It has been almost a month since my previous post, and a lot has happened. I won’t bore you with the details, but I decided to begin working on my PenTest+ certification. I was renewing my CEUs for Security+ and realized this was a great time to capitalize on the momentum of finishing up my MS in Cybersecurity. My original goal was to pursue my CISSP at the end of my program, and while I still intend to sit for my CISSP, I will be doing the PenTest+ first.
This post isn’t a comparison of the two (apples and oranges) or even a discussion about certifications and what certs you should be getting. There is plenty of content out there about what cert to get; “this one vs. that one”, where to start, what job I can get with X cert, and so on. Maybe I will cover my thoughts on certs more in-depth in a later post. My general feeling towards certs is to get the ones your want! I believe that if you enjoy what you are doing and are passionate about it, success will follow.
That leads me to the reason I am pursuing my PenTest+. I don’t need this cert for my day-to-day job or to advance my career. Other Penetration Testing/Ethical Hacking certifications, like OSCP, the gold standard for penetration testing, and CEH, require a much more significant financial investment. In my situation, it just doesn’t make sense to invest that time and money into these certifications at this point in my journey. The PentTest+ has the added benefit of being a CompTIA certification, so my CEUs should be easier to manage, and it is a DoD 8570 Baseline Certification.
As of right now, I am using the All-In-One PenTest+ study guide from McGraw Hill. If you decide to start studying for this exam, make sure you are reviewing for Exam PT0-002. The test was recently updated, and there is a lot of review material for 001 still on the market. I don’t believe there are a lot of differences, but to improve your chances of passing, it is always best to be reviewing the most up-to-date content. I have also been working through the PenTest+ learning path on TryHackMe. I need to focus on several areas: wireless attacks, mobile device/application testing, and web/database attacks. In addition to these areas, I need to brush up on scripting skills and tools like BurpSuite and Hydra.
My goal is to sit for the exam by the end of May, but I may have to be more realistic about my expectations. I am in the middle of a move and still working on completing a professional development course. And because this isn’t a requirement, my studies often take a back seat to other priorities. I don’t want to wait too long, though, as the skills I have learned over the last two years will surely atrophy if not used.
Christopher Foote 