The EC-Council CEH (Certified Ethical Hacker) and PenTest+ certification both serve to showcase the ethical hacking and penetration testing skills of a cybersecurity professional but choosing between one certification or the other can be tough. Since both of these certification cover penetrations testing it is important to know the differences between them. At the end of this article, you will have a good understanding of what makes each certification different and which certification is right for you.
What Makes CEH and PenTest+ so Popular?
Anyone who is interested in joining the penetration testing industry is aware of both of these certifications because they are internationally recognized by organizations, and they cover modern penetration testing strategies. The CEH is on the DoD 8570 mandate which means it is required for certain job roles while working with the US Government; however, PenTest+ is most likely going to be added to the mandate sooner than later. Penetration testing is a very popular job category in the cybersecurity industry because it uses the process of ethical hacking to find, exploit, and report vulnerabilities within a network. Currently, the annual average salary of a penetration tester is $84,000. Getting a certification in penetration testing can not only increase recognition in an organization and be used as leverage for promotions, but it can also benefit security consultants who wish to increase their earning potential by becoming certified.
Both of these certifications are also ANSI accredited and are globally recognized as vendor-neutral. They both have very solid recertification pathways and are designed by highly skilled subject matter experts in penetration testing and ethical hacking.
Let’s break down each certification by exam objectives and domains, so we can see exactly what each certification covers.
The latest PenTest+ exam code is PTO-001 and the exam objectives are:
- Planning and Scoping 15%
- Information Gathering and Vulnerability Identification 22%
- Attacks and Exploits 30%
- Penetration Testing Tools 17%
- Reporting and Communication 16%
The latest CEH exam code is CEH V10 and the exam domains are:
- Background 79%
- Analysis/ Assessment 73%
- Security 73%
- Tools, Systems, and Programs 91%
- Processes and Methodology 77%
- Regulation and Policy 77%
- Ethics 17%
Here we can see some similarities and differences in just the exam content. The heaviest weighted domain in the CEH exam is the “tools, systems, and programs” that are used while ethical hacking. The heaviest domain in the PenTest+ exam is “attacks and exploits” which is essential knowledge for penetration testers while stress-testing a network. The CEH exam forces candidates to truly think like hackers and use a wide array of tools to successfully showcase penetration testing skills that go beyond just exploiting vulnerabilities. The goal of CEH is to have students beat hackers by thinking like hackers, and this message carries throughout the entire exam. The PenTest+ certification aims to showcase true penetration testing abilities by examining candidates on various IT environments such as mobile, cloud, desktops, and servers. PenTest+ also covers the full process of penetration testing by covering the planning, scoping, assessing, exploiting, and reporting on vulnerabilities.
Which Certification is Right for Me?
Before deciding which certification, you truly wish to pursue it is important to understand where you currently stand and what you wish to achieve. If you are looking for a broad view of ethical hacking and something that is geared towards entry-level candidates, CEH may be the right certification for you. PenTest+ is an intermediate level certification and covers more technical skills and soft skills such as business practices and management procedures. The CEH certification showcases to employers and to the world that candidates have the foundational knowledge needed for penetration testing, and the PenTest+ certification showcases to employers that candidates have advanced knowledge in penetration testing and working within multiple IT environments.
SecureNinja is an award-winning training and certification school, and SecureNinja has a proven track record of assisting Fortune 100, Government, and Military organizations. For more information on how SecureNinja can benefit you or your organization fill out the form to the right of this post or call 703 – 535 – 8600 today!