Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Penetration and hacking training brief

1,061 views

Published on

A review of current training options for penetration testing/hacking courses/certifications.

Published in: Education
  • Login to see the comments

  • Be the first to like this

Penetration and hacking training brief

  1. 1. Penetration and Hacking Training Online and Boot Camps Options with Costs
  2. 2. Foundational Certifications Before attempting to obtain a higher level ethical hacking or penetration testing certification, the trainee should obtain at least the foundational background that any of the three vendors listed below offer. For example the trainee could obtain A+ and then move to Security+ or test for one of the Cisco certifications or just the ISC2 SSCP. Having basic computer knowledge is essential to understanding the inner workings of software and hardware. This is in addition to a college degree in IT security. Please see the IT Roadmap on the next slide.
  3. 3. Most direct route
  4. 4. Foundational Certifications, Cont. The next slide illustrates the competing vendors that offer either ethical hacking, penetration testing, or both. Since the Cyber Initiative is critical, the path of least resistance to obtain the best training from vendors that have shown worldwide acceptance while allowing the student various options of learning will be listed. CompTIA has worldwide recognition and is certifying professionals daily. The certification exams can be easily studied by the professional through the online purchase of official study guides published by Pearson Vue, who also issues the exams at testing centers. Testing centers can be located online once an account is established and usually are located within community colleges or universities. Additional preparation for CompTIA and Cisco certifications, as well as, certifications covering ethical hacking and penetration testing can be found on sites offering free video training that can be taken in the office on NIPR or at home. This additional knowledge blocks are highly convenient for working professionals. Please see the slide on Additional Resources for the URL’s listed for these free sites.
  5. 5. Certified Hacking Penetration Training Options COMPANY / CERTIFICATION Boot Camp $ Online Delivery $ Self- Study $ Exam Cost Certification Renewal Mile2 - Certified Penetration Testing Engineer - C)PTE $3,000 (1)Books+Exam:$600 (2) Books,Video, labs + Exam: $950 (1) Books: $500 (2) Books & Videos: $1040 $400 TBA for Continuing Education Mile2 - Certified Prpfessional Ethical Hacker - C)PEH $3,000 (1)Books+Exam:$600 (2) Books,Video, labs + Exam: $950 (1) Books: $500 (2) Books & Videos: $1040 $400 TBA for Continuing Education Offensive Security - OS Certified Professional - OSCP No (1) 30-Days: $800 (2) 60-Days: $1000 (3) 90-Days: $1,150 Prep with 3 options online videos/labs Price included in Lab purchase No GIAC - Penetration Tester GCIH, GCED, GPEN $5,620 Not Specific 3rd Party Sources $659 Every 4 years / $399 / 36 Continuing Education Credits EC Council - Certified Ethical Hacker - CEH TBD $2,895 $870 $500 +$100 application fee Every 3 years with $80 annual fee / 120 CE's IACRB - Certified Penetration Tester - CPT $4,198 Certain Files Availble Certain Files Availble $499-$399 (2 exams) Every 4 years by takign a new exam at no cost
  6. 6. Certification Vendor Mile2 GIAC EC Council IACRB Offensive Security Acceditation and Compliance NICE, ANSI N/A N/A ANSI/ISO/IEC 17024 NICCS, NSA CNSS 4011-4016, USAF, FBI (Tier 1-3), & DHS / Canadian Department of National Defense Certification Accreditation and Compliance List
  7. 7. Promotional Video https://www.youtube.com/watch?v=wUo_0SIxhqw The Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of vulnerability consultants. The C)PTE course/certification has been validated by the NSA for: CNSSI—4013, National Information Assurance Training Standard for System Administrators. This certification specially designed for the United States Air Force and is currently being offered through self-study online training with additional penetration labs or through boot camps that also use real-time penetration labs. Note: Mile2 was largely responsible for the early adoption and success of EC-Council's Certified Ethical Hacker Course within the USA and several other countries. At the time, Mile2 was the world's largest provider of Penetration Testing training and initially chose the basic CEH training course as our flagship for Penetration Testing training events. For a long time, Mile2 delivered more CEH classes within the USA than any other training provider and possibly globally. The Certified Professional Ethical Hacker course is the foundational training to mile2’s line of penetration testing courses. The C)PEH certification training enables students to understand the importance of vulnerability assessments by providing industry knowledge and skills in Vulnerability Assessments. In doing so, the C)PEH student is able to understand how malware and destructive viruses function. In addition, the C)PEH course helps students learn how to implement counter response and preventative measures when it comes to a network hack. Mile2 certification courses teach the fundamental and advanced principles of cyber security and follows a course/certification track that leads to advanced hands-on skills training for penetration testing, disaster recovery, incident handling and network forensics. Mile2 also provides Information Assurance services that meet military, government, private sector and institutional specifications. C)PEH and C)PTE courses have both an exam and practical lab incorporated within its training. It exceeds CEH training while folding in virtual labs with reporting as one would find in the Offensive Security course. It’s the best of both worlds!
