CompTIA PenTest+ is Now DoD Approved: Why It Matters

Before the pandemic, it was predicted that cybercrime would globally cost an excess of $6 trillion annually by 2021. The need for more organizations to address unforeseen security risks in their networks and systems while designing a more cyber-resilient posture is not only imperative, but a matter of national security.

To help combat these threats, attacks and vulnerabilities, the U.S. Department of Defense (DoD) requires its personnel and contractors to validate their hands-on penetration testing and vulnerability management skills with approved cybersecurity certifications to bolster the resiliency of its networks against attacks.

CompTIA PenTest+ was recently approved for the DoD 8570.01 Manual Information Assurance Workforce Improvement Program. That means military personnel and defense contractors who work with sensitive information can take CompTIA PenTest+ to satisfy certain job requirements. This approval is a boon for penetration testing and vulnerability management – and the CompTIA PenTest+ certification – because the DoD now formally recognizes the importance of these skills in job roles.

The DoD approved CompTIA PenTest+ for three (3) 8570.01-M job categories:  

1. Cybersecurity service provider (CSSP) analyst
2. CSSP incident responder
3. CSSP auditor

Learn more on the DoD Cyber Exchange public website.

How Will This Affect DoD 8140 and NICE Work Roles?

The U.S. defense cybersecurity workforce, along with CompTIA, await the tentative release of the DoD 8140 manual in December 2020. It is unknown what exactly will be included in the manual, but it will replace 8570.01-M.

We also know it will map work roles to the NICE Framework. We expect NICE work roles to be linked to specific job positions and hiring decisions.

CompTIA PenTest+ maps to more than seven NICE work roles with over 70% correlation, which could make it well positioned for the 8140 manual: 

• 211 Forensics Analysis
• 212 Cyber Defense Forensics Analyst
• 511 Cyber Defense Analyst
• 521 Cyber Defense Infrastructure Support Specialist
• 531 Cyber Defense Incident Responder
• 541 Vulnerability Assessment Analyst
• 612 Security Controls Assessor

CompTIA PenTest+ also maps between 60 to 70% for Cyber Crime Investigator and almost 60% for R&D Specialist and Information Systems Security Manager.

What Benefits Does CompTIA PenTest+ Provide to the DoD?

The inclusion of CompTIA PenTest+ in Directive 8570.01-M ensures that U.S. military personnel and defense contractors have the latest cybersecurity skills needed to test systems (i.e., legally hack them), identify, manage and document the vulnerabilities they find, and help determine mitigation.

Most importantly, CompTIA PenTest+ brings hands-on, performance-based assessments into the DoD 8570 program for penetration testing and vulnerability management skills at the 3- to 4-year, intermediate level for the first time.

No other certifications in the DoD 8570 program use hands-on, performance-based testing at this skill level. It demonstrates the DoD’s need to assess the knowledge and hands-on skills required to perform common and unique work role tasks.

For example, CompTIA PenTest+ requires candidates to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers. It also includes management skills used to plan, scope and manage weaknesses, not just exploit them.

The certification validates that successful candidates have the knowledge and skills required to do the following:

• Plan and scope an assessment
• Understand legal and compliance requirements
• Perform vulnerability scanning and penetration testing using appropriate tools and techniques
• Analyze the results

CompTIA PenTest+ also covers the following communication skills:

• Produce a written report containing proposed remediation techniques
• Effectively communicate results to management
• Provide practical recommendations

These skills are assessed through five domains found in the CompTIA PenTest+ (PT0-001) exam objectives, which you can download for free.

1. Planning and scoping (15%)
2. Information gathering and vulnerability identification (22%)
3. Attacks and exploits (30%)
4. Penetration testing tools (17%)
5. Reporting and communication (16%)

How to Get CompTIA PenTest+ Certified

The first step to getting your CompTIA PenTest+ certification is buying an exam voucher and registering for the exam. We recommend doing this before you begin studying because having an exam date on the calendar keeps you accountable and will help you develop a preparation timeline. There are a number of ways you can save money, or even finance, your IT certification.

How to Train for CompTIA PenTest+

Once you have an exam date on the calendar, it’s time to get to work. There are several ways to prepare for the CompTIA PenTest+ exam. CompTIA offers a full suite of training solutions. It’s up to you to choose what best fits your personal learning style and timeline.

• eLearning with CertMaster Learn: Interactive and self-paced, CertMaster Learn for CompTIA PenTest+ includes a customizable learning plan and performance-based questions that take you on a path of consistent learning toward your certification exam.
• Interactive Labs with CompTIA Labs: Reinforce the practical aspects of the CompTIA PenTest+ exam objectives on real equipment and software in a virtual environment.
• Exam Prep with CertMaster Practice: This adaptive online companion tool assesses your knowledge and exam readiness by confirming your strong areas and filling knowledge gaps in weaker areas.
• Study Guides for CompTIA PenTest+: The Official CompTIA PenTest+ Study Guide, available in print or as an eBook, is packed with informative and accessible content that covers all CompTIA PenTest+ exam objectives.
• Instructor-Led Training: Find in-person and online classes with CompTIA Authorized Partners.

How to Take Your CompTIA PenTest+ Exam

CompTIA now offers two ways to earn an IT certification: online testing or in-person testing.

Online testing allows you to take the CompTIA exam from your home, or any quiet, distraction-free, secure location, at a time that’s convenient for you. Online testing is available 24/7, giving you a broader scheduling window than in-person training.

In-person testing is the traditional exam experience with which you might be familiar. You go to a Pearson VUE testing center and use their equipment under the supervision of a proctor in the same room. You can find a Person VUE testing center new you.

Learn more about your testing options.

Where Does CompTIA PenTest+ Fit on the CompTIA Cybersecurity Career Pathway?

CompTIA PenTest+ is one of CompTIA’s intermediate-level cybersecurity certifications. Along with CompTIA Cybersecurity Analyst (CySA+), CompTIA PenTest+ is intended to follow CompTIA Security+.

CompTIA PenTest+ is considered a red team, or offensive cybersecurity, certification, whereas CompTIA CySA+ is a blue team, or defensive cybersecurity, certification.

Both certifications represent skills at the 3- to 4-year level of an IT pro’s career and can be taken in either order. The most advanced CompTIA cybersecurity certification is CompTIA Advanced Security Practitioner (CASP+) that represents the 5+ year level.

The addition of CompTIA PenTest+ to DoD 8570.01-M fills an important skills gap for penetration testing and vulnerability analysis skills. CompTIA has worked closely with the DoD, as well as industry experts and IT pros in the field, to make sure the objectives of CompTIA PenTest+ meet the needs of today’s cybersecurity professional and their employers.

Ready to get started? Download the exam objectives for CompTIA PenTest+ for free.