New Certification: CompTIA PenTest+

dizzy_kittydizzy_kitty Member Posts: 95 ■■■□□□□□□□
"3. New Certification: CompTIA PenTest+
This summer, CompTIA will release a new intermediate-level cybersecurity exam to complement CompTIA Cybersecurity Analyst. CompTIA PenTest+ (CPT) validates vulnerability assessment and management skills. Whereas CompTIA Cybersecurity Analyst addresses defensive "blue team" skills, CPT addresses offensive "red team" skills. The combination of penetration testing and vulnerability management in CPT means IT pros not only find and exploit vulnerabilities, but manage them to protect their organization's network."

How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam. :) May wait after the beta period. icon_wink.gif

AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed
«1345

Comments

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    They are definitely milking everything they can out of these security certs!
  • dizzy_kittydizzy_kitty Member Posts: 95 ■■■□□□□□□□
    They are definitely milking everything they can out of these security certs!

    Definitely agree. icon_lol.gif
  • daviddwsdaviddws Member Posts: 303 ■■■□□□□□□□
    I think the DoD wants more specialization.. hence the new security certs.
    ________________________________________
    M.I.S.M:
    Master of Information Systems Management
    M.B.A: Master of Business Administration
  • J_86J_86 Member Posts: 262 ■■□□□□□□□□
    daviddws wrote: »
    I think the DoD wants more specialization.. hence the new security certs.

    Bingo. The DoD loves CompTIA.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I just can't see something multiple choice (I assume) like this competing with something like OSCP in terms of validating skills. But then again, GPEN is multiple choice. And yes, DoD. I'm amazed at how fast the CySA+ landed on the 8570 list.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • Cisco InfernoCisco Inferno Member Posts: 1,034 ■■■■■■□□□□
    oh man. I am starting to think the DOD is in bed with CompTIA.

    Any idea how this compares to CEH?
    2019 Goals
    CompTIA Linux+
    [ ] Bachelor's Degree
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    I enjoyed the CSA+ beta, mainly in that I was able to give feedback on the questions. I'll likely sign up for this beta as well. I have no interest in the cert itself though, as it will never be worth what OSCP is worth.
  • xagreusxagreus Member Posts: 112 ■■■■□□□□□□
    A few more details about the cert and the beta exam:
    https://partners.comptia.org/certifications/pentest



    Registration:
    Begins January 31, 2018, on the Pearson VUE website

    A+, Net+, Sec+, CySA+, CCNA, ITIL 2011 Foundation, AWS CCP, ISC2 CC, MS SC-900, MS AZ-900
    2024 goals: AZ-900, Cloud+, Palo Alto PCNSA, CyberOps Associate, DevNet Associate, Project+
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    I took a note to register on Jan 31th.... There is not much information about the material to study. It is a 50 USD bet :) The odds are not good for me.. but I can gamble it ;)

    I will schedule the exam as far as I can, and I will make a sprint to study another certs (CSA+), so I can do 2 tests the same day. It is a 1h30 drive for me to the nearest test center.
  • Eston21Eston21 Member Posts: 76 ■■■□□□□□□□
    I'm looking forward to signing up and taking this test.
  • soccarplayer29soccarplayer29 Member Posts: 230 ■■■□□□□□□□
    I except this be at the same level as CEH---but more reputable.

    It's mid-level according to CompTIA but regarding strictly pentesting I think it'll be equivalent to CEH and maybe between eJPT/eCPPT. It fills that void for those who avoid ECCouncil and eLS (lack or market penetration). Pure speculation but that's my initial take on it.
    Certs: CISSP, CISA, PMP
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Looks like the URL is in place on the CompTIA website, but not linked yet.

    https://certification.comptia.org/certifications/pentest

    Hmm . . . exam objectives are up there too.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • hxhxhxhx Member Posts: 41 ■■□□□□□□□□
    I think it's great that they did this. Hopefully people find it challenging and beneficial.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Yeaaaaa I’m not holding my breath on a multiple choice test on Pen Testing being too amazing. Would be surprised if this ever holds much value outside of the DoD. Just my 2 cents. We’ll see though
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    I would hope that the performance-based questions will shape up well. If so, it might be a better choice than CEH. We shall see. It seems, though, based on what little I've read, that it would be better titled as VulnTester+.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I think DoD is looking at it from the perspective of a management type certification. Government in general tends to farm out most of their work to contractors and have government personnel simply supervising those contractors. In a case like this, nice to have someone who knows what should be included in a pentest without needing the actual skill to perform it themselves.

    Case in point, at my old job I was on the team that wrote the pentesting requirements, approved plans submitted and reviewed the work once completed. I'd taken courses in such things and could do them if required, but outside vendors were used (which was for the best anyhow). A cert like this would definitely aide in the drafting of requirements and analysis of plans submitted. Analysis of the report would definitely require the skills of actually performing a pentest, but you can have people with that knowledge on the team.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    Yeaaaaa I’m not holding my breath on a multiple choice test on Pen Testing being too amazing. Would be surprised if this ever holds much value outside of the DoD. Just my 2 cents. We’ll see though

    Compared to EC|Council and their CEH, I would put CompTIA and this ahead. I don't expect it to be much more challenging, but EC|Council came off as an inferior company to work with. The exam was very easy and didn't really give much real world knowledge. I think the CompTIA one will be a little better (not much) than the CEH exam. Still, an entry level pen test - multiple choice, not a performance based exam.

    It has it's place, but it's not a replacement of eJPT, OSCP, etc..
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    PC509 wrote: »
    Compared to EC|Council and their CEH, I would put CompTIA and this ahead.

    It has it's place, but it's not a replacement of eJPT, OSCP, etc..

    Agree icon_thumright.gif
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    I think People will go for PenTest+ instead of CEH for the huge cost difference.

    I think CEH exam has a 100$ registration fee + 950$ for the exam - total 1050$, PenTest+ will probably cost 346$ "same as CySA+".
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    Signed up for Monday. No point waiting, gonna go have some fun!
  • fitzlopezfitzlopez Member Posts: 103 ■■■□□□□□□□
    "3. New Certification: CompTIA PenTest+
    This summer, CompTIA will release a new intermediate-level cybersecurity exam to complement CompTIA Cybersecurity Analyst. CompTIA PenTest+ (CPT) validates vulnerability assessment and management skills. Whereas CompTIA Cybersecurity Analyst addresses defensive "blue team" skills, CPT addresses offensive "red team" skills. The combination of penetration testing and vulnerability management in CPT means IT pros not only find and exploit vulnerabilities, but manage them to protect their organization's network."

    How neat. Beta exams can be a pretty cool yet a confusing experience since sometimes there is a lack of material specifically designed for the exam. I'm definitely planning on signing up for this exam. :) May wait after the beta period. icon_wink.gif

    AND! It looks like CompTIA is still in need of pen testers to help develop the exam:
    https://certification.comptia.org/get-involved/become-a-subject-matter-expert/workshops/penetration-tester-experts-needed

    Thanks @dizzy_kitty, going to sign up. $50 dollar gamble for a new cert? I'm in.

    Any books, pdf's or videos you guys recommend? I have the CSX-P lined up so I hope a small part overlaps.
  • dizzy_kittydizzy_kitty Member Posts: 95 ■■■□□□□□□□
    Just signed up for it as well. Decided to give it go during my spring break. :)
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Signed up for it... Not sure why, gluten for punishment I guess icon_thumright.gif
  • DatabaseHeadDatabaseHead Member Posts: 2,753 ■■■■■■■■■■
    This thread is making me laugh! Good luck on the cert!
  • airzeroairzero Member Posts: 126
    Just signed up and taking it on the 13th. I'll let you guys know how it goes!
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    Signed up for the end of the month. I assume my studies for the GPEN will cover these domains.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
    I think I might do this as well. I was planning to do the CSA+ to renew my other CompTIA certs this year, but I guess I should do this first. I'm fresh off of passing my GPEN, so I think most of the knowledge should already be there... Just gotta pick a date.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Okay, okay; I'm in. I wasn't going to do this one. I see Reddit just discovered this beta cert so might as well sign up before all 400 seats are claimed.

    Still mainly studying for CySA+ and going to concurrently read an older version of the GPEN books cover-to-cover one time through to prep for this. Scheduled for beginning of March.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    I downloaded the exam objectives today. There appears to be a lot of "Given a scenario" type requirements, like they did for the Cloud+ beta. Looks like it'll be a combination of multiple choice and performance-based questions. Looks like it covers a lot of ground. I wonder how much practical there'll really be.
  • MickyDeeMickyDee Member Posts: 32 ■■■□□□□□□□
    I signed up for as late as the test center will let me, which is 4/20. I'm currently finishing up my last class for my Masters and studying for the CASP, so I'm going to be cutting it close since I'm not sure how much studying I will be able to do for the PenTest+. My last class is vulnerability management, so hopefully I'll retain some of that info.
Sign In or Register to comment.