SlideShare a Scribd company logo

Penetration and hacking training brief

B
Bill Nelson

A review of current training options for penetration testing/hacking courses/certifications.

Education
1 of 13
Download to read offline
Penetration and Hacking Training Online and Boot Camps Options with Costs
Foundational Certifications Before attempting to obtain a higher level ethical hacking or penetration testing certification, the trainee should obtain at least the foundational background that any of the three vendors listed below offer. For example the trainee could obtain A+ and then move to Security+ or test for one of the Cisco certifications or just the ISC2 SSCP. Having basic computer knowledge is essential to understanding the inner workings of software and hardware. This is in addition to a college degree in IT security. Please see the IT Roadmap on the next slide.
Most direct route
Foundational Certifications, Cont. The next slide illustrates the competing vendors that offer either ethical hacking, penetration testing, or both. Since the Cyber Initiative is critical, the path of least resistance to obtain the best training from vendors that have shown worldwide acceptance while allowing the student various options of learning will be listed. CompTIA has worldwide recognition and is certifying professionals daily. The certification exams can be easily studied by the professional through the online purchase of official study guides published by Pearson Vue, who also issues the exams at testing centers. Testing centers can be located online once an account is established and usually are located within community colleges or universities. Additional preparation for CompTIA and Cisco certifications, as well as, certifications covering ethical hacking and penetration testing can be found on sites offering free video training that can be taken in the office on NIPR or at home. This additional knowledge blocks are highly convenient for working professionals. Please see the slide on Additional Resources for the URL’s listed for these free sites.
Certified Hacking Penetration Training Options COMPANY / CERTIFICATION Boot Camp $ Online Delivery $ Self- Study $ Exam Cost Certification Renewal Mile2 - Certified Penetration Testing Engineer - C)PTE $3,000 (1)Books+Exam:$600 (2) Books,Video, labs + Exam: $950 (1) Books: $500 (2) Books & Videos: $1040 $400 TBA for Continuing Education Mile2 - Certified Prpfessional Ethical Hacker - C)PEH $3,000 (1)Books+Exam:$600 (2) Books,Video, labs + Exam: $950 (1) Books: $500 (2) Books & Videos: $1040 $400 TBA for Continuing Education Offensive Security - OS Certified Professional - OSCP No (1) 30-Days: $800 (2) 60-Days: $1000 (3) 90-Days: $1,150 Prep with 3 options online videos/labs Price included in Lab purchase No GIAC - Penetration Tester GCIH, GCED, GPEN $5,620 Not Specific 3rd Party Sources $659 Every 4 years / $399 / 36 Continuing Education Credits EC Council - Certified Ethical Hacker - CEH TBD $2,895 $870 $500 +$100 application fee Every 3 years with $80 annual fee / 120 CE's IACRB - Certified Penetration Tester - CPT $4,198 Certain Files Availble Certain Files Availble $499-$399 (2 exams) Every 4 years by takign a new exam at no cost
Certification Vendor Mile2 GIAC EC Council IACRB Offensive Security Acceditation and Compliance NICE, ANSI N/A N/A ANSI/ISO/IEC 17024 NICCS, NSA CNSS 4011-4016, USAF, FBI (Tier 1-3), & DHS / Canadian Department of National Defense Certification Accreditation and Compliance List
Promotional Video https://www.youtube.com/watch?v=wUo_0SIxhqw The Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of vulnerability consultants. The C)PTE course/certification has been validated by the NSA for: CNSSI—4013, National Information Assurance Training Standard for System Administrators. This certification specially designed for the United States Air Force and is currently being offered through self-study online training with additional penetration labs or through boot camps that also use real-time penetration labs. Note: Mile2 was largely responsible for the early adoption and success of EC-Council's Certified Ethical Hacker Course within the USA and several other countries. At the time, Mile2 was the world's largest provider of Penetration Testing training and initially chose the basic CEH training course as our flagship for Penetration Testing training events. For a long time, Mile2 delivered more CEH classes within the USA than any other training provider and possibly globally. The Certified Professional Ethical Hacker course is the foundational training to mile2’s line of penetration testing courses. The C)PEH certification training enables students to understand the importance of vulnerability assessments by providing industry knowledge and skills in Vulnerability Assessments. In doing so, the C)PEH student is able to understand how malware and destructive viruses function. In addition, the C)PEH course helps students learn how to implement counter response and preventative measures when it comes to a network hack. Mile2 certification courses teach the fundamental and advanced principles of cyber security and follows a course/certification track that leads to advanced hands-on skills training for penetration testing, disaster recovery, incident handling and network forensics. Mile2 also provides Information Assurance services that meet military, government, private sector and institutional specifications. C)PEH and C)PTE courses have both an exam and practical lab incorporated within its training. It exceeds CEH training while folding in virtual labs with reporting as one would find in the Offensive Security course. It’s the best of both worlds!
