Global cybercrime costs are expected to grow 15% over the next few years. Globally, that will equate to $10 trillion annually. COVID-19 accelerated cybercrimes, but ransomware attacks have essentially doubled since 2020. According to Check Point Research, on average, around 1,000 organizations are impacted in some way by ransomware every week. Now more than ever, it is imperative that organizations prevent sensitive data from falling into the wrong hands.
The new version of the CompTIA PenTest+ exam reflects current pen testing techniques for the latest attack surfaces, including the cloud, hybrid environments and web applications, as well as more ethical hacking concepts, vulnerability scanning and code analysis.
As you climb the ranks of your cybersecurity career, you will be required to increase your technical skills in penetration testing and vulnerability management skills. CompTIA PenTest+ can give you those intermediate-level cybersecurity skills that penetration testers and security consultants are tasked with to plan and scope a penetration testing engagement including vulnerability scanning, understand legal and compliance requirements, analyze results, and produce a written report with remediation techniques.
Let’s take a closer look at how cybersecurity professionals who have CompTIA PenTest+ are qualified for the following jobs:
- Penetration tester
- Security analyst
- Security consultant
- Vulnerability analyst
- Web app penetration tester
How Does CompTIA PenTest+ Prepare IT Pros for Cybersecurity Jobs?
Let’s first take a look at how CompTIA PenTest+ prepares cybersecurity pros for these positions. Right off the bat, it’s important to note that CompTIA exams are developed through an intensive process where IT pros come together and discuss what knowledge, skills and abilities are required to perform certain job roles. So, you can be sure the topics covered by CompTIA PenTest+ match the knowledge, skills and abilities cybersecurity pros need today.
To be successful in any of the above listed cybersecurity jobs, an individual should be able to do the following:
- Plan and scope a penetration testing engagement
- Understand legal and compliance requirements
- Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
- Produce a written report containing proposed remediation techniques, effectively communicate results to the management team and provide practical recommendations
It’s no coincidence that these skills are exactly what CompTIA PenTest+ covers. (Check out the exam objectives for yourself – download them for free!) Organizations are looking to hire qualified cybersecurity pros who can confidently handle tasks aligned to the most up-to-date penetration testing, and vulnerability assessment and management skills, which are necessary to determine the resiliency of the network against attacks. And the median salaries for these positions back that up.
5 Jobs You Could Get with CompTIA PenTest+
If you have a CompTIA PenTest+ certification, you may be interested in one of the following in-demand, cybersecurity jobs.
1. Penetration Tester
If revealing vulnerabilities in computers, applications and networks sounds exciting to you, then penetration tester might be the job for you.
A penetration tester is responsible for testing cyber-defense capabilities and finding security holes and plugging them before an attacker can take advantage.
They ensure compliance and protect the organization in the following ways:
- Applies appropriate tools for penetration testing
- Performs social engineering tests and reviews physical security where appropriate
- Stays up-to-date with latest testing and hacking methods
- Collects data and deploys testing methodology
- Locates, assesses and manages vulnerabilities
CompTIA PenTest+ shows employers that you’re able to perform these exact skills and supporting effective risk management techniques.
For example, under the CompTIA PenTest+ exam domain of Planning and Scoping, candidates must know how to compare and contrast governance, risk and compliance concepts (1.1). This includes understanding regulatory compliance considerations, like Payment Card Industry Data Security Standard (PCI DSS) or General Data Protection, Regulation (GDPR). This is important because pen testers can be held criminally liable when operating without ethics or proper approvals.
With the importance of showing the real risk involved with the vulnerabilities encountered, it’s no surprise that the demand for penetration testers has increased. And, you’ll be rewarded for your knowledge. The median annual wage for penetration testers is $103,590 (U.S. Bureau of Labor Statistics (BLS)).
2. Security Analyst
A security analyst maintains the security of an organization’s data. Like in the reconnaissance process phase, they analyze security measures of systems to determine effectiveness and in turn, communicate issues and recommend improvement changes.
A cybersecurity analyst detects cyber threats and then implements changes to protect an organization in the following ways:
- Manages and configures tools to monitor activity on the network
- Analyzes the reports from those tools to identify unusual behavior on the network
- Proactively identifies network vulnerabilities through penetration testing, vulnerability scans and vulnerability assessment reports
- Plans and recommends changes to increase the security of the network
- Implements staff training on proper security measures
CompTIA PenTest+ is ideally suited for IT professionals with a minimum of 3 to 4 years of hands-on information security or related experience. CompTIA PenTest+ helps security analysts stay on top of their hands-on skills and validates their ability to serve as a cybersecurity analyst with an organization of any size.
For example, under the exam domain Reporting and Communication, candidates must be able to analyze the findings and recommend the appropriate remediation within a report (4.2). This includes technical controls like system hardening or administrative controls like role-based access control. Reporting is especially important for complying with regulations.
CompTIA PenTest+ holders are responsible for analyzing results and producing a written report with remediation techniques. They gather data and conduct active reconnaissance, which is then synthesized into reportable information. This report highlights weaknesses and makes recommendations to improve the security. This is why security analysts would benefit from CompTIA PenTest+. According to CyberSeek, the average annual wage is $95,000 for security analysts.
