To help combat these threats, attacks and vulnerabilities, the U.S. Department of Defense (DoD) requires its personnel and contractors to validate their hands-on penetration testing and vulnerability management skills with approved cybersecurity certifications to bolster the resiliency of its networks against attacks.
CompTIA PenTest+ was recently approved for the DoD 8570.01 Manual Information Assurance Workforce Improvement Program. That means military personnel and defense contractors who work with sensitive information can take CompTIA PenTest+ to satisfy certain job requirements. This approval is a boon for penetration testing and vulnerability management – and the CompTIA PenTest+ certification – because the DoD now formally recognizes the importance of these skills in job roles.
The DoD approved CompTIA PenTest+ for three (3) 8570.01-M job categories:
Learn more on the DoD Cyber Exchange public website.
Table of Contents
How Will This Affect DoD 8140 and NICE Work Roles?
The U.S. defense cybersecurity workforce, along with CompTIA, await the tentative release of the DoD 8140 manual in December 2020. It is unknown what exactly will be included in the manual, but it will replace 8570.01-M.
We also know it will map work roles to the NICE Framework. We expect NICE work roles to be linked to specific job positions and hiring decisions.
CompTIA PenTest+ maps to more than seven NICE work roles with over 70% correlation, which could make it well positioned for the 8140 manual:
CompTIA PenTest+ also maps between 60 to 70% for Cyber Crime Investigator and almost 60% for R&D Specialist and Information Systems Security Manager.
Job Titles Related to CompTIA PenTest+
CompTIA PenTest+ is unique because the certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers. This validation proves valuable when going after jobs that determine network resiliency against cyberattacks.
These jobs include the following:
What Benefits Does CompTIA PenTest+ Provide to the DoD?
The inclusion of CompTIA PenTest+ in Directive 8570.01-M ensures that U.S. military personnel and defense contractors have the latest cybersecurity skills needed to test systems (i.e., legally hack them), identify, manage and document the vulnerabilities they find, and help determine mitigation.
Most importantly, CompTIA PenTest+ brings hands-on, performance-based assessments into the DoD 8570 program for penetration testing and vulnerability management skills at the 3- to 4-year, intermediate level for the first time.
No other certifications in the DoD 8570 program use hands-on, performance-based testing at this skill level. It demonstrates the DoD’s need to assess the knowledge and hands-on skills required to perform common and unique work role tasks.
For example, CompTIA PenTest+ requires candidates to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers. It also includes management skills used to plan, scope and manage weaknesses, not just exploit them.
The certification validates that successful candidates have the knowledge and skills required to do the following:
CompTIA PenTest+ also covers the following communication skills:
These skills are assessed through five domains found in the CompTIA PenTest+ (PT0-001) exam objectives, which you can download for free.
How to Get CompTIA PenTest+ Certified
The first step to getting your CompTIA PenTest+ certification is buying an exam voucher and registering for the exam. We recommend doing this before you begin studying because having an exam date on the calendar keeps you accountable and will help you develop a preparation timeline. There are a number of ways you can save money, or even finance, your IT certification.
How to Train for CompTIA PenTest+
Once you have an exam date on the calendar, it’s time to get to work. There are several ways to prepare for the CompTIA PenTest+ exam. CompTIA offers a full suite of training solutions. It’s up to you to choose what best fits your personal learning style and timeline.
How to Take Your CompTIA PenTest+ Exam
CompTIA now offers two ways to earn an IT certification: online testing or in-person testing.
Online testing allows you to take the CompTIA exam from your home, or any quiet, distraction-free, secure location, at a time that’s convenient for you. Online testing is available 24/7, giving you a broader scheduling window than in-person training.
In-person testing is the traditional exam experience with which you might be familiar. You go to a Pearson VUE testing center and use their equipment under the supervision of a proctor in the same room. You can find a Person VUE testing center new you.
Where Does CompTIA PenTest+ Fit on the CompTIA Cybersecurity Career Pathway?
CompTIA PenTest+ is one of CompTIA’s intermediate-level cybersecurity certifications. Along with CompTIA Cybersecurity Analyst (CySA+), CompTIA PenTest+ is intended to follow CompTIA Security+.
CompTIA PenTest+ is considered a red team, or offensive cybersecurity, certification, whereas CompTIA CySA+ is a blue team, or defensive cybersecurity, certification.
Both certifications represent skills at the 3- to 4-year level of an IT pro’s career and can be taken in either order. The most advanced CompTIA cybersecurity certification is CompTIA Advanced Security Practitioner (CASP+) that represents the 5+ year level.
The addition of CompTIA PenTest+ to DoD 8570.01-M fills an important skills gap for penetration testing and vulnerability analysis skills. CompTIA has worked closely with the DoD, as well as industry experts and IT pros in the field, to make sure the objectives of CompTIA PenTest+ meet the needs of today’s cybersecurity professional and their employers.
Ready to get started? Download the exam objectives for CompTIA PenTest+ for free.
This content was originally published here.