CSO: 8 top penetration testing certifications employers value
On December 20, 2021, NetSPI Managing Security Consultant Melissa Miller was featured in an article written by Josh Fruhlinger for CSO. Read the full article below or online here.
+++
Penetration testing, sometimes called ethical hacking or red team hacking, is an exciting career path in which you simulate cyberattacks on target systems in order to test (and, ultimately, improve) their security. It’s a job that lots of people currently working in infosec would like to have, and one that can be tricky to get as competition heats up.
“It used to be the best way to grow a career in attack and penetration was through hands-on experience,” says Matthew Eidelberg, technical manager for threat management at Optiv. “It’s becoming harder and harder to break into pen testing as a beginner, because these roles are no longer considered niche. They are in high demand. As a result, a lot of effort has gone into certifications based on training and real-world lab simulations for both students and professionals.”
In fact, a range of penetration testing certifications are now available from various companies and industry organizations—and earning these certs can boost your career prospects, says Ron Delfine, director of career services at Carnegie Mellon University’s Heinz College. “Depending on what skills an organization is seeking,” he says, “certification holders may have a competitive advantage related to career advancement, as they have already been through a proven process requiring them to display evidence of strong penetration testing skills through the certification and recertification process.”
Top penetration testing certifications
How can you pick the best penetration testing certification for you? We spoke to a number of pen testing pros to see how different certifications have helped their careers or helped them find good candidates when they were hiring. In general, most of the people we spoke to grouped certs offered by the same orgs together, so that’s how we’ll treat them here too.
- Offensive Security Certified Professional (OSCP)
- Offensive Security Wireless Professional (OSWP)
- Offensive Security Experienced Penetration Tester (OSEP)
- GIAC Penetration Tester (GPEN)
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- EC-Council Certified Ethical Hacker (CEH)
- EC-Council Certified Penetration Testing Professional (CPENT)/Licensed Penetration Tester (LPT Master)
- CompTIA PenTest+
. . .
EC-Council
The EC-Council is a cybersecurity education and training nonprofit founded in the wake of the 9/11 attacks, and Certified Ethical Hacker (CEH) is perhaps their highest-profile cert—in fact, it’s one of the best-known certifications in the field. The EC-Council recently launched a twinned pair of certs, Certified Penetration Testing Professional (CPENT) and Licensed Penetration Tester (LPT Master), that are based on the same training material and exam, with the LPT Master going to those who score best on the test.
CEH is relatively well known, and the security pros we spoke to note that it has its place in the field, but they were less enthusiastic about it than they were about certs from GIAC or Offensive Security. “I would note CEH as a ‘foot-in-the-door’ certification for a pen testing internship or in preparation for additional study,” says Melissa Miller, managing security consultant at NetSPI. Critical Start’s Rhoads-Herrera calls it “valuable as a good way to get past HR screeners” but adds that “the course work is not up to par with other certifications.”
“CEH does qualify you for a number of contracts by virtue of being one of the oldest in the game,” says Pluralsight’s Rosenmund, “but doesn’t necessarily ensure from an employer perspective that you are ready to do the job.” Counter Hack Challenges’ Elgee gives a specific example: “CEH is most valuable for checking specific certification boxes, especially in US government,” but says it “otherwise has a low value to price ratio.”
Certified Ethical Hacker (CEH):
Prerequisites: You must either take an EC-Council-approved CEH training course or establish that you have at least two years of professional infosec experience before you can take the exam.
Test format: Four hours, 125 multiple choice questions. If you pass this exam, you can also take the Certified Ethical Hacker Practical exam—six hours, 20 practical challenges—in order to earn CEH Master certification.
Cost: The exam costs $1,199 plus $100 for remote proctoring; there is a $100 nonrefundable application fee, and official training courses can cost anywhere from $850 to $2,999.
Official website: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
Certified Penetration Testing Professional (CPENT)/Licensed Penetration Tester (LPT Master):
Prerequisites: Candidates must have already received CEH and Certified Security Analyst certs from the EC-Council, and submit an application that includes a criminal background check. The exam is meant to follow on from the EC-Council’s CPENT training course, although experienced pen testers can request to “challenge” the exam based on their existing skills.
Test format: A 24-hour online practical exam in which you deploy advanced pen-testing techniques. A 90% score or above earns you the LPT certification, while 70-90% scores you a CPENT.
Cost: The CPENT course is $2,199, which includes the exam and access to the EC-Council’s practice range and other content. There is also a $500 application fee (which covers the background check.)
Official website: https://www.eccouncil.org/programs/licensed-penetration-tester-lpt-master/