
Unlike many penetration testing certifications, CompTIA PenTest+ covers everything a penetration tester needs to know, from project planning to final reporting. The exam contains both multiple-choice and performance-based questions, validating hands-on cybersecurity skills.
The following topics are just a few of those covered by CompTIA PenTest+:
- Planning and scoping
- Information gathering and vulnerability identification
- Attacks and exploits
- Penetration testing tools
- Reporting and communication
Luiz Vieira is an independent consultant and a veteran CompTIA Subject Matter Expert (SME) – the industry experts who help develop exam topics and questions. He holds six cybersecurity certifications but finds CompTIA PenTest+ special.
“For me, it is amazing, because there are very few certifications that cover the whole process,” Vieira said.
CompTIA PenTest+ validates the intermediate skills and best practices required to customize assessment frameworks, so certification holders can effectively collaborate and report vulnerability findings and communicate recommended strategies to improve IT security.
The new IT certification also uniquely equips cybersecurity pros with technical and management skills. It covers not only how to find vulnerabilities, but how to manage and report their recommendations. With CompTIA PenTest+, IT pros prove they know how to master and manage the penetration testing process, which includes vulnerability assessment and management skills.
2. CompTIA exams are created by working professionals who know the ropes.
CompTIA exams are created by cybersecurity practitioners from across the globe. These experts have many years of hands-on work experience that make them ideal to contribute exam material. CompTIA SMEs come from a variety of professional backgrounds and apply the certification concepts daily.
“We understand the many differences in the areas we are covering in this exam,” Vieira said, testifying to the professional diversity of the group.
CompTIA formulates exam questions with industry experts and organizations to guarantee its certifications are practical and holistic. Many of the experts took similar IT certification exams earlier in their careers and provide helpful insights about what IT pros need for the job.
3. CompTIA PenTest+ assesses important cybersecurity strategy.
In addition to safe practices, cybersecurity pros must understand attack strategy. CompTIA Cybersecurity Analyst (CySA+) tests defensive skills, while CompTIA PenTest+ encourages IT pros to think offensively. The best security experts use both perspectives to defend against vulnerabilities. Thinking in the mindset of a penetration tester and a hacker helps companies uncover blind spots.
Angelo Oliveira is a penetration tester at TOTVS and has a master’s degree in cryptography.
“[With CompTIA PenTest+], I can show that I know what is needed,” Oliveira explained.
4. We need more penetration testers.
The SMEs agreed that companies do not have enough skilled professionals to keep up with increasing project demand.
“Companies are requesting even more [pen testers] every day,” said Saulo Hachem, a security analyst at Morphus Segurança da Informação. “Every day we receive new penetration test projects.”
Cyberseek.org reports 10,929 open jobs for penetration and vulnerability testers in the United States, and CompTIA PenTest+ can help IT pros move up in their career and attain the skills that employers need.
5. CompTIA PenTest+ forms stronger teams.
Cybersecurity is a pressing issue for many industries, but few teams have the skills necessary to defend IT systems. According to CompTIA’s Assessing the IT Skills Gap report, 96 percent of IT and business executives agree that too many workers lack advanced skills, including problem solving, analysis and logical thinking. Vieira explained the difficulty of finding certified new hires.
“There is a huge gap for this type of professional around the world,” he said. “I think that with this education, we can help solve this gap.”
Penetration testers are highly valued because resilient networks have become crucial for business. CompTIA PenTest+ prepares security pros to think like attackers and anticipate vulnerabilities. These cybersecurity experts agree that CompTIA PenTest+ is a great option for equipping penetration testers with the skills they need to bridge the skills gap.
- CompTIA PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.
- Successful candidates will have the intermediate skills required to customize assessment frameworks to effectively collaborate on and report findings.
- Candidates will also have the best practices to communicate recommended strategies to improve the overall state of IT security.
CompTIA PenTest+ meets the ISO 17024 standard. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Over 1.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.
|Number of Questions||Maximum of 85 questions|
|Type of Questions||Performance-based and multiple choice|
|Length of Test||165 minutes|
|Passing Score||750 (on a scale of 100-900)|
Jobs that use CompTIA PenTest+
- Penetration Tester
- Vulnerability Tester
- Security Analyst (II)
- Vulnerability Assessment Analyst
- Network Security Operations
- Application Security Vulnerability