2018-04-16 12:55:00
I've taken the day off, despite things being quite busy at the office, to have a little fun. Specifically, I've just arrived back home after sitting the CompTIA PenTest+ Beta exam. Taking an exam for fun? Absolutely :)
It's no surprise that I first heard about the newly developed exam on Reddit, with the CompTIA team calling for 400 people to take the beta-version of the exam. We're not getting any scores yet, as they'll first tally all the outcomes to determine weaknesses and flaws in questions that may affect scoring negatively. But once the process has completed, if (and that's an IF) you passed you'll gain full accreditation for the cert. All that and a fun day, for just $50? Sign me up :)
Being a non-native english speaker I was given an extension, tackling 110 questions in 220 minutes (instead of 165). That was certainly doable: I got up from my seat with two hours gone. Overall I can say that my impression of the exam is favorable! While one or two specific topics may have stolen the limelight, I can say that my exam covered a diverse array of subjects. The "simulation" questions as they call them were, ehh, okay. They're not what I would call actual simulations, they're more like interactive screens, but I do feel they added something to the experience.
Yeah! Not bad at all! I would heartily endorse this certification track instead of EC Council's CEH. The latter may have better brand-recognition in EMEA, but CompTIA is still known as a respectable organization.
So, did I pass? I don't know :) As I said, the subject matter turned out to be very diverse, in a very good way. Thus it also covered things I have zero to very little experience with, while an experienced pen-tester would definitely know. And that's the point: despite passing the OSCP exam last year, I -am- still a newbie pen-tester. So if I fail this exam, then I'll feel that it's a justified failure.
kilala.nl tags: work,
View or add comments (curr. 2)
Posted by Thomas
Hi Roderick, nice to hear from you again!
You're absolutely right that CEH and PenTest+ are very different beasts. I have always considered CEH to be, as you describe, an awareness training. A guided tour through Hacking Land, if you will.
The problem with CEH is that somehow, between marketing and HR management a lot of people have become convinced that CEH means you actually know how to hack; that you're a pen-tester. I mean, it's in the name! You're a "Certified ... Hacker".
This clever marketing irks a lot of people, which is why you now see people proclaiming that "PenTest+ is what CEH should have been".
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.
2018-04-17 12:27:00
Posted by Roderick Commerell (website)
Hi Thomas,
Interesting read, thanks!
Don't forget though that CEH is not a pentest title, it's a training about hacking techniques and tools that learns a broad spectrum of students to be more careful / aware of risks. ECSA, the follow-up on CEH, is EC-Council's first pentest training and certification as well as LPT. These titles all serve their own purposes and cannot be compared one-on-one to each other. I'll take a closer look on CompTIA's Pentester+.
Gr. Roderick