Penetration Testing with Kali (PWK) is a self-paced online penetration testing course designed for network administrators and security professionals who want to take a serious and meaningful step into the world of professional penetration testing. This unique penetration testing training course introduces students to the latest ethical hacking tools and techniques, including remote, virtual penetration testing labs for practicing the course materials. Penetration Testing with Kali Linux simulates a full penetration test from start to finish, by injecting the student into a target-rich, diverse, and vulnerable network environment. Penetration Testing with Kali Linux is a foundational security course, but still requires students to have certain knowledge prior to attending the online training class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus. This advanced penetration testing course is not for the faint of heart; it requires practice, testing, and the ability to want to learn in a manner that will grow your career in the information security field and overcome any learning plateau. Offensive Security challenges you to rise above the rest, dive into the fine arts of advanced penetration testing, and to Try Harder™. OSCP
GIAC Certified Incident Handler (GCIH) Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The GCIH certification focuses on detecting, responding, and resolving computer security incidents. GIAC Penetration Tester (GPEN) The GPEN certification is for security personnel whose job duties involve assessing target networks and systems to find security vulnerabilities. Certification objectives include penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test. No Specific training is required for any GIAC certification. GIAC Certified Enterprise Defender (GCED) The GCED builds on the security skills measured by the GSEC (no overlap). It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. Knowledge, skills and abilities assessed are taken from the areas of Defensive Network Infrastructure, Packet Analysis, Penetration Testing, Incident Handling, and Malware Removal.
Statement from Cherylann Vanderhide, Dir. Compliance & Governance A. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold. B. Our exams are written my Subject matter experts and are not build by our in-house teams to ensure our tests focus on measuring the required skills and knowledge. C. Our courseware/ study material is a guideline that equips you with concepts, tools and techniques of ethical hacking and security assessments. Therefore, the official course may or may not prepare the student to pass the exam. The updates to exams are unannounced and have caused massive failures after these updates were implemented. In the end, these unannounced updates have cause additional funding to be spent and time to study and re-take the exam. Exams questions could come from a variety of sources where conflicts in data could exist. These issues are presently being discussed throughout the IT Security field and several high level US defense contractor companies have been “burned” by this EC policy. On a different note and of a security concern is that EC Council (CEH) is based out of Selangor, Malaysia. CompTIA and other certification vendors have version numbered exams and announce updates while maintaining a “bleed over” period that allows students to take exams prior to the expiration of study material comes to pass. The Ethical Hacking and Countermeasures course prepares candidates for the CEH exam offered by EC-Council. The course focuses on hacking techniques and technology from an offensive perspective. The advanced security course is regularly updated to reflect latest developments in the domain, including new hacking techniques, exploits, automated programs as well as defensive recommendations as outlined by experts in the field.
The CPT certification is designed to certify that candidates have working knowledge and skills in relation to the field of penetration testing. The CPT consists of 9 Certified Penetration Tester (CPT) Domains are as follows: Penetration Testing, Methodologies, Network Protocol Attacks, Network Reconnaissance, Vulnerability Identification, Windows Exploits , Unix/Linux Exploits, Covert Channels & Rootkits, Wireless Security Flaws, Web Application Vulnerabilities. There are three options for taking the CPT exam: The CPT is available at any of our training partner's locations throughout the world. The exam can be proctored on-site at your location for groups of 10 or more. Individuals employed at member organizations can take the exam over the internet. The exam consists of two parts, a traditional multiple choice, true/false and multiple answer examination and a take-home practical exam. The multiple choice exam consists of 50 questions randomly pulled from a master list of questions. The certification candidate has 2 hours to complete the exam. A professional body reviews and maintains this training and certification, but who they are remains unknown.
Recommendation Considering the high high demand on training and acquiring new personnel with the needed skill sets to not only be aware of cyber threats, but also how to effectively deal with those threats. The recommendation to allow the fastest and most efficient route and keep the Continuing Education (CE) credits at a minimum while obtaining the most sought after certifications is to use CompTIA and Mile2. CompTIA A+ and Security+ will provide the immediate foundational layers needed to establish the platform where the expert level of penetration testing can be built. Both of these vendors are professionally friendly and recognized by the United States government within the DoD 8750, soon to be replaced by the DoD 8140 Directive on baseline certifications. Obtaining CE credits can be applied to both, cutting down on additional study time for the working professional. Additionally, the ease at which to study the given materials are set and the exams are drawn from these specific materials that will aid in first-time passing. CompTIA and Mile2 both meet and in some cases, exceed, the training issued by Information Assurance Support Environment (http://iase.disa.mil/iawip/Pages/iabaseline.aspx) for the establishment of baseline certification for DoD.
Additional Resources Free Online Training • https://www.cybrary.it/ • https://www.hackthissite.org/ • https://www.concise-courses.com/hacking-tools/ Paid Training • https://www.udemy.com/courses/ • https://www.concise-courses.com • https://www.coursera.org/course/comnetworks • http://www.trainace.com/security/security-events-webinars/#.VppMdporL4Y Recommended Awareness Training • http://www.disa.mil/News/Training/DISN-Services-Training-Course

