New Certification: CompTIA PenTest+

dizzy_kittydizzy_kitty Posts: 95Member ■■■□□□□□□□
"3. New Certification: CompTIA PenTest+
This summer, CompTIA will release a new intermediate-level cybersecurity exam to complement CompTIA Cybersecurity Analyst. CompTIA PenTest+ (CPT) validates vulnerability assessment and management skills. Whereas CompTIA Cybersecurity Analyst addresses defensive "blue team" skills, CPT addresses offensive "red team" skills. The combination of penetration testing and vulnerability management in CPT means IT pros not only find and exploit vulnerabilities, but manage them to protect their organization's network."

How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam. :) May wait after the beta period. icon_wink.gif

AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed
«1345

Comments

  • NetworkNewbNetworkNewb They are watching you Posts: 3,122Member ■■■■■■■■□□
    They are definitely milking everything they can out of these security certs!
  • dizzy_kittydizzy_kitty Posts: 95Member ■■■□□□□□□□
    They are definitely milking everything they can out of these security certs!

    Definitely agree. icon_lol.gif
  • daviddwsdaviddws Posts: 303Member
    I think the DoD wants more specialization.. hence the new security certs.
    ________________________________________
    M.I.S.M:
    Master of Information Systems Management
    M.B.A: Master of Business Administration
  • J_86J_86 Posts: 262Member
    daviddws wrote: »
    I think the DoD wants more specialization.. hence the new security certs.

    Bingo. The DoD loves CompTIA.
  • yoba222yoba222 Posts: 882Member ■■■■□□□□□□
    I just can't see something multiple choice (I assume) like this competing with something like OSCP in terms of validating skills. But then again, GPEN is multiple choice. And yes, DoD. I'm amazed at how fast the CySA+ landed on the 8570 list.
    Obtained: A+ | Network+ | Security+ | CySA+ | PenTest+ | CAPM | eJPT | CCNA R&S | CCNA CyberOps | GCIH | LFCS
    2018: Virtual Hacking Labs
    2019: eCPPT &/or OSCP | CISSP
  • Cisco InfernoCisco Inferno Posts: 1,035Member ■■■■■□□□□□
    oh man. I am starting to think the DOD is in bed with CompTIA.

    Any idea how this compares to CEH?
    2019 Goals
    CompTIA Linux+
    [ ] Bachelor's Degree
  • EnderWigginEnderWiggin Posts: 549Member ■■■■□□□□□□
    I enjoyed the CSA+ beta, mainly in that I was able to give feedback on the questions. I'll likely sign up for this beta as well. I have no interest in the cert itself though, as it will never be worth what OSCP is worth.
  • xagreusxagreus Posts: 75Member ■■■□□□□□□□
    A few more details about the cert and the beta exam:
    https://partners.comptia.org/certifications/pentest



    Registration:
    Begins January 31, 2018, on the Pearson VUE website

  • SteveLavoieSteveLavoie Posts: 553Member ■■■■□□□□□□
    I took a note to register on Jan 31th.... There is not much information about the material to study. It is a 50 USD bet :) The odds are not good for me.. but I can gamble it ;)

    I will schedule the exam as far as I can, and I will make a sprint to study another certs (CSA+), so I can do 2 tests the same day. It is a 1h30 drive for me to the nearest test center.
  • Eston21Eston21 Posts: 71Member ■■□□□□□□□□
    I'm looking forward to signing up and taking this test.
  • soccarplayer29soccarplayer29 Senior Member Posts: 226Member ■■■□□□□□□□
    I except this be at the same level as CEH---but more reputable.

    It's mid-level according to CompTIA but regarding strictly pentesting I think it'll be equivalent to CEH and maybe between eJPT/eCPPT. It fills that void for those who avoid ECCouncil and eLS (lack or market penetration). Pure speculation but that's my initial take on it.
    Certs: CISSP, CISA, PMP
  • yoba222yoba222 Posts: 882Member ■■■■□□□□□□
    Looks like the URL is in place on the CompTIA website, but not linked yet.

    https://certification.comptia.org/certifications/pentest

    Hmm . . . exam objectives are up there too.
    Obtained: A+ | Network+ | Security+ | CySA+ | PenTest+ | CAPM | eJPT | CCNA R&S | CCNA CyberOps | GCIH | LFCS
    2018: Virtual Hacking Labs
    2019: eCPPT &/or OSCP | CISSP
  • hxhxhxhx Posts: 41Member ■■□□□□□□□□
    I think it's great that they did this. Hopefully people find it challenging and beneficial.
  • NetworkNewbNetworkNewb They are watching you Posts: 3,122Member ■■■■■■■■□□
    Yeaaaaa I’m not holding my breath on a multiple choice test on Pen Testing being too amazing. Would be surprised if this ever holds much value outside of the DoD. Just my 2 cents. We’ll see though
  • stryder144stryder144 Posts: 1,488Member ■■■■■■□□□□
    I would hope that the performance-based questions will shape up well. If so, it might be a better choice than CEH. We shall see. It seems, though, based on what little I've read, that it would be better titled as VulnTester+.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • the_Grinchthe_Grinch Posts: 4,118Member ■■■■■■■■■■
    I think DoD is looking at it from the perspective of a management type certification. Government in general tends to farm out most of their work to contractors and have government personnel simply supervising those contractors. In a case like this, nice to have someone who knows what should be included in a pentest without needing the actual skill to perform it themselves.

