The “PECB Certified Lead Pen Test Professional” credential is a professional certification for professionals needing to develop the necessary expertise to lead a professional penetration test using a mix of practical technical techniques and management skills.
Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to lead or take part in a penetration test. It covers the latest technical knowledge, tools and techniques in key areas including Infrastructure, Web Application and Mobile security as well as Social Engineering. In addition, the course focuses on how to practically apply what has been learned on current day-to-day penetration testing and does not expand on unrelated, dated or unnecessary theoretical concepts.
Various professions may apply for this certification:
Security professionals wanting to gain formal penetration testing skills
IT staff looking to enhance their technical skills and knowledge
Auditors looking to understand the penetration testing processes
IT and Risk Managers seeking a more detailed understanding of the appropriate and beneficial use of penetration tests
Incident handlers and Business Continuity professionals looking to use testing as part of their testing regimes
|Credential||Exam||Professional experience||PTMS project experience||Other requirements|
|Provisional Pen Test Professional||PECB Certified Lead Penetration Tester Exam or equivalent||NONE||NONE||Signing PECB Code of Ethics|
|Pen Test Professional||PECB Certified Penetration Tester Exam or equivalent||Two years: One year of related work experience||Project activities totaling 200 hours||Signing the PECB code of ethics|
|Lead Pen Test Professional||PECB Certified Lead Penetration Tester Exam or equivalent||Five years: Two years of related work experience||Project activities totaling 300 hours||Signing the PECB code of ethics|
For certification purposes, the following pen testing activities constitute valid experience:
- Internal implementation and/or management of Penetration Tests
- External/consulting implementation and/or management of security programs for SCADA systems
- Partial implementation and/or management of Penetration Tests
To be considered valid, the Pen Test assessment activities should follow best implementation practices and include significant part of the following activities:
- Understanding an organization and its context
- Defining a Pen Test approach
- Selecting of a Pen Test methodology
- Defining Pen Test criteria
- Identification of assets, threats, existing controls, vulnerabilities and consequences (impacts)
- Assessing of consequences
- Determining the level of security programs in SCADA systems
- Evaluating Pen Test scenarios
- Evaluating Pen Test treatment options
- Selecting and implementing controls
- Performing a Pen Test review
Professional references must be from individuals who have professionally worked with you and can validate your Pen Test management expertise, current and previous work history, as well as your job performance. You cannot use anyone as a reference who falls under your supervision or is a relative. At least three professional references are required (candidates can input up to a maximum of five references).
Complete information is required: including job title, begin dates, end dates, responsibilities and more. Summarize each assignment, providing sufficient detail to describe the nature of the responsibilities that you had. This information can be detailed in your resume.
Denial and Revocation of Certification
Certification will be denied or revoked for any of the following reasons:
- Falsification of application
- Violation of testing procedures
- Failure to pass the examination
Denials or revocations of certification may be appealed to the Certification Board in writing.
Annual Renewal Certification Fee
To maintain your credentials active, there is an annual renewal fee for each calendar year. Registrants who pay their annual renewal fee will appear online in the PECB Directory of Certified Professional.
Maintain your Certification (Recertification)
The PECB designations are valid for three years. To maintain your certification, you must have accumulated the necessary 90 Continuing Professional Development credits (CPD) by the end of that three-year period and pay the recertification fee. CPD hours need to be inputted in your online PECB profile. PECB certified professionals who fail to provide the required CPD hours will have their PECB credentials revoked and will no longer be allowed to present themselves as certified PECB professionals.
Informations and registration:
Alexandra Niculae, Training Director ENVISO