3. Security Consultant
Similar to a security analyst, a security consultant finds vulnerabilities in computer systems, software programs and networks to develop solutions that strengthen the systems against bad actors or hackers. Because they serve in a consultant role, these individuals tend to be extremely specialized in all aspects of penetration testing and vulnerability management. Security consultants may work for one organization or consult with multiple clients, so they must be able to work cross-functionally due to the large amount of data that they are responsible for monitoring and protecting.
A security consultant is an IT professional who is trained to protect the confidentiality, integrity and availability of data and network devices in the following ways:
- Works closely with managers, engineers and other cybersecurity analysts to decrease risks for an organization
- Oversees and conducts tests for system vulnerabilities
- Plans and designs security architectures for IT projects
- Updates and upgrades security systems as needed
- Communicates findings to executive management
Many of the skills for a career as a security consultant can be validated with CompTIA PenTest+. It shows that someone has the necessary skills to run tests on system and search for potential issues and breaches within any environment.
For example, in the exam domain Attacks and Exploits, candidates must perform a social engineering or physical attack (3.6). This includes email phishing, short message service (SMS) phishing, watering hole attack, tailgating, shoulder surfing and badge cloning. CompTIA PenTest+ was updated to specifically address the fact that there is a need to secure multiple attack surfaces.
Organizations hire security consultants to protect their data and sensitive information. Breaches due to vulnerabilities can affect consumer confidence and wreak havoc on an organization’s financials, thus making security a top priority for most organizations. CompTIA PenTest+ assesses best practices for performing penetration testing and post-exploitation techniques.
The average salary for security consultants is $105,000 a year (CyberSeek.org)
4. Vulnerability Analyst
A vulnerability analyst detects weaknesses in networks and software and then takes measures to correct and strengthen security within the system.
Job duties include:
- Develops risk-based mitigation strategies for networks, operating systems and applications
- Compiles and tracks vulnerabilities and mitigation results to quantify program effectiveness
- Creates and maintains vulnerability management policies, procedures and training
- Reviews and defines requirements for information security solutions
- Organizes network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers and other network hosts
CompTIA PenTest+ can help you along your way as you move up to a position as a vulnerability analyst. For example, in the exam domain Information Gathering and Vulnerability Scanning, candidates must be able to perform vulnerability scanning (2.4). This includes considering time to run scans, protocols, network topology and bandwidth limitations, as well as knowing various scanning methods, like stealth scan, transmission control or Protocol Connect Scan (TCP).
Organizations must efficiently mitigate vulnerabilities, avoiding unnecessary dangers to operations. CompTIA PenTest+ covers performing vulnerability scanning and passive/active reconnaissance, vulnerability management, as well as analyzing the results of the reconnaissance exercise.
With the importance of the need for these analyst skills, it is no wonder they are paid handsomely. The median annual wage for vulnerability analysts is $103,590 (BLS).
5. Web App Penetration Tester
Organizations use web applications, mobile applications and APIs, for daily business to conduct automated activities that may use sensitive data, like creating a user account on their website or completing a transaction. As more and more organizations fall victim to breaches, they must ensure that proper security controls are set for not only the software development life cycle (SDLC), but also for their continuous web application maintenance.
A web app penetration tester is tasked with securing an organization’s web apps through penetration testing and their understanding of web application security issues in the following ways:
- Provides expertise on offensive security testing operations
- Tests defensive security mechanisms
- Narrows attack vectors via web app penetration testing tools
- Communicates exploit results to non-technical audiences
- Prioritizes vulnerabilities for ongoing remediation and support
Web app penetration testers must find security vulnerabilities in web environments and report on potential risks to the organization. CompTIA PenTest+ is ideal for this sort of role because it directly addresses the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT) devices, embedded systems and traditional on-premises environments.
In the exam domain Tools and Code Analysis, candidates must be able to explain the basic concepts of scripting and software development (5.1) and analyze a script or code sample for use in a penetration test (5.2). This includes knowing logic constructs and data structures, as well as reviewing opportunities for automation and analyzing exploit code. Automation is required for modern vulnerability management to counteract automated attacks.
Exposure to different scripts and code samples provides an expanded toolbox to help pen testers progress through their career, and pen testers work with scripting more and more as they advance in their careers.
Web app penetration testers are in demand must have validated credentials. The average salary for web app penetration testers is $103,000 a year (Cyberseek.org).
Advance Your Career with CompTIA PenTest+
As you can see, the necessity of addressing the ability to conduct penetration testing and perform vulnerability management within an organization is imperative to strengthen the security posture. These intermediate-level cybersecurity pros are focused on preventing sensitive data from falling into the wrong hands.
CompTIA PenTest+ ensures IT pros are qualified to plan and scope a penetration testing engagement including vulnerability scanning, understand legal and compliance requirements, analyze results and produce a written report with remediation techniques.
Looking to get ahead? Download the CompTIA PenTest+ exam objectives and advance your cybersecurity career.