Recommended

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsTechWell
 

Recommended

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsTechWell
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testingEngr Md Yusuf Miah
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Network penetration testing
Network penetration testingNetwork penetration testing
Network penetration testingImaginea
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection SystemsSam Bowne
 

More Related Content

What's hot

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testingEngr Md Yusuf Miah
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Network penetration testing
Network penetration testingNetwork penetration testing
Network penetration testingImaginea
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 

What's hot (20)

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testing
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
Network penetration testing
Network penetration testingNetwork penetration testing
Network penetration testing
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 

Viewers also liked

Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection SystemsSam Bowne
 
Recruiters' guide to hire an Ethical hacker
Recruiters' guide to hire an Ethical hackerRecruiters' guide to hire an Ethical hacker
Recruiters' guide to hire an Ethical hackerAyman Hussein
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?amiable_indian
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point FirewallsBen Rothke
 
Ce hv7 module 05 system hacking
Ce hv7 module 05 system hackingCe hv7 module 05 system hacking
Ce hv7 module 05 system hackingZuleima Parada
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Standard penetration test
Standard penetration testStandard penetration test
Standard penetration testhari babu
 
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hackingCeh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hackingsabulite
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
The immune checkpoint landscape in 2015: combination therapy
The immune checkpoint landscape in 2015: combination therapyThe immune checkpoint landscape in 2015: combination therapy
The immune checkpoint landscape in 2015: combination therapyPaul D. Rennert
 
Wireshark
WiresharkWireshark
Wiresharkbtohara
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Ashley Wheeler
 
Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Yoram Orzach
 

Viewers also liked (20)

Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection Systems
 
Recruiters' guide to hire an Ethical hacker
Recruiters' guide to hire an Ethical hackerRecruiters' guide to hire an Ethical hacker
Recruiters' guide to hire an Ethical hacker
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
 
Wireshark ppt
Wireshark pptWireshark ppt
Wireshark ppt
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point Firewalls
 
Ce hv7 module 05 system hacking
Ce hv7 module 05 system hackingCe hv7 module 05 system hacking
Ce hv7 module 05 system hacking
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Standard penetration test
Standard penetration testStandard penetration test
Standard penetration test
 
Wireshark
WiresharkWireshark
Wireshark
 
Network Dersleri1
Network Dersleri1Network Dersleri1
Network Dersleri1
 
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hackingCeh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hacking
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
 
Wireshark
WiresharkWireshark
Wireshark
 
The immune checkpoint landscape in 2015: combination therapy
The immune checkpoint landscape in 2015: combination therapyThe immune checkpoint landscape in 2015: combination therapy
The immune checkpoint landscape in 2015: combination therapy
 
Wireshark
WiresharkWireshark
Wireshark
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark
 
Wireshark
WiresharkWireshark
Wireshark
 
Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1
 

Similar to Penetration and hacking training brief

Cehv10 Complete Details - brochure
Cehv10 Complete Details - brochureCehv10 Complete Details - brochure
Cehv10 Complete Details - brochureHBServices7
 
Penetration Testing.pptx
Penetration Testing.pptxPenetration Testing.pptx
Penetration Testing.pptxjoe reese
 
