2. Foundational Certifications
Before attempting to obtain a higher level ethical hacking or penetration testing certification, the
trainee should obtain at least the foundational background that any of the three vendors listed
below offer. For example the trainee could obtain A+ and then move to Security+ or test for one
of the Cisco certifications or just the ISC2 SSCP. Having basic computer knowledge is essential
to understanding the inner workings of software and hardware. This is in addition to a college
degree in IT security. Please see the IT Roadmap on the next slide.
4. Foundational Certifications, Cont.
The next slide illustrates the competing vendors that offer either ethical hacking,
penetration testing, or both. Since the Cyber Initiative is critical, the path of least
resistance to obtain the best training from vendors that have shown worldwide
acceptance while allowing the student various options of learning will be listed.
CompTIA has worldwide recognition and is certifying professionals daily. The certification
exams can be easily studied by the professional through the online purchase of official
study guides published by Pearson Vue, who also issues the exams at testing centers.
Testing centers can be located online once an account is established and usually are
located within community colleges or universities.
Additional preparation for CompTIA and Cisco certifications, as well as, certifications
covering ethical hacking and penetration testing can be found on sites offering free video
training that can be taken in the office on NIPR or at home. This additional knowledge
blocks are highly convenient for working professionals. Please see the slide on
Additional Resources for the URL’s listed for these free sites.
5. Certified Hacking Penetration Training Options
COMPANY / CERTIFICATION Boot Camp $ Online Delivery $ Self- Study $ Exam Cost Certification Renewal
Mile2 - Certified Penetration
Testing Engineer - C)PTE
$3,000
(1)Books+Exam:$600
(2) Books,Video,
labs + Exam: $950
(1) Books: $500
(2) Books &
Videos: $1040
$400 TBA for Continuing Education
Mile2 - Certified Prpfessional
Ethical Hacker - C)PEH
$3,000
(1)Books+Exam:$600
(2) Books,Video,
labs + Exam: $950
(1) Books: $500
(2) Books &
Videos: $1040
$400 TBA for Continuing Education
Offensive Security - OS Certified
Professional - OSCP
No
(1) 30-Days: $800
(2) 60-Days: $1000
(3) 90-Days: $1,150
Prep with 3
options online
videos/labs
Price included in
Lab purchase No
GIAC - Penetration Tester
GCIH, GCED, GPEN
$5,620 Not Specific
3rd Party
Sources
$659
Every 4 years / $399 / 36
Continuing Education Credits
EC Council - Certified Ethical
Hacker - CEH
TBD $2,895 $870
$500 +$100
application fee
Every 3 years with $80 annual
fee / 120 CE's
IACRB - Certified Penetration
Tester - CPT
$4,198
Certain Files
Availble
Certain Files
Availble
$499-$399
(2 exams)
Every 4 years by takign a new
exam at no cost
6. Certification Vendor
Mile2
GIAC
EC Council
IACRB
Offensive Security
Acceditation and Compliance
NICE, ANSI
N/A
N/A
ANSI/ISO/IEC 17024
NICCS, NSA CNSS 4011-4016, USAF, FBI (Tier 1-3), & DHS / Canadian
Department of National Defense
Certification Accreditation and Compliance List
7. Promotional Video
https://www.youtube.com/watch?v=wUo_0SIxhqw
The Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on,
Penetration Testing methodologies utilized by our international group of vulnerability consultants. The
C)PTE course/certification has been validated by the NSA for: CNSSI—4013, National Information
Assurance Training Standard for System Administrators. This certification specially designed for the United
States Air Force and is currently being offered through self-study online training with additional penetration
labs or through boot camps that also use real-time penetration labs.
Note: Mile2 was largely responsible for the early adoption and success of EC-Council's Certified Ethical Hacker Course within the USA and several other countries.
At the time, Mile2 was the world's largest provider of Penetration Testing training and initially chose the basic CEH training course as our flagship for Penetration
Testing training events. For a long time, Mile2 delivered more CEH classes within the USA than any other training provider and possibly globally.
The Certified Professional Ethical Hacker course is the foundational training to mile2’s line of
penetration testing courses. The C)PEH certification training enables students to understand the
importance of vulnerability assessments by providing industry knowledge and skills in Vulnerability
Assessments. In doing so, the C)PEH student is able to understand how malware and destructive viruses
function. In addition, the C)PEH course helps students learn how to implement counter response and
preventative measures when it comes to a network hack.
Mile2 certification courses teach the fundamental and advanced principles of cyber security
and follows a course/certification track that leads to advanced hands-on skills training for
penetration testing, disaster recovery, incident handling and network forensics. Mile2 also
provides Information Assurance services that meet military, government, private sector and
institutional specifications.
C)PEH and C)PTE courses have both an exam and practical lab incorporated within its training. It exceeds CEH training while folding in
virtual labs with reporting as one would find in the Offensive Security course. It’s the best of both worlds!
8. Penetration Testing with Kali (PWK) is a self-paced online penetration testing course
designed for network administrators and security professionals who want to take a serious
and meaningful step into the world of professional penetration testing. This
unique penetration testing training course introduces students to the latest ethical hacking
tools and techniques, including remote, virtual penetration testing labs for practicing the
course materials. Penetration Testing with Kali Linux simulates a full penetration test from
start to finish, by injecting the student into a target-rich, diverse, and vulnerable network
environment.
