Cybersecurity Professional Penetration Tester
🌍

Cybersecurity Professional Penetration Tester

image

Program Overview

  1. Vocational Cybersecurity Career Pathway Program
  2. Focused on job skills in two NICE Cybersecurity Workforce Framework (NCWF) areas:
    1. OPERATE & MAINTAIN: Provides the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.
    2. PROTECT & DEFEND: Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.
  3. Program Level: Beginner to Intermediate Level

Program Length: 400 hours

Certifications: Four vouchers are made available for learners towards certifications listed below.

  1. CompTIA Server+
  2. CompTIA Linux+
  3. CompTIA Cloud+
  4. CompTIA Network+
  5. CompTIA Security+
  6. CompTIA Pentest+

Target Audience:

  1. Recent graduates and transitioning career professionals seeking to enter the field of Cybersecurity
  2. IT professionals seeking to earn than certify in CompTIA credentials through hands-on Network simulations and Pentest scenarios

Job roles aligned to pathways:

image

PROGRAM DETAIL

Virtualization and Cloud (120 hours)

  • CompTIA Server+ (40 hours): Essential hardware and software technologies of on-premise and hybrid server environments including high availability, cloud computing and scripting
  • CompTIA Linux+ (40 hours): Configuring, monitoring, and supporting servers running the Linux operating system with a focus on security, storage & virtualization, git & automation, networking & firewalls, server side & command line, server coverage and, troubleshooting.
  • CompTIA Cloud+ (40 hours): Infrastructure option for individuals who need to certify in Identity and Access Management (IAM) Level I, CSSP Analyst and CSSP Infrastructure Support roles.

Wired and Wireless Networking (120 hours)

  • CompTIA Network+ (80 hours): Design and implement functional networks; Configure, manage, and maintain essential network devices; Use devices such as switches and routers to segment network traffic and create resilient networks; Identify benefits and drawbacks of existing network configurations; Implement network security, standards, and protocols; Troubleshoot network problems, Support the creation of virtualized networks
  • Networking Tools & Technologies (40 hours)

Security and Pentesting (160 hours)

  • CompTIA Security+ (80 hours): core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls
  • CompTIA Pentest+ (40 hours): Explain the importance of planning and key aspects of compliance-based assessments, Gather information to prepare for exploitation then perform a vulnerability scan and analyze results, Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques, Conduct information gathering exercises with various tools and analyze output and basic scripts (limited to: Bash, Python, Ruby, PowerShell), Utilize report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities
  • Pentesting Scenarios (40 hours): Complete challenges on https://root-me.org. Optionally, learners seek Professional Hacker Divergence Challenged (PHDC) evaluation - see below.

PROFESSIONAL HACKER DIVERGENCE CHALLENGED (OPTIONAL)

The purpose of this evaluation is to validate a candidate’s technical and creative ability to manipulate networks and systems into behaving unexpectedly; namely, to demonstrate the full compromise of a diverse set of targets via various attack vectors, as well as, to report and provide viable remediation recommendations.

image

image

Exam Structure

The PHDC consists of a 24-hour hands- on exam to gain elevated access to all targets within the scope and an ac- companying professional penetration testing report:

  • Candidates are provided target IP addresses, detailed instructions, and a vector to connect to the LAN
  • The exam is proctored through MS Teams via desktop sharing
  • Candidates have an additional 24 hours to submit a detailed written
  • Explicit pass/fail criteria will be provided at the start of the

Exam pre-requisites

Candidates must complete the Cybersecurity Professional Penetration Tester immersive program which provides the following:

  • Foundational understanding of computer networking concepts, tools, and technologies
  • Familiarity with Linux and Windows operating systems, command lines, and basic scripting
  • Familiarity with risks to the confidentiality, integrity, and availability of information systems Note, candidates must also possess minimum hardware requirements to run pentesting tools.

Testing Competencies

Passing the PHDC proves the candidate is able to substantively contribute to a pentest/red team, as well as, in a SOC or blue team with the following competencies:

  • Network protocol analysis
  • Active reconnaissance and vulnerability scanning
  • Web application auditing
  • x86 compiled application exploitation
  • Windows and Linux privilege escalation techniques
  • Technical risk assessment and management
  • Professional report writing