  8. 8. Penetration Testing with Kali (PWK) is a self-paced online penetration testing course designed for network administrators and security professionals who want to take a serious and meaningful step into the world of professional penetration testing. This unique penetration testing training course introduces students to the latest ethical hacking tools and techniques, including remote, virtual penetration testing labs for practicing the course materials. Penetration Testing with Kali Linux simulates a full penetration test from start to finish, by injecting the student into a target-rich, diverse, and vulnerable network environment. Penetration Testing with Kali Linux is a foundational security course, but still requires students to have certain knowledge prior to attending the online training class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus. This advanced penetration testing course is not for the faint of heart; it requires practice, testing, and the ability to want to learn in a manner that will grow your career in the information security field and overcome any learning plateau. Offensive Security challenges you to rise above the rest, dive into the fine arts of advanced penetration testing, and to Try Harder™. OSCP
  9. 9. GIAC Certified Incident Handler (GCIH) Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The GCIH certification focuses on detecting, responding, and resolving computer security incidents. GIAC Penetration Tester (GPEN) The GPEN certification is for security personnel whose job duties involve assessing target networks and systems to find security vulnerabilities. Certification objectives include penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test. No Specific training is required for any GIAC certification. GIAC Certified Enterprise Defender (GCED) The GCED builds on the security skills measured by the GSEC (no overlap). It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. Knowledge, skills and abilities assessed are taken from the areas of Defensive Network Infrastructure, Packet Analysis, Penetration Testing, Incident Handling, and Malware Removal.
  10. 10. Statement from Cherylann Vanderhide, Dir. Compliance & Governance A. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold. B. Our exams are written my Subject matter experts and are not build by our in-house teams to ensure our tests focus on measuring the required skills and knowledge. C. Our courseware/ study material is a guideline that equips you with concepts, tools and techniques of ethical hacking and security assessments. Therefore, the official course may or may not prepare the student to pass the exam. The updates to exams are unannounced and have caused massive failures after these updates were implemented. In the end, these unannounced updates have cause additional funding to be spent and time to study and re-take the exam. Exams questions could come from a variety of sources where conflicts in data could exist. These issues are presently being discussed throughout the IT Security field and several high level US defense contractor companies have been “burned” by this EC policy. On a different note and of a security concern is that EC Council (CEH) is based out of Selangor, Malaysia. CompTIA and other certification vendors have version numbered exams and announce updates while maintaining a “bleed over” period that allows students to take exams prior to the expiration of study material comes to pass. The Ethical Hacking and Countermeasures course prepares candidates for the CEH exam offered by EC-Council. The course focuses on hacking techniques and technology from an offensive perspective. The advanced security course is regularly updated to reflect latest developments in the domain, including new hacking techniques, exploits, automated programs as well as defensive recommendations as outlined by experts in the field.
  11. 11. The CPT certification is designed to certify that candidates have working knowledge and skills in relation to the field of penetration testing. The CPT consists of 9 Certified Penetration Tester (CPT) Domains are as follows: Penetration Testing, Methodologies, Network Protocol Attacks, Network Reconnaissance, Vulnerability Identification, Windows Exploits , Unix/Linux Exploits, Covert Channels & Rootkits, Wireless Security Flaws, Web Application Vulnerabilities. There are three options for taking the CPT exam: The CPT is available at any of our training partner's locations throughout the world. The exam can be proctored on-site at your location for groups of 10 or more. Individuals employed at member organizations can take the exam over the internet. The exam consists of two parts, a traditional multiple choice, true/false and multiple answer examination and a take-home practical exam. The multiple choice exam consists of 50 questions randomly pulled from a master list of questions. The certification candidate has 2 hours to complete the exam. A professional body reviews and maintains this training and certification, but who they are remains unknown.
  12. 12. Recommendation Considering the high high demand on training and acquiring new personnel with the needed skill sets to not only be aware of cyber threats, but also how to effectively deal with those threats. The recommendation to allow the fastest and most efficient route and keep the Continuing Education (CE) credits at a minimum while obtaining the most sought after certifications is to use CompTIA and Mile2. CompTIA A+ and Security+ will provide the immediate foundational layers needed to establish the platform where the expert level of penetration testing can be built. Both of these vendors are professionally friendly and recognized by the United States government within the DoD 8750, soon to be replaced by the DoD 8140 Directive on baseline certifications. Obtaining CE credits can be applied to both, cutting down on additional study time for the working professional. Additionally, the ease at which to study the given materials are set and the exams are drawn from these specific materials that will aid in first-time passing. CompTIA and Mile2 both meet and in some cases, exceed, the training issued by Information Assurance Support Environment (http://iase.disa.mil/iawip/Pages/iabaseline.aspx) for the establishment of baseline certification for DoD.
  13. 13. Additional Resources Free Online Training • https://www.cybrary.it/ • https://www.hackthissite.org/ • https://www.concise-courses.com/hacking-tools/ Paid Training • https://www.udemy.com/courses/ • https://www.concise-courses.com • https://www.coursera.org/course/comnetworks • http://www.trainace.com/security/security-events-webinars/#.VppMdporL4Y Recommended Awareness Training • http://www.disa.mil/News/Training/DISN-Services-Training-Course

×