New Certification: CompTIA PenTest+

"3. New Certification: CompTIA PenTest+

This summer, CompTIA will release a new intermediate-level cybersecurity exam to complement CompTIA Cybersecurity Analyst. CompTIA PenTest+ (CPT) validates vulnerability assessment and management skills. Whereas CompTIA Cybersecurity Analyst addresses defensive "blue team" skills, CPT addresses offensive "red team" skills. The combination of penetration testing and vulnerability management in CPT means IT pros not only find and exploit vulnerabilities, but manage them to protect their organization's network."

How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam.

May wait after the beta period.

AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed

Find more posts tagged with

Comments

NetworkNewb

They are definitely milking everything they can out of these security certs!

dizzy_kitty

NetworkNewb wrote: »

They are definitely milking everything they can out of these security certs!

Definitely agree.

daviddws

I think the DoD wants more specialization.. hence the new security certs.

J_86

daviddws wrote: »

I think the DoD wants more specialization.. hence the new security certs.

Bingo. The DoD loves CompTIA.

yoba222

I just can't see something multiple choice (I assume) like this competing with something like OSCP in terms of validating skills. But then again, GPEN is multiple choice. And yes, DoD. I'm amazed at how fast the CySA+ landed on the 8570 list.

Cisco Inferno

oh man. I am starting to think the DOD is in bed with CompTIA.

Any idea how this compares to CEH?

EnderWiggin

I enjoyed the CSA+ beta, mainly in that I was able to give feedback on the questions. I'll likely sign up for this beta as well. I have no interest in the cert itself though, as it will never be worth what OSCP is worth.

xagreus

A few more details about the cert and the beta exam:
https://partners.comptia.org/certifications/pentest

Registration:
Begins January 31, 2018, on the Pearson VUE website

SteveLavoie

I took a note to register on Jan 31th.... There is not much information about the material to study. It is a 50 USD bet

The odds are not good for me.. but I can gamble it

I will schedule the exam as far as I can, and I will make a sprint to study another certs (CSA+), so I can do 2 tests the same day. It is a 1h30 drive for me to the nearest test center.

Eston21

I'm looking forward to signing up and taking this test.

soccarplayer29

I except this be at the same level as CEH---but more reputable.

It's mid-level according to CompTIA but regarding strictly pentesting I think it'll be equivalent to CEH and maybe between eJPT/eCPPT. It fills that void for those who avoid ECCouncil and eLS (lack or market penetration). Pure speculation but that's my initial take on it.

yoba222

Looks like the URL is in place on the CompTIA website, but not linked yet.

https://certification.comptia.org/certifications/pentest

Hmm . . . exam objectives are up there too.

comptia-pentest-exam-objectives-(2-0).pdf

hxhx

I think it's great that they did this. Hopefully people find it challenging and beneficial.

NetworkNewb

Yeaaaaa I’m not holding my breath on a multiple choice test on Pen Testing being too amazing. Would be surprised if this ever holds much value outside of the DoD. Just my 2 cents. We’ll see though

stryder144

I would hope that the performance-based questions will shape up well. If so, it might be a better choice than CEH. We shall see. It seems, though, based on what little I've read, that it would be better titled as VulnTester+.

the_Grinch

I think DoD is looking at it from the perspective of a management type certification. Government in general tends to farm out most of their work to contractors and have government personnel simply supervising those contractors. In a case like this, nice to have someone who knows what should be included in a pentest without needing the actual skill to perform it themselves.

Case in point, at my old job I was on the team that wrote the pentesting requirements, approved plans submitted and reviewed the work once completed. I'd taken courses in such things and could do them if required, but outside vendors were used (which was for the best anyhow). A cert like this would definitely aide in the drafting of requirements and analysis of plans submitted. Analysis of the report would definitely require the skills of actually performing a pentest, but you can have people with that knowledge on the team.

PC509

NetworkNewb wrote: »

Yeaaaaa I’m not holding my breath on a multiple choice test on Pen Testing being too amazing. Would be surprised if this ever holds much value outside of the DoD. Just my 2 cents. We’ll see though

Compared to EC|Council and their CEH, I would put CompTIA and this ahead. I don't expect it to be much more challenging, but EC|Council came off as an inferior company to work with. The exam was very easy and didn't really give much real world knowledge. I think the CompTIA one will be a little better (not much) than the CEH exam. Still, an entry level pen test - multiple choice, not a performance based exam.

It has it's place, but it's not a replacement of eJPT, OSCP, etc..

NetworkNewb

PC509 wrote: »

Compared to EC|Council and their CEH, I would put CompTIA and this ahead.

It has it's place, but it's not a replacement of eJPT, OSCP, etc..

Agree

wd40

I think People will go for PenTest+ instead of CEH for the huge cost difference.

I think CEH exam has a 100$ registration fee + 950$ for the exam - total 1050$, PenTest+ will probably cost 346$ "same as CySA+".

EnderWiggin

Signed up for Monday. No point waiting, gonna go have some fun!

fitzlopez

dizzy_kitty wrote: »

"3. New Certification: CompTIA PenTest+
This summer, CompTIA will release a new intermediate-level cybersecurity exam to complement CompTIA Cybersecurity Analyst. CompTIA PenTest+ (CPT) validates vulnerability assessment and management skills. Whereas CompTIA Cybersecurity Analyst addresses defensive "blue team" skills, CPT addresses offensive "red team" skills. The combination of penetration testing and vulnerability management in CPT means IT pros not only find and exploit vulnerabilities, but manage them to protect their organization's network."

How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam. May wait after the beta period.

AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed

Thanks @dizzy_kitty, going to sign up. $50 dollar gamble for a new cert? I'm in.

Any books, pdf's or videos you guys recommend? I have the CSX-P lined up so I hope a small part overlaps.

dizzy_kitty

Just signed up for it as well. Decided to give it go during my spring break.

NetworkNewb

Signed up for it... Not sure why, gluten for punishment I guess

DatabaseHead

This thread is making me laugh! Good luck on the cert!

airzero

Just signed up and taking it on the 13th. I'll let you guys know how it goes!

xxxkaliboyxxx

Signed up for the end of the month. I assume my studies for the GPEN will cover these domains.

globalenjoi

I think I might do this as well. I was planning to do the CSA+ to renew my other CompTIA certs this year, but I guess I should do this first. I'm fresh off of passing my GPEN, so I think most of the knowledge should already be there... Just gotta pick a date.

yoba222

Okay, okay; I'm in. I wasn't going to do this one. I see Reddit just discovered this beta cert so might as well sign up before all 400 seats are claimed.

Still mainly studying for CySA+ and going to concurrently read an older version of the GPEN books cover-to-cover one time through to prep for this. Scheduled for beginning of March.

tedjames

I downloaded the exam objectives today. There appears to be a lot of "Given a scenario" type requirements, like they did for the Cloud+ beta. Looks like it'll be a combination of multiple choice and performance-based questions. Looks like it covers a lot of ground. I wonder how much practical there'll really be.

MickyDee

I signed up for as late as the test center will let me, which is 4/20. I'm currently finishing up my last class for my Masters and studying for the CASP, so I'm going to be cutting it close since I'm not sure how much studying I will be able to do for the PenTest+. My last class is vulnerability management, so hopefully I'll retain some of that info.