CompTIA has launched PenTest+, its newest credential for cybersecurity professionals around the world.
CompTIA PenTest+ provides a comprehensive assessment of the knowledge and skills needed to run a responsible and successful penetration testing program.
“As organisations become more proactive when it comes to cybersecurity, penetration testing is one of the tactics that they are employing,” said James Stanger, chief technology evangelist at CompTIA.
“But for penetration testing to be effective, the tester must have a range of skills, from pre-test preparation through post-test assessment and reporting. CompTIA PenTest+ covers the entire process and skillset of penetration testing.”
The CompTIA PenTest+ certification exam tests individuals in five technical areas: planning and scoping; information gathering and vulnerability identification; attacks and exploits; penetration testing tools; and reporting and communication.
“CompTIA PenTest+ is a performance certification, so in addition to answering multiple choice questions, the exam includes hands-on simulations,” Stanger explained.
“Test takers must perform simulated penetration testing and vulnerability assessment job tasks during the exam. Another differentiator of CompTIA PenTest+ is that it tests on knowledge and skills that go beyond the boundaries of a traditional firewall, and extend into post-perimeter networking environments, emphasizing end point device diversity, cloud platform use, and targeting end users.”
Exam content was created with input from cybersecurity professionals around the world. These experts have years of hands-on work experience and knowledge of the full range of cybersecurity threats, responses and pro-active measures.
The new exam joins CompTIA Cybersecurity Analyst (CySA+) at the intermediate-level of the CompTIA Cybersecurity Career Pathway. They follow CompTIA Security+, which validates baseline security skills; and precede CompTIA Advanced Security Practitioner, which covers advanced topics in enterprise security operations and architecture.
“CompTIA PenTest+ also fits into the ‘red team vs. blue’ team’ security exercises that many large organisations engage in,” explained Patrick Lane, director, product management, CompTIA.
“This activity combines a red team penetration testing approach with a blue team defensive security analyst’s perspective. The result is a stronger, proactive security team.”