CompTIA Security+ Certification | Sec+
CompTIA Security+ Certification | Sec+ CompTIA Security+ Certification | Sec+
CompTIA Security+ Certification | Sec+ SagarNegi10
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
How to become a Certified Ethical Hacker.pdf
How to become a Certified Ethical Hacker.pdfHow to become a Certified Ethical Hacker.pdf
How to become a Certified Ethical Hacker.pdftsaaroacademy
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
The Ultimate EC Council Certification Handbook
The Ultimate EC Council Certification HandbookThe Ultimate EC Council Certification Handbook
The Ultimate EC Council Certification HandbookCalvin Sam
 
Top Cybersecurity Certs
Top Cybersecurity CertsTop Cybersecurity Certs
Top Cybersecurity CertsRiya Kapoor
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401pgupta101
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examInfosec
 
Computer Hacking Forensic Investigator Course Details and Course Brochure | E...
Computer Hacking Forensic Investigator Course Details and Course Brochure | E...Computer Hacking Forensic Investigator Course Details and Course Brochure | E...
Computer Hacking Forensic Investigator Course Details and Course Brochure | E...CRAW CYBER SECURITY PVT LTD
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
EC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystEC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystShivamSharma909
 

Similar to Penetration and hacking training brief (20)

Cehv10 Complete Details - brochure
Cehv10 Complete Details - brochureCehv10 Complete Details - brochure
Cehv10 Complete Details - brochure
 
Ce hv10 brochure
Ce hv10 brochureCe hv10 brochure
Ce hv10 brochure
 
Activity1 c1
Activity1 c1Activity1 c1
Activity1 c1
 
Penetration Testing.pptx
Penetration Testing.pptxPenetration Testing.pptx
Penetration Testing.pptx
 
CompTIA Security+ Certification | Sec+
CompTIA Security+ Certification | Sec+ CompTIA Security+ Certification | Sec+
CompTIA Security+ Certification | Sec+
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
How to become a Certified Ethical Hacker.pdf
How to become a Certified Ethical Hacker.pdfHow to become a Certified Ethical Hacker.pdf
How to become a Certified Ethical Hacker.pdf
 
Brochure of ICSS
Brochure of ICSS Brochure of ICSS
Brochure of ICSS
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
The Ultimate EC Council Certification Handbook
The Ultimate EC Council Certification HandbookThe Ultimate EC Council Certification Handbook
The Ultimate EC Council Certification Handbook
 
File1
File1File1
File1
 
Ce hv8 module 00
Ce hv8 module 00Ce hv8 module 00
Ce hv8 module 00
 
Top Cybersecurity Certs
Top Cybersecurity CertsTop Cybersecurity Certs
Top Cybersecurity Certs
 
Ecsa LPT V8 brochure
Ecsa LPT V8 brochureEcsa LPT V8 brochure
Ecsa LPT V8 brochure
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
 
Computer Hacking Forensic Investigator Course Details and Course Brochure | E...
Computer Hacking Forensic Investigator Course Details and Course Brochure | E...Computer Hacking Forensic Investigator Course Details and Course Brochure | E...
Computer Hacking Forensic Investigator Course Details and Course Brochure | E...
 
mille2.pptx
mille2.pptxmille2.pptx
mille2.pptx
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
EC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystEC-Council Certified SOC Analyst
EC-Council Certified SOC Analyst
 

Recently uploaded

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxleah joy valeriano
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 

Recently uploaded (20)

LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 

Penetration and hacking training brief

  • 1. Penetration and Hacking Training Online and Boot Camps Options with Costs
  • 2. Foundational Certifications Before attempting to obtain a higher level ethical hacking or penetration testing certification, the trainee should obtain at least the foundational background that any of the three vendors listed below offer. For example the trainee could obtain A+ and then move to Security+ or test for one of the Cisco certifications or just the ISC2 SSCP. Having basic computer knowledge is essential to understanding the inner workings of software and hardware. This is in addition to a college degree in IT security. Please see the IT Roadmap on the next slide.
  • 4. Foundational Certifications, Cont. The next slide illustrates the competing vendors that offer either ethical hacking, penetration testing, or both. Since the Cyber Initiative is critical, the path of least resistance to obtain the best training from vendors that have shown worldwide acceptance while allowing the student various options of learning will be listed. CompTIA has worldwide recognition and is certifying professionals daily. The certification exams can be easily studied by the professional through the online purchase of official study guides published by Pearson Vue, who also issues the exams at testing centers. Testing centers can be located online once an account is established and usually are located within community colleges or universities. Additional preparation for CompTIA and Cisco certifications, as well as, certifications covering ethical hacking and penetration testing can be found on sites offering free video training that can be taken in the office on NIPR or at home. This additional knowledge blocks are highly convenient for working professionals. Please see the slide on Additional Resources for the URL’s listed for these free sites.
  • 5. Certified Hacking Penetration Training Options COMPANY / CERTIFICATION Boot Camp $ Online Delivery $ Self- Study $ Exam Cost Certification Renewal Mile2 - Certified Penetration Testing Engineer - C)PTE $3,000 (1)Books+Exam:$600 (2) Books,Video, labs + Exam: $950 (1) Books: $500 (2) Books & Videos: $1040 $400 TBA for Continuing Education Mile2 - Certified Prpfessional Ethical Hacker - C)PEH $3,000 (1)Books+Exam:$600 (2) Books,Video, labs + Exam: $950 (1) Books: $500 (2) Books & Videos: $1040 $400 TBA for Continuing Education Offensive Security - OS Certified Professional - OSCP No (1) 30-Days: $800 (2) 60-Days: $1000 (3) 90-Days: $1,150 Prep with 3 options online videos/labs Price included in Lab purchase No GIAC - Penetration Tester GCIH, GCED, GPEN $5,620 Not Specific 3rd Party Sources $659 Every 4 years / $399 / 36 Continuing Education Credits EC Council - Certified Ethical Hacker - CEH TBD $2,895 $870 $500 +$100 application fee Every 3 years with $80 annual fee / 120 CE's IACRB - Certified Penetration Tester - CPT $4,198 Certain Files Availble Certain Files Availble $499-$399 (2 exams) Every 4 years by takign a new exam at no cost
  • 6. Certification Vendor Mile2 GIAC EC Council IACRB Offensive Security Acceditation and Compliance NICE, ANSI N/A N/A ANSI/ISO/IEC 17024 NICCS, NSA CNSS 4011-4016, USAF, FBI (Tier 1-3), & DHS / Canadian Department of National Defense Certification Accreditation and Compliance List
  • 7. Promotional Video https://www.youtube.com/watch?v=wUo_0SIxhqw The Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of vulnerability consultants. The C)PTE course/certification has been validated by the NSA for: CNSSI—4013, National Information Assurance Training Standard for System Administrators. This certification specially designed for the United States Air Force and is currently being offered through self-study online training with additional penetration labs or through boot camps that also use real-time penetration labs. Note: Mile2 was largely responsible for the early adoption and success of EC-Council's Certified Ethical Hacker Course within the USA and several other countries. At the time, Mile2 was the world's largest provider of Penetration Testing training and initially chose the basic CEH training course as our flagship for Penetration Testing training events. For a long time, Mile2 delivered more CEH classes within the USA than any other training provider and possibly globally. The Certified Professional Ethical Hacker course is the foundational training to mile2’s line of penetration testing courses. The C)PEH certification training enables students to understand the importance of vulnerability assessments by providing industry knowledge and skills in Vulnerability Assessments. In doing so, the C)PEH student is able to understand how malware and destructive viruses function. In addition, the C)PEH course helps students learn how to implement counter response and preventative measures when it comes to a network hack. Mile2 certification courses teach the fundamental and advanced principles of cyber security and follows a course/certification track that leads to advanced hands-on skills training for penetration testing, disaster recovery, incident handling and network forensics. Mile2 also provides Information Assurance services that meet military, government, private sector and institutional specifications. C)PEH and C)PTE courses have both an exam and practical lab incorporated within its training. It exceeds CEH training while folding in virtual labs with reporting as one would find in the Offensive Security course. It’s the best of both worlds!
