Cybersecurity remains one of the hottest topics across all industries. In today’s world, each day brings news of another breach of privacy or security. According to a report from Verizon, the average total cost of a data breach is $3.86 million, and having a remote workforce increases this to $4 million. As organizations scramble to protect themselves and their customers in these hybrid environments, the necessity to conduct internal penetration testing (pen testing), or ethical hacking, is imperative. This valuable skillset is not only lucrative for organizations, but also for those who have the knowledge and ability to pen test.
If you’re currently working in information security and looking to get ahead in penetration testing, you may be familiar with CompTIA PenTest+. CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management. What you may not know, however, is what specific pen testing jobs you can get once you become CompTIA PenTest+ certified.
Let’s take a closer look at how IT professionals who have CompTIA PenTest+ are qualified for the following cybersecurity jobs:
- Penetration tester
- Security analyst (II)
- Threat intelligence analyst
- Vulnerability assessment analyst
- Network security operations
How Does PenTest+ Prepare IT Pros for Cybersecurity Jobs?
Let’s first take a look at how CompTIA PenTest+ prepares IT pros for these positions. Right off the bat, it’s important to note that CompTIA exams are developed through an intensive process that includes workshops where people who do these jobs every day come together and discuss what is needed to succeed. So, you can be sure the topics covered by CompTIA PenTest+ match the knowledge, skills and abilities cybersecurity pros need today.
For example, to be successful in any of the above listed cybersecurity jobs, an individual should be able to do the following:
- Plan and scope an assessment
- Understand legal and compliance requirements
- Perform vulnerability scanning and penetration testing using appropriate tools and techniques
- Analyze the results and produce a written report containing proposed remediation techniques
- Effectively communicate results to management
- Provide practical recommendations
It’s no coincidence that these skills are exactly what CompTIA PenTest+ covers. (Check out the exam objectives for yourself – for free!) Companies are looking to hire qualified IT pros who can confidently handle these tasks to identify vulnerabilities and appropriate remediation techniques – and the median salaries for these positions back that up.
CompTIA PenTest+ Is Now DoD Approved
CompTIA PenTest+ is now approved by the U.S. Department of Defense (DoD) 8570 for three cybersecurity job categories.
5 Jobs You Could Get with CompTIA PenTest+
If you have CompTIA PenTest+, you may be interested in one of the following in-demand, cybersecurity jobs.
1. Penetration Tester
If you like to exploit vulnerabilities and prove evidence of your success through vulnerability management, then penetration tester may be the job for you.
A penetration tester tests physical controls and technical weaknesses within an organization in the following ways:
- Applying appropriate tools for penetration testing
- Performing social engineering tests and reviewing physical security where appropriate
- Keeping up to date with latest testing and hacking methods
- Collecting data and deploying testing methodology
- Locating, assessing and managing vulnerabilities
- Making suggestions for security improvements and preparing technical responses to security questions
CompTIA PenTest+ can train you to do these exact things – and your certification shows potential employers that you can step up to the plate.
For example, under the domain of “Attacks and Exploits” on the CompTIA PenTest+ exam objectives, students must know how to exploit application-based vulnerabilities like credential brute forcing (3.4).
You may have heard about living off the land, which is popular technique of stealing system credentials without malware to gain access to networks. This attacks often goes unnoticed for some time, and bad actors can steal valuable data.
With the increase in techniques like living off the land, it’s no surprise that there is more and more demand for penetration testers. And, you’ll be rewarded for your knowledge. According to Cyberseek, penetration testers earn an average annual wage of $104,000.
2. Security Analyst (II)
Security analysts detect cyberthreats by performing vulnerability scans as a means of active reconnaissance efforts. They then must decide how to turn the results of the scan into exploits so they can test an organization’s strength. They focus on doing a deeper dive into the vulnerabilities through the following tactics:
- Managing and configuring tools to monitor activity on the network
- Analyzing reports from those tools to identify unusual behavior on the network
- Proactively identifying network vulnerabilities through penetration testing, vulnerability scans and vulnerability assessment reports
- Planning and recommending changes to increase the security of the network
- Applying security patches to protect the network
CompTIA PenTest+ can train you to think like an analyst and carry out these responsibilities in order to develop a strong security posture through the practice of testing an organization’s network.
For example, in the “Information Gathering and Vulnerability Identification” domain of the CompTIA PenTest+ exam objectives, students must analyze vulnerability scan results by asset categorization (2.3).
As a pen tester, you might treat assets assigned to a category as less relevant, even if its vulnerabilities are easier to exploit. The categories can help you determine which assets are more challenging to compromise, thus more likely to be targeted by a hacker.
