Lead Pen Test Professional Certification

The “PECB Certified Lead Pen Test Professional” credential is a professional certification for professionals needing to develop the necessary expertise to lead a professional penetration test using a mix of practical technical techniques and management skills.

Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to lead or take part in a penetration test. It covers the latest technical knowledge, tools and techniques in key areas including Infrastructure, Web Application and Mobile security as well as Social Engineering. In addition, the course focuses on how to practically apply what has been learned on current day-to-day penetration testing and does not expand on unrelated, dated or unnecessary theoretical concepts.

Various professions may apply for this certification:

  • Security professionals wanting to gain formal penetration testing skills
  • IT staff looking to enhance their technical skills and knowledge
  • Auditors looking to understand the penetration testing processes
  • IT and Risk Managers seeking a more detailed understanding of the appropriate and beneficial use of penetration tests
  • Incident handlers and Business Continuity professionals looking to use testing as part of their testing regimes
Credential Exam Professional experience PTMS project experience Other requirements
Provisional Pen Test Professional PECB Certified Lead Penetration Tester Exam or equivalent NONE NONE Signing PECB Code of Ethics
Pen Test Professional PECB Certified Penetration Tester Exam or equivalent Two years: One year of related work experience Project activities totaling 200 hours Signing the PECB code of ethics
Lead Pen Test Professional PECB Certified Lead Penetration Tester Exam or equivalent Five years: Two years of related work experience Project activities totaling 300 hours Signing the PECB code of ethics

For certification purposes, the following pen testing activities constitute valid experience:

  1. Internal implementation and/or management of Penetration Tests
  2. External/consulting implementation and/or management of security programs for SCADA systems
  3. Partial implementation and/or management of Penetration Tests

To be considered valid, the Pen Test assessment activities should follow best implementation practices and include significant part of the following activities:

  1. Understanding an organization and its context
  2. Defining a Pen Test approach
  3. Selecting of a Pen Test methodology
  4. Defining Pen Test criteria
  5. Identification of assets, threats, existing controls, vulnerabilities and consequences (impacts)
  6. Assessing of consequences
  7. Determining the level of security programs in SCADA systems
  8. Evaluating Pen Test scenarios
  9. Evaluating Pen Test treatment options
  10. Selecting and implementing controls
  11. Performing a Pen Test review

Professional references

Professional references must be from individuals who have professionally worked with you and can validate your Pen Test management expertise, current and previous work history, as well as your job performance. You cannot use anyone as a reference who falls under your supervision or is a relative. At least three professional references are required (candidates can input up to a maximum of five references).

Professional experience

Complete information is required: including job title, begin dates, end dates, responsibilities and more. Summarize each assignment, providing sufficient detail to describe the nature of the responsibilities that you had. This information can be detailed in your resume.

Denial and Revocation of Certification

Certification will be denied or revoked for any of the following reasons:

  • Falsification of application
  • Violation of testing procedures
  • Misrepresentation
  • Failure to pass the examination

Denials or revocations of certification may be appealed to the Certification Board in writing.

Annual Renewal Certification Fee

To maintain your credentials active, there is an annual renewal fee for each calendar year. Registrants who pay their annual renewal fee will appear online in the PECB Directory of Certified Professional.

Maintain your Certification (Recertification)

The PECB designations are valid for three years. To maintain your certification, you must have accumulated the necessary 90 Continuing Professional Development credits (CPD) by the end of that three-year period and pay the recertification fee. CPD hours need to be inputted in your online PECB profile. PECB certified professionals who fail to provide the required CPD hours will have their PECB credentials revoked and will no longer be allowed to present themselves as certified PECB professionals.


Informations and registration:

Poza-site-ANAlexandra Niculae, Training Director ENVISO