Skip to main content

CompTIA PenTest+ is Now DoD Approved: Why It Matters

FederalCyberPenTest+
January 3, 2025

As cybercrime continues to grow, more organizations must address unforeseen security risks in their networks and systems while designing a more cyber-resilient posture, which is imperative and a matter of national security.

To help combat these threats, attacks, and vulnerabilities, the U.S. Department of Defense (DoD) requires its personnel and contractors to validate their hands-on penetration testing and vulnerability management skills with approved cybersecurity certifications to bolster the resiliency of its networks against attacks.

CompTIA PenTest+ was recently approved for the DoD 8570.01 Manual Information Assurance Workforce Improvement Program. That means military personnel and defense contractors who work with sensitive information can take CompTIA PenTest+ to satisfy specific job requirements. This approval is a boon for penetration testing and vulnerability management – and the CompTIA PenTest+ certification – because the DoD now formally recognizes the importance of these skills in job roles.

The DoD approved CompTIA PenTest+ for three (3) 8570.01-M job categories:  

  1. Cybersecurity service provider (CSSP) analyst
  2. CSSP incident responder
  3. CSSP auditor

Learn more on the DoD Cyber Exchange public website.

 

How will this affect DoD 8140 and NICE work roles?

We know that DoD 8140 will map work roles to the NICE Framework. We expect NICE work roles to be linked to specific job positions and hiring decisions.

CompTIA PenTest+ maps to more than seven NICE work roles with over 70% correlation, which could make it well positioned for the 8140 manual: 

  • 211 Forensics Analysis
  • 212 Cyber Defense Forensics Analyst
  • 511 Cyber Defense Analyst
  • 521 Cyber Defense Infrastructure Support Specialist
  • 531 Cyber Defense Incident Responder
  • 541 Vulnerability Assessment Analyst
  • 612 Security Controls Assessor

CompTIA PenTest+ also maps between 60-70% for Cyber Crime Investigators and almost 60% for R&D Specialists and Information Systems Security Managers.

 

Job titles related to CompTIA PenTest+

CompTIA PenTest+ is unique because the certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments, such as the cloud and mobile, in addition to traditional desktops and servers. This validation proves valuable when going after jobs that determine network resiliency against cyberattacks.

These jobs include the following:

  • Penetration tester
  • Vulnerability tester
  • Security analyst (II)
  • Vulnerability assessment analyst
  • Network security operations
  • Application security vulnerability

If you hold one of these jobs – or want to get one – CompTIA PenTest+ ensures you have the skills needed to succeed. Download the exam objectives for free to get started.

What Benefits Does CompTIA PenTest+ Provide to the DoD?

The inclusion of CompTIA PenTest+ in Directive 8570.01-M ensures that U.S. military personnel and defense contractors have the latest cybersecurity skills needed to test systems (i.e., legally hack them), identify, manage, and document the vulnerabilities they find, and help determine mitigation.

Most importantly, CompTIA PenTest+ brings hands-on, performance-based assessments into the DoD 8570 program for penetration testing and vulnerability management skills at the three to four-year intermediate level for the first time.

No other certifications in the DoD 8570 program use hands-on, performance-based testing at this skill level. It demonstrates the DoD’s need to assess the knowledge and hands-on skills required to perform common and unique work role tasks.

For example, CompTIA PenTest+ requires candidates to test devices in new environments, such as the cloud and mobile, in addition to traditional desktops and servers. It also includes management skills used to plan, scope, and manage weaknesses, not just exploit them.

The certification validates that successful candidates have the knowledge and skills required to do the following:

  • Plan and scope an assessment.
  • Understand legal and compliance requirements.
  • Perform vulnerability scanning and penetration testing using appropriate tools and techniques.
  • Analyze the results.

CompTIA PenTest+ also covers the following communication skills:

  • Produce a written report containing proposed remediation techniques.
  • Effectively communicate results to management.
  • Provide practical recommendations.

These skills are assessed through five domains in the CompTIA PenTest+ (PT0-001) exam objectives, which you can download for free:

  1. Planning and scoping (15%)
  2. Information gathering and vulnerability identification (22%)
  3. Attacks and exploits (30%)
  4. Penetration testing tools (17%)
  5. Reporting and communication (16%)

How to get CompTIA PenTest+ certified

The first step to getting your CompTIA PenTest+ certification is buying an exam voucher and registering for the exam. We recommend doing this before you begin studying because having an exam date on the calendar keeps you accountable and will help you develop a preparation timeline. You can save money or even finance your IT certification in several ways.

 

How to train for CompTIA PenTest+

Once you have an exam date on the calendar, it’s time to get to work. There are several ways to prepare for the CompTIA PenTest+ exam. CompTIA offers a full suite of training solutions. It’s up to you to choose what best fits your learning style and timeline:

  • eLearning with CertMaster Learn: Interactive and self-paced, CertMaster Learn for CompTIA PenTest+ includes a customizable learning plan and performance-based questions that take you on a path of consistent learning toward your certification exam.
  • Interactive Labs with CompTIA Labs: Reinforce the practical aspects of the CompTIA PenTest+ exam objectives on real equipment and software in a virtual environment.
  • Exam Prep with CertMaster Practice: This adaptive online companion tool assesses your knowledge and exam readiness by confirming your strong areas and filling knowledge gaps in weaker areas.

How to take your CompTIA PenTest+ exam

CompTIA now offers two ways to earn an IT certification: online testing or in-person testing.

Online testing allows you to take the CompTIA exam from your home or any quiet, distraction-free, secure location at a time that’s convenient for you. Online testing is available 24/7, giving you a broader scheduling window than in-person training.

In-person testing is the traditional exam experience with which you might be familiar. You go to a Pearson VUE testing center and use their equipment under the supervision of a proctor in the same room. You can find a Person VUE testing center near you.

Where does CompTIA PenTest+ fit on the CompTIA cybersecurity career pathway?

blog_comptia-pentest-dod-approval_1.png

CompTIA PenTest+ is one of CompTIA’s intermediate-level cybersecurity certifications. Along with CompTIA Cybersecurity Analyst (CySA+), CompTIA PenTest+ is intended to follow CompTIA Security+.

CompTIA PenTest+ is considered a red team or offensive cybersecurity certification, whereas CompTIA CySA+ is a blue team or defensive cybersecurity certification.

Both certifications represent skills at the three to four year level of an IT pro’s career and can be taken in either order. The most advanced CompTIA cybersecurity certification is CompTIA SecurityX (formerly CASP+) that represents the 5+ year level.

The addition of CompTIA PenTest+ to DoD 8570.01-M fills a critical skills gap for penetration testing and vulnerability analysis skills. CompTIA has worked closely with the DoD, industry experts, and IT pros in the field to ensure the objectives of CompTIA PenTest+ meet the needs of today’s cybersecurity professionals and their employers.

Ready to get started? Download the exam objectives for CompTIA PenTest+ for free.