It’s no surprise that demand for security analysts is huge. In the next eight years, CompTIA projects an increase of 31% for cybersecurity analysts. And, you’ll be rewarded for your knowledge. According to the U.S. Bureau of Labor Statistics, security analysts earn a median annual wage of $99,730.
3. Threat Intelligence Analyst
A threat intelligence analyst detects cyber threats and malware and analyzes the level of threat to inform cybersecurity business decisions. They also identify and classify potential cyberattack methods to evaluate risk and devise potential mitigation strategies.
On a daily basis, threat intelligence analysts are responsible for:
- Predicting trends in cybercrime based on current activity
- Describing threats in layman’s terms to stakeholders and executives
- Analyzing emails, blog posts and social media platforms to determine what level threat something or someone poses
- Conducting digital forensics
- Scoping a pen test engagement
CompTIA PenTest+ can train you to identify and understand emerging threats – and your certification validates this knowledge.
For example, in the “Planning and Scoping” domain of the CompTIA PenTest+ exam objectives, students must explain the importance of scoping an engagement properly (1.3).
Effectively scoping a pen test engagement involves determining the different types of attacks that threat actors will emulate. Threat hunting changes the approach from preventing all cyberattacks to realizing that hacks and attacks will happen and taking steps to identify and implement controls to minimize damage.
As cyberthreats become more complex and their potential for damage increases, the demand for this type of position has grown. The median advertised salary for a threat intelligence analyst is $98,000 according to Burning Glass Technologies Labor Insights Jobs. What’s more, this position is in demand. The U.S. Bureau of Labor Statistics projects that employment in information security will grow 31% by 2029 – much faster than the average for all occupations.
4. Vulnerability Assessment Analyst
A vulnerability assessment analyst researches, identifies, and exploits vulnerabilities on solutions, technologies, and networks. In order to take a deeper dive into what vulnerabilities can tell them about an organization, vulnerability assessment analysts help to identify and prioritize the list of vulnerabilities.
That’s why vulnerability assessment analysts are responsible for the following:
- Performing penetration testing and vulnerability assessments
- Developing configuration reviews for systems and networks
- Preparing audit reports and providing remediation strategies
- Evaluating, interpreting, and integrating various sources of information
- Compiling and monitoring vulnerabilities over time
CompTIA PenTest+ can not only train you to think and act like an analyst, but earning this certification shows employers you can evaluate and rank vulnerabilities to identify a potential threat.
For example, in the “Information Gathering and Vulnerability Identification” domain of the CompTIA PenTest+ exam objectives, students must understand how to analyze vulnerability scan results (2.3). This includes adjudication, which is an important factor that influences how you prioritize your exploitation efforts to maximize the efficiency of the test.
The compensation and job outlook for this position is very similar to that of a vulnerability tester – given the parallels in responsibilities. Vulnerability assessment analysts earn an average annual wage of $104,000, according to Cyberseek.
5. Network Security Operations
A network security operations professional ensures the organization’s infrastructure is secure through fixing software and network hardware issues. They design new approaches and solutions to implement and support network security issues.
Typical responsibilities include the following:
- Conducting security reviews, risk analysis, and vulnerability scanning and pen testing
- Assessing and testing new technologies to determine security improvements
- Implementing organizational security policies
- Implementing and configuring firewalls
CompTIA PenTest+ can assist you in excelling as a network security operations professional by developing your hands-on knowledge and ability to manage and support your organization’s network security controls.
For example, in the Penetration Testing Tools domain of the CompTIA PenTest+ exam objectives, students must compare and contrast various use cases of tools (4.2).
One example of this is within enumeration, which is a common step in active reconnaissance and involves using various techniques to query a device for information about its configuration. This is a crucial step to penetration testing because the outcome can be used to penetrate further into the network.
Working as a network security operations professional means working with a team of communicators, designers and fixers. Strong written and communication skills are a must and will be highly valued. According to the U.S. Bureau of Labor Statistics, network security operations pros can earn a median annual wage of $99,730.
The benefits of pen testing are vast, as a pen tester can help to determine an organization’s cyber-defense capabilities and identify security holes before a bad actor can take advantage. Pen testing involves social engineering and the testing of physical controls and technical weaknesses. CompTIA PenTest+ addresses the need to support effective risk management to protect an organization’s reputation and ensure compliance with applicable regulations.
Looking to get ahead? Download the CompTIA PenTest+ exam objectives and plot your pathway to cybersecurity success.