New Certification: CompTIA PenTest+
dizzy_kitty
Member Posts: 95 ■■■□□□□□□□
in PenTest+
"3. New Certification: CompTIA PenTest+
How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam. May wait after the beta period.
AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed
This summer, CompTIA will release a new intermediate-level cybersecurity exam to complement CompTIA Cybersecurity Analyst. CompTIA PenTest+ (CPT) validates vulnerability assessment and management skills. Whereas CompTIA Cybersecurity Analyst addresses defensive "blue team" skills, CPT addresses offensive "red team" skills. The combination of penetration testing and vulnerability management in CPT means IT pros not only find and exploit vulnerabilities, but manage them to protect their organization's network."
How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam. May wait after the beta period.
AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed
Comments
-
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□They are definitely milking everything they can out of these security certs!
-
dizzy_kitty Member Posts: 95 ■■■□□□□□□□NetworkNewb wrote: »They are definitely milking everything they can out of these security certs!
Definitely agree. -
daviddws Member Posts: 303 ■■■□□□□□□□I think the DoD wants more specialization.. hence the new security certs.________________________________________
M.I.S.M: Master of Information Systems Management
M.B.A: Master of Business Administration -
J_86 Member Posts: 262 ■■□□□□□□□□I think the DoD wants more specialization.. hence the new security certs.
Bingo. The DoD loves CompTIA. -
yoba222 Member Posts: 1,237 ■■■■■■■■□□I just can't see something multiple choice (I assume) like this competing with something like OSCP in terms of validating skills. But then again, GPEN is multiple choice. And yes, DoD. I'm amazed at how fast the CySA+ landed on the 8570 list.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
Cisco Inferno Member Posts: 1,034 ■■■■■■□□□□oh man. I am starting to think the DOD is in bed with CompTIA.
Any idea how this compares to CEH?2019 Goals
CompTIA Linux+[ ] Bachelor's Degree -
EnderWiggin Member Posts: 551 ■■■■□□□□□□I enjoyed the CSA+ beta, mainly in that I was able to give feedback on the questions. I'll likely sign up for this beta as well. I have no interest in the cert itself though, as it will never be worth what OSCP is worth.
-
xagreus Member Posts: 120 ■■■■□□□□□□A few more details about the cert and the beta exam:
https://partners.comptia.org/certifications/pentest
Registration:
Begins January 31, 2018, on the Pearson VUE website
Current: A+, Net+, Sec+, Cloud+, CySA+, CCNA, ITIL 2011 Foundation, AWS CCP, ISC2 CC, MS SC-900, MS AZ-900
2024 goals: AZ-900, Cloud+, Palo Alto PCNSA, CyberOps Associate, DevNet Associate, Project+
2025 goals: Linux+, Palo Alto PCNSA, TryHackMe SOC Level 1, TryHackMe SOC Level 2, TryHackMe Security Engineer, CASP+/SecurityX -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□I took a note to register on Jan 31th.... There is not much information about the material to study. It is a 50 USD bet The odds are not good for me.. but I can gamble it
I will schedule the exam as far as I can, and I will make a sprint to study another certs (CSA+), so I can do 2 tests the same day. It is a 1h30 drive for me to the nearest test center. -
soccarplayer29 Member Posts: 230 ■■■□□□□□□□I except this be at the same level as CEH---but more reputable.
It's mid-level according to CompTIA but regarding strictly pentesting I think it'll be equivalent to CEH and maybe between eJPT/eCPPT. It fills that void for those who avoid ECCouncil and eLS (lack or market penetration). Pure speculation but that's my initial take on it.Certs: CISSP, CISA, PMP -
yoba222 Member Posts: 1,237 ■■■■■■■■□□Looks like the URL is in place on the CompTIA website, but not linked yet.
https://certification.comptia.org/certifications/pentest
Hmm . . . exam objectives are up there too.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
hxhx Member Posts: 41 ■■□□□□□□□□I think it's great that they did this. Hopefully people find it challenging and beneficial.
-
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Yeaaaaa I’m not holding my breath on a multiple choice test on Pen Testing being too amazing. Would be surprised if this ever holds much value outside of the DoD. Just my 2 cents. We’ll see though
-
stryder144 Member Posts: 1,684 ■■■■■■■■□□I would hope that the performance-based questions will shape up well. If so, it might be a better choice than CEH. We shall see. It seems, though, based on what little I've read, that it would be better titled as VulnTester+.The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I think DoD is looking at it from the perspective of a management type certification. Government in general tends to farm out most of their work to contractors and have government personnel simply supervising those contractors. In a case like this, nice to have someone who knows what should be included in a pentest without needing the actual skill to perform it themselves.
