Latest activity

Threads

Latest activity

 Posts Questions Social Forum list

Am I overthinking the new Pentest+ 003?

S
BrianFord said:
Sean,
I don't believe you're overthinking this. I'm writing this as I participate in the Pentest-3 TTT. I took away from the first TTT session that being able to write scripts and scripting is required. Nick Peirce, who's presenting the TT, said as much but, more importantly, demonstrated it in both sessions. If you follow the TTT presentation over the Perform lab environment students will need to be able to use critical thinking to analyze and present results.
I don't currently hold Pentest+, but after reviewing the objectives and given what I've seen in the TTT so far, I will probably pursue this. It's very different from the previous version of the certification in a very good way.
Brian
Click to expand...
