Nasscom Community

Industry validated certification is key for a career in penetration testing

2 Mins read

The demand for skilled and certified penetration testers has been growing as enterprises are keen to identify gaps in their defense systems. While there’s a dearth of cybersecurity talent in general, penetration testers, often known as “Pen” testers are the people that companies seem to have especially difficulty hiring.

Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks. Insights provided by the penetration test can be used to fine-tune web application firewall (WAF) security policies and patch detected vulnerabilities.

The majority of hiring companies want the pen tester that they hire to have at least a bachelor’s degree in a field related to IT or cybersecurity. Most also ask for particular certifications. Some of the options for pursuing a pentesting certification include EC-Council Certified Ethical Hacker (CEH), IACRB Certified Penetration Tester (CPT), CompTIA PenTest+, Global Information Assurance Certification (GIAC) Penetration Tester (GPEN) and Offensive Security Certified Professional (OSCP).

The above are only a few options available for a penetration testing certification. One needs to diligently compare different certifications available in the market before deciding which one is the best for you. Here, let’s talk about some of the factors that differentiate Comp TIA’s PenTest and  EC Council’s Certified Ethical Hacker (CEH).

In terms of minimum experience required for being eligible to appear for the examination, PenTest+ recommends that the examinee has a minimum of three to four years of work experience besides the Network+, Security+ or equal education. The CEH recommends that you have a minimum of two years of work experience in the Information Security domain besides one need to take the Certified Network Defender (CND) exam before taking the CEH.

There is also a need to be aware of how these two exams test candidates. The PenTest+ exam focuses on penetration testing and vulnerability assessment while the CEH exam only focuses on penetration testing. CEH exams comprise 125 questions with a time duration of about four hours. In the case of PenTest+ one needs to answer 85 questions in a time duration of around two hours and 45 minutes in the examination. However, the PenTest+ has a few built-in simulations that an examinee must complete alongside the multiple-choice questions. When it comes to CEH, one needs to answer only multiple-choice questions.

The CEH and the PenTest+ are similar in their re-certification process.  Both certificates are valid for three years from the date of issuance. The PenTest+ requires 60 Continuing Education Units (CEUs) to be uploaded to your certification account in a span of three years. These CEUs are received after completing approved activities and training programs from CompTIA. CEH requires one to get 120 electrical and computer engineering (ECE) credits in a time period of three years.

The post Industry validated certification is key for a career in penetration testing appeared first on NASSCOM Community |The Official Community of Indian IT Industry.