Case in point, at my old job I was on the team that wrote the pentesting requirements, approved plans submitted and reviewed the work once completed. I'd taken courses in such things and could do them if required, but outside vendors were used (which was for the best anyhow). A cert like this would definitely aide in the drafting of requirements and analysis of plans submitted. Analysis of the report would definitely require the skills of actually performing a pentest, but you can have people with that knowledge on the team.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
PC509 Member Posts: 804 ■■■■■■□□□□NetworkNewb wrote: »Yeaaaaa I’m not holding my breath on a multiple choice test on Pen Testing being too amazing. Would be surprised if this ever holds much value outside of the DoD. Just my 2 cents. We’ll see though
Compared to EC|Council and their CEH, I would put CompTIA and this ahead. I don't expect it to be much more challenging, but EC|Council came off as an inferior company to work with. The exam was very easy and didn't really give much real world knowledge. I think the CompTIA one will be a little better (not much) than the CEH exam. Still, an entry level pen test - multiple choice, not a performance based exam.
It has it's place, but it's not a replacement of eJPT, OSCP, etc.. -
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Compared to EC|Council and their CEH, I would put CompTIA and this ahead.
It has it's place, but it's not a replacement of eJPT, OSCP, etc..
Agree -
wd40 Member Posts: 1,017 ■■■■□□□□□□I think People will go for PenTest+ instead of CEH for the huge cost difference.
I think CEH exam has a 100$ registration fee + 950$ for the exam - total 1050$, PenTest+ will probably cost 346$ "same as CySA+". -
EnderWiggin Member Posts: 551 ■■■■□□□□□□Signed up for Monday. No point waiting, gonna go have some fun!
-
fitzlopez Member Posts: 103 ■■■□□□□□□□dizzy_kitty wrote: »"3. New Certification: CompTIA PenTest+This summer, CompTIA will release a new intermediate-level cybersecurity exam to complement CompTIA Cybersecurity Analyst. CompTIA PenTest+ (CPT) validates vulnerability assessment and management skills. Whereas CompTIA Cybersecurity Analyst addresses defensive "blue team" skills, CPT addresses offensive "red team" skills. The combination of penetration testing and vulnerability management in CPT means IT pros not only find and exploit vulnerabilities, but manage them to protect their organization's network."
How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam. May wait after the beta period.
AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed
Thanks @dizzy_kitty, going to sign up. $50 dollar gamble for a new cert? I'm in.
Any books, pdf's or videos you guys recommend? I have the CSX-P lined up so I hope a small part overlaps. -
dizzy_kitty Member Posts: 95 ■■■□□□□□□□Just signed up for it as well. Decided to give it go during my spring break.
-
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Signed up for it... Not sure why, gluten for punishment I guess
-
airzero Member Posts: 126Just signed up and taking it on the 13th. I'll let you guys know how it goes!
-
xxxkaliboyxxx Member Posts: 466Signed up for the end of the month. I assume my studies for the GPEN will cover these domains.Studying: GPEN
Reading: SANS SEC560
Upcoming Exam: GPEN -
globalenjoi Member Posts: 104 ■■■□□□□□□□I think I might do this as well. I was planning to do the CSA+ to renew my other CompTIA certs this year, but I guess I should do this first. I'm fresh off of passing my GPEN, so I think most of the knowledge should already be there... Just gotta pick a date.
-
yoba222 Member Posts: 1,237 ■■■■■■■■□□Okay, okay; I'm in. I wasn't going to do this one. I see Reddit just discovered this beta cert so might as well sign up before all 400 seats are claimed.
Still mainly studying for CySA+ and going to concurrently read an older version of the GPEN books cover-to-cover one time through to prep for this. Scheduled for beginning of March.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
tedjames Member Posts: 1,182 ■■■■■■■■□□I downloaded the exam objectives today. There appears to be a lot of "Given a scenario" type requirements, like they did for the Cloud+ beta. Looks like it'll be a combination of multiple choice and performance-based questions. Looks like it covers a lot of ground. I wonder how much practical there'll really be.
-
MickyDee Member Posts: 32 ■■■□□□□□□□I signed up for as late as the test center will let me, which is 4/20. I'm currently finishing up my last class for my Masters and studying for the CASP, so I'm going to be cutting it close since I'm not sure how much studying I will be able to do for the PenTest+. My last class is vulnerability management, so hopefully I'll retain some of that info.