  • 8. Penetration Testing with Kali (PWK) is a self-paced online penetration testing course designed for network administrators and security professionals who want to take a serious and meaningful step into the world of professional penetration testing. This unique penetration testing training course introduces students to the latest ethical hacking tools and techniques, including remote, virtual penetration testing labs for practicing the course materials. Penetration Testing with Kali Linux simulates a full penetration test from start to finish, by injecting the student into a target-rich, diverse, and vulnerable network environment. Penetration Testing with Kali Linux is a foundational security course, but still requires students to have certain knowledge prior to attending the online training class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus. This advanced penetration testing course is not for the faint of heart; it requires practice, testing, and the ability to want to learn in a manner that will grow your career in the information security field and overcome any learning plateau. Offensive Security challenges you to rise above the rest, dive into the fine arts of advanced penetration testing, and to Try Harder™. OSCP
  • 9. GIAC Certified Incident Handler (GCIH) Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The GCIH certification focuses on detecting, responding, and resolving computer security incidents. GIAC Penetration Tester (GPEN) The GPEN certification is for security personnel whose job duties involve assessing target networks and systems to find security vulnerabilities. Certification objectives include penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test. No Specific training is required for any GIAC certification. GIAC Certified Enterprise Defender (GCED) The GCED builds on the security skills measured by the GSEC (no overlap). It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. Knowledge, skills and abilities assessed are taken from the areas of Defensive Network Infrastructure, Packet Analysis, Penetration Testing, Incident Handling, and Malware Removal.
  • 10. Statement from Cherylann Vanderhide, Dir. Compliance & Governance A. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold. B. Our exams are written my Subject matter experts and are not build by our in-house teams to ensure our tests focus on measuring the required skills and knowledge. C. Our courseware/ study material is a guideline that equips you with concepts, tools and techniques of ethical hacking and security assessments. Therefore, the official course may or may not prepare the student to pass the exam. The updates to exams are unannounced and have caused massive failures after these updates were implemented. In the end, these unannounced updates have cause additional funding to be spent and time to study and re-take the exam. Exams questions could come from a variety of sources where conflicts in data could exist. These issues are presently being discussed throughout the IT Security field and several high level US defense contractor companies have been “burned” by this EC policy. On a different note and of a security concern is that EC Council (CEH) is based out of Selangor, Malaysia. CompTIA and other certification vendors have version numbered exams and announce updates while maintaining a “bleed over” period that allows students to take exams prior to the expiration of study material comes to pass. The Ethical Hacking and Countermeasures course prepares candidates for the CEH exam offered by EC-Council. The course focuses on hacking techniques and technology from an offensive perspective. The advanced security course is regularly updated to reflect latest developments in the domain, including new hacking techniques, exploits, automated programs as well as defensive recommendations as outlined by experts in the field.
  • 11. The CPT certification is designed to certify that candidates have working knowledge and skills in relation to the field of penetration testing. The CPT consists of 9 Certified Penetration Tester (CPT) Domains are as follows: Penetration Testing, Methodologies, Network Protocol Attacks, Network Reconnaissance, Vulnerability Identification, Windows Exploits , Unix/Linux Exploits, Covert Channels & Rootkits, Wireless Security Flaws, Web Application Vulnerabilities. There are three options for taking the CPT exam: The CPT is available at any of our training partner's locations throughout the world. The exam can be proctored on-site at your location for groups of 10 or more. Individuals employed at member organizations can take the exam over the internet. The exam consists of two parts, a traditional multiple choice, true/false and multiple answer examination and a take-home practical exam. The multiple choice exam consists of 50 questions randomly pulled from a master list of questions. The certification candidate has 2 hours to complete the exam. A professional body reviews and maintains this training and certification, but who they are remains unknown.
  • 12. Recommendation Considering the high high demand on training and acquiring new personnel with the needed skill sets to not only be aware of cyber threats, but also how to effectively deal with those threats. The recommendation to allow the fastest and most efficient route and keep the Continuing Education (CE) credits at a minimum while obtaining the most sought after certifications is to use CompTIA and Mile2. CompTIA A+ and Security+ will provide the immediate foundational layers needed to establish the platform where the expert level of penetration testing can be built. Both of these vendors are professionally friendly and recognized by the United States government within the DoD 8750, soon to be replaced by the DoD 8140 Directive on baseline certifications. Obtaining CE credits can be applied to both, cutting down on additional study time for the working professional. Additionally, the ease at which to study the given materials are set and the exams are drawn from these specific materials that will aid in first-time passing. CompTIA and Mile2 both meet and in some cases, exceed, the training issued by Information Assurance Support Environment (http://iase.disa.mil/iawip/Pages/iabaseline.aspx) for the establishment of baseline certification for DoD.
  • 13. Additional Resources Free Online Training • https://www.cybrary.it/ • https://www.hackthissite.org/ • https://www.concise-courses.com/hacking-tools/ Paid Training • https://www.udemy.com/courses/ • https://www.concise-courses.com • https://www.coursera.org/course/comnetworks • http://www.trainace.com/security/security-events-webinars/#.VppMdporL4Y Recommended Awareness Training • http://www.disa.mil/News/Training/DISN-Services-Training-Course