PenTest+ Objectives: What Should My Employees Know?
Smart employers like yourself understand that cyber security is a top priority if you want to protect your company’s computer information systems from being hacked and potentially crippling your business. That’s why you employ professionals known as ethical hackers who work full time to probe your information systems to identify vulnerabilities, detect intrusions, and apply patches to seal off your data networks from future attacks.
Penetration testers are on the lookout for three kinds of threats, natural, technical, and human. Natural threats include hurricanes, tornadoes, floods, etc. Technical threats refer to malware, zero day attacks, and web attacks. Malware is malicious software that is created for the purpose of causing damage, stealing, or otherwise abusing your information and includes viruses, worms, and Trojan horses. Any website is vulnerable to compromise.
What is penetration testing?
Depending on the size and complexity of your business, you might employ various cyber security specialists. Among them should be one or more penetration testers. Their role is to maintain the CIA Triad: confidentiality, integrity, and availability of your data.
- Confidentiality — Restricting information access only to the intended audience. Preserving confidentiality involves tactics such as encryption, rigorous use of user ids and password security, biometrics (retinal scan, facial recognition, fingerprints), two-factor authentication, and instructing users to avoid accessing the system in public places such as airports and internet cafes.
- Integrity — Preserving the sanctity of the data and making sure it is accurate throughout its lifetime. Data must never be changed or lost in transit.
- Availability — Ensuring access to data by those who need it. This leg of the triad involves having the necessary personnel, connectivity, hardware, software, facility, and redundancy mechanisms in case of failover.
CompTIA PenTest+
The CompTIA PenTest+ is an intermediate level certification for cybersecurity professionals who are responsible for identifying, exploiting, reporting, and managing vulnerabilities in a computer network.
Cybersecurity experts appreciate the PenTest+ because it is comprehensive, created by working professionals who know what they're doing, and assesses important cybersecurity strategy.
There is a severe shortage of trained penetration testers. A good 96 percent of IT and business executives think there are too many people in the field who lack the necessary training and skills in problem-solving, analysis, and logical thinking.
The PenTest+ exam, which contains performance-based and multiple-choice questions, was released on July 31, 2018. It focuses on offense through penetration testing and vulnerability assessment.
Employing or training your cybersecurity workforce to the CompTIA PenTest standard ensures they are familiar with:
- Safe practices (see CIA triad above).
- Attack strategy
- How to think like a hacker to help identify blind spots and anticipate vulnerabilities.
- Technical and management skills
The PenTest+ encourages professionals to think offensively, while the CySA+ is focused on defensive skills. Top security experts use both perspectives to defend against vulnerabilities.
Topics covered by the PenTest+ certification include:
- Planning and scoping
- Information gathering and identifying vulnerabilities
- Attacks and exploits
- Pen testing tools
- Reporting and communication
Benefits of formal CompTIA PenTest+ training
Independent consultant and veteran CompTIA Subject Matter Expert (SME) Luis Viera believes that education can help resolve the desperate shortage of qualified penetration testers. With six cybersecurity certifications of his own, he thinks the PenTest+ is special because, "there are very few certifications that cover the whole process."
While it is certainly possible for a sharp and committed individual to prepare for the CompTIA PenTest+ exam by reading books and taking online courses, there are many advantages to learning face to face from a qualified and experienced instructor. Instructors are drawn from a pool of expert, practicing cybersecurity professionals who are able to impart experiential learning. They know what they are doing and have been exposed to various situations that cannot all be incorporated into texts.
Furthermore, the field is progressing rapidly. As cybersecurity experts develop better and better tools to protect information systems, hackers are spurred on to further develop their own skills. As a result, even the best book is out of date almost as soon as it is printed.
Preparing yourself for the CompTIA PenTest+ exam
If you would like more information about how having certified penetration testers in your workforce or to prepare your current IT employees for CompTIA PenTest+ certification, connect with us at Infotec Training for more information.