    Case in point, at my old job I was on the team that wrote the pentesting requirements, approved plans submitted and reviewed the work once completed. I'd taken courses in such things and could do them if required, but outside vendors were used (which was for the best anyhow). A cert like this would definitely aide in the drafting of requirements and analysis of plans submitted. Analysis of the report would definitely require the skills of actually performing a pentest, but you can have people with that knowledge on the team.
    WIP:
    Python
    Java
  • PC509PC509 Passion For IT Oregon, USPosts: 709Member ■■■■□□□□□□
    Yeaaaaa I’m not holding my breath on a multiple choice test on Pen Testing being too amazing. Would be surprised if this ever holds much value outside of the DoD. Just my 2 cents. We’ll see though

    Compared to EC|Council and their CEH, I would put CompTIA and this ahead. I don't expect it to be much more challenging, but EC|Council came off as an inferior company to work with. The exam was very easy and didn't really give much real world knowledge. I think the CompTIA one will be a little better (not much) than the CEH exam. Still, an entry level pen test - multiple choice, not a performance based exam.

    It has it's place, but it's not a replacement of eJPT, OSCP, etc..
  • NetworkNewbNetworkNewb They are watching you Posts: 3,122Member ■■■■■■■■□□
    PC509 wrote: »
    Compared to EC|Council and their CEH, I would put CompTIA and this ahead.

    It has it's place, but it's not a replacement of eJPT, OSCP, etc..

    Agree icon_thumright.gif
  • wd40wd40 Posts: 981Member ■■■■□□□□□□
    I think People will go for PenTest+ instead of CEH for the huge cost difference.

    I think CEH exam has a 100$ registration fee + 950$ for the exam - total 1050$, PenTest+ will probably cost 346$ "same as CySA+".
  • EnderWigginEnderWiggin Posts: 549Member ■■■■□□□□□□
    Signed up for Monday. No point waiting, gonna go have some fun!
  • fitzlopezfitzlopez Posts: 68Member ■■■□□□□□□□
    "3. New Certification: CompTIA PenTest+
    This summer, CompTIA will release a new intermediate-level cybersecurity exam to complement CompTIA Cybersecurity Analyst. CompTIA PenTest+ (CPT) validates vulnerability assessment and management skills. Whereas CompTIA Cybersecurity Analyst addresses defensive "blue team" skills, CPT addresses offensive "red team" skills. The combination of penetration testing and vulnerability management in CPT means IT pros not only find and exploit vulnerabilities, but manage them to protect their organization's network."

    How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam. :) May wait after the beta period. icon_wink.gif

    AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
    https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed

    Thanks @dizzy_kitty, going to sign up. $50 dollar gamble for a new cert? I'm in.

    Any books, pdf's or videos you guys recommend? I have the CSX-P lined up so I hope a small part overlaps.
  • dizzy_kittydizzy_kitty Posts: 95Member ■■■□□□□□□□
    Just signed up for it as well. Decided to give it go during my spring break. :)
  • NetworkNewbNetworkNewb They are watching you Posts: 3,122Member ■■■■■■■■□□
    Signed up for it... Not sure why, gluten for punishment I guess icon_thumright.gif
  • DatabaseHeadDatabaseHead Posts: 2,285Member ■■■■■■■■□□
    This thread is making me laugh! Good luck on the cert!
  • airzeroairzero Posts: 126Member
    Just signed up and taking it on the 13th. I'll let you guys know how it goes!
  • xxxkaliboyxxxxxxkaliboyxxx Posts: 466Member
    Signed up for the end of the month. I assume my studies for the GPEN will cover these domains.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • globalenjoiglobalenjoi Posts: 104Member
    I think I might do this as well. I was planning to do the CSA+ to renew my other CompTIA certs this year, but I guess I should do this first. I'm fresh off of passing my GPEN, so I think most of the knowledge should already be there... Just gotta pick a date.
  • yoba222yoba222 Posts: 882Member ■■■■□□□□□□
    Okay, okay; I'm in. I wasn't going to do this one. I see Reddit just discovered this beta cert so might as well sign up before all 400 seats are claimed.

    Still mainly studying for CySA+ and going to concurrently read an older version of the GPEN books cover-to-cover one time through to prep for this. Scheduled for beginning of March.
    Obtained: A+ | Network+ | Security+ | CySA+ | PenTest+ | CAPM | eJPT | CCNA R&S | CCNA CyberOps | GCIH | LFCS
    2018: Virtual Hacking Labs
    2019: eCPPT &/or OSCP | CISSP
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 868Member ■■■■□□□□□□
    I downloaded the exam objectives today. There appears to be a lot of "Given a scenario" type requirements, like they did for the Cloud+ beta. Looks like it'll be a combination of multiple choice and performance-based questions. Looks like it covers a lot of ground. I wonder how much practical there'll really be.
  • MickyDeeMickyDee Posts: 28Member ■■■□□□□□□□
    I signed up for as late as the test center will let me, which is 4/20. I'm currently finishing up my last class for my Masters and studying for the CASP, so I'm going to be cutting it close since I'm not sure how much studying I will be able to do for the PenTest+. My last class is vulnerability management, so hopefully I'll retain some of that info.
«1345
Sign In or Register to comment.