If you are looking for a career in penetration testing, you're likely to find that job listings expect you to have certain industry qualifications in order to demonstrate your skills. In fact, many recruiters may not even consider an application unless you have at least one relevant certification.
But with penetration testing a growing and highly specialised part of cyber security, this means there are a wide range of options available for those looking to expand their skill set and make themselves more attractive to employers. Therefore, identifying the most relevant options for training can be a challenge.
With this in mind, here are five certifications that should be on the shortlist of every budding penetration tester. You won't need all of them at the same time by any means, but knowing what levels of experience they are aimed at and what their unique focuses are can help you carefully plan out your next career steps and choose the one most relevant to your current situation.
Certified Ethical Hacker
The EC-Council's Certified Ethical Hacker (CEH) certification is one of the most widely-recognised options. As a vendor-agnostic, entry to intermediate-level qualification, candidates are expected to have at least two years experience in a relevant role. This is a more wide-ranging course than some other options, and gives you a good grounding for all the essential skills you'll need to break into a business' systems as well as a wider understanding of the concept of ethical hacking.
In addition to penetration testing jobs, it can also set you up well for careers in fields such as security analyst, security administrator or network engineer, making it a good all-round certification.
For a more focused certification, CompTIA's PenTest+ is another intermediate-level course that covers all aspects of penetration testing and vulnerability management. It's often compared to CEH, but provides a stricter focus on the role of pen tester.
This qualification will teach you everything you need to know for every stage of this activity from planning and scoping out a system to key exploitation techniques and writing a comprehensive final report. To take this exam, you'll need an entry-level certification such as CompTIA Security+ and three to four years of information security experience.
Offensive Security Certified Professional
The Offensive Security Certified Professional (OSCP) certification is another highly-coveted qualification that offers hands-on training in what it takes to be a penetration tester. To pass, you'll need to gain control over multiple targets across different networks in the space of 24 hours and write a comprehensive report, making it one of the most challenging certifications on the market.
This means you'll need a lot of knowledge and experience, but it does prove to recruiters that you are among the best in your field at offensive security.
Licensed Penetration Tester
Another EC-Council certification, the Licensed Penetration Tester (LPT) qualification is a more advanced option than CEH and its purpose, according to the organisation, is to "differentiate the experts from the novices in penetration testing".
Like OSCP, it consists of a single, 24-hour exam, and you'll need to score 70 per cent to earn the Certified Penetration Testing Professional level. However, those who score above 90 per cent earn the even-more coveted LPT (Master) qualification, which showcases the highest level of skills and is aimed at those looking for senior penetration tester jobs.
Find out more about penetration tester jobs and browse our current openings to find your next position today. Or, upload your CV and let recruiters find you.