CompTIA, the leading provider of vendor-neutral skills certifications for the information technology (IT) workforce, launched CompTIA PenTest+, its newest credential for cybersecurity professionals around the world.
CompTIA PenTest+ provides a comprehensive assessment of the knowledge and skills needed to run a comprehensive, responsible and successful penetration testing program.
"As organizations become more proactive when it comes to cybersecurity, penetration testing is one of the tactics that they are employing," said James Stanger, chief technology evangelist at CompTIA. "But for penetration testing to be effective, the tester must have a range of skills, from pre-test preparation through post-test assessment and reporting. CompTIA PenTest+ covers the entire process and skillset of penetration testing."
The CompTIA PenTest+ certification exam tests individuals in five technical areas: planning and scoping; information gathering and vulnerability identification; attacks and exploits; penetration testing tools; and reporting and communication.
"CompTIA PenTest+ is a performance certification, so in addition to answering multiple choice questions, the exam includes hands-on simulations," Stanger explained. "Test takers must perform simulated penetration testing and vulnerability assessment job tasks during the exam. Another differentiator of CompTIA PenTest+ is that it tests on knowledge and skills that go beyond the boundaries of a traditional firewall, and extend into post-perimeter networking environments, emphasizing endpoint device diversity, cloud platform use, and targeting end users."
Exam content was created with input from cybersecurity professionals around the world. These experts have years of hands-on work experience and knowledge of the full range of cybersecurity threats, responses, and pro-active measures.
CompTIA Cybersecurity Career Pathway
The new exam joins CompTIA Cybersecurity Analyst (CySA+) at the intermediate level of the CompTIA Cybersecurity Career Pathway. They follow CompTIA Security+, which validates baseline security skills; and precede CompTIA Advanced Security Practitioner, which covers advanced topics in enterprise security operations and architecture.
"CompTIA PenTest+ also fits into the 'red team vs. blue team' security exercises that many large organizations engage in," explained Patrick Lane, director, product management, CompTIA. "This activity combines a red team penetration testing approach with a blue team defensive security analyst's perspective. The result is a stronger, proactive security team."
Becoming CompTIA PenTest+ certified can help IT professionals advance in their careers by adding skills that many employers are looking for. CyberSeek, a free cybersecurity career and workforce resource, reveals that there were nearly 11,000 job openings for penetration and vulnerability testers across the U.S. as of March 2018. The average salary for these jobs was $97,000.
CompTIA PenTest+ is targeted at cybersecurity professionals with three to four years of experience who are responsible for hands-on penetration testing and vulnerability assessments. Some of the job roles that would benefit from this credential include penetration tester, vulnerability assessment and management, vulnerability assessment analyst, vulnerability assessor, cybersecurity engineer, network security manager, cybersecurity analyst, and cybersecurity specialist.