Penetration Testing with Kali Linux is a foundational security course, but still requires
students to have certain knowledge prior to attending the online training class. A solid
understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity
with Bash scripting along with basic Perl or Python is considered a plus. This advanced
penetration testing course is not for the faint of heart; it requires practice, testing, and the
ability to want to learn in a manner that will grow your career in the information security
field and overcome any learning plateau. Offensive Security challenges you to rise above
the rest, dive into the fine arts of advanced penetration testing, and to Try Harder™.
OSCP
9. GIAC Certified Incident Handler (GCIH) Incident handlers manage security
incidents by understanding common attack techniques, vectors and tools as well as
defending against and/or responding to such attacks when they occur. The GCIH
certification focuses on detecting, responding, and resolving computer security
incidents.
GIAC Penetration Tester (GPEN) The GPEN certification is for security personnel whose job duties
involve assessing target networks and systems to find security vulnerabilities. Certification objectives
include penetration-testing methodologies, the legal issues surrounding penetration testing and how to
properly conduct a penetration test as well as best practice technical and non-technical techniques
specific to conduct a penetration test.
No Specific training is required for any GIAC certification.
GIAC Certified Enterprise Defender (GCED) The GCED builds on the security skills measured by the
GSEC (no overlap). It assesses more advanced, technical skills that are needed to defend the enterprise
environment and protect an organization as a whole. Knowledge, skills and abilities assessed are taken
from the areas of Defensive Network Infrastructure, Packet Analysis, Penetration Testing, Incident
Handling, and Malware Removal.
10. Statement from Cherylann Vanderhide, Dir. Compliance & Governance
A. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So
should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a
CEH to hold.
B. Our exams are written my Subject matter experts and are not build by our in-house teams to ensure our tests focus on measuring the
required skills and knowledge.
C. Our courseware/ study material is a guideline that equips you with concepts, tools and techniques of ethical hacking and security
assessments.
Therefore, the official course may or may not prepare the student to pass the exam. The updates to exams are unannounced and have
caused massive failures after these updates were implemented. In the end, these unannounced updates have cause additional funding to be
spent and time to study and re-take the exam. Exams questions could come from a variety of sources where conflicts in data could exist.
These issues are presently being discussed throughout the IT Security field and several high level US defense contractor companies have
been “burned” by this EC policy. On a different note and of a security concern is that EC Council (CEH) is based out of Selangor, Malaysia.
CompTIA and other certification vendors have version numbered exams and announce updates while maintaining a “bleed over” period that
allows students to take exams prior to the expiration of study material comes to pass.
The Ethical Hacking and Countermeasures course prepares candidates for the CEH exam offered by EC-Council. The
course focuses on hacking techniques and technology from an offensive perspective. The advanced security course is
regularly updated to reflect latest developments in the domain, including new hacking techniques, exploits, automated
programs as well as defensive recommendations as outlined by experts in the field.
11. The CPT certification is designed to certify that candidates have working knowledge and skills
in relation to the field of penetration testing.
The CPT consists of 9 Certified Penetration Tester (CPT) Domains are as follows: Penetration
Testing, Methodologies, Network Protocol Attacks, Network Reconnaissance, Vulnerability
Identification, Windows Exploits , Unix/Linux Exploits, Covert Channels & Rootkits, Wireless
Security Flaws, Web Application Vulnerabilities.
There are three options for taking the CPT exam:
The CPT is available at any of our training partner's locations throughout the world.
The exam can be proctored on-site at your location for groups of 10 or more.
Individuals employed at member organizations can take the exam over the internet.
The exam consists of two parts, a traditional multiple choice, true/false and multiple answer
examination and a take-home practical exam. The multiple choice exam consists of 50
questions randomly pulled from a master list of questions. The certification candidate has 2
hours to complete the exam.
A professional body reviews and maintains this training and certification, but who they are
remains unknown.
12. Recommendation
Considering the high high demand on training and acquiring new personnel with the needed
skill sets to not only be aware of cyber threats, but also how to effectively deal with those
threats.
The recommendation to allow the fastest and most efficient route and keep the Continuing
Education (CE) credits at a minimum while obtaining the most sought after certifications is to
use CompTIA and Mile2.
CompTIA A+ and Security+ will provide the immediate foundational layers needed to establish
the platform where the expert level of penetration testing can be built. Both of these vendors are
professionally friendly and recognized by the United States government within the DoD 8750,
soon to be replaced by the DoD 8140 Directive on baseline certifications. Obtaining CE credits
can be applied to both, cutting down on additional study time for the working professional.
Additionally, the ease at which to study the given materials are set and the exams are drawn
from these specific materials that will aid in first-time passing.
CompTIA and Mile2 both meet and in some cases, exceed, the training issued by Information
Assurance Support Environment (http://iase.disa.mil/iawip/Pages/iabaseline.aspx) for the
establishment of baseline certification for DoD.
13. Additional Resources
Free Online Training
• https://www.cybrary.it/
• https://www.hackthissite.org/
• https://www.concise-courses.com/hacking-tools/
Paid Training
• https://www.udemy.com/courses/
• https://www.concise-courses.com
• https://www.coursera.org/course/comnetworks
• http://www.trainace.com/security/security-events-webinars/#.VppMdporL4Y
Recommended Awareness Training
• http://www.disa.mil/News/Training/DISN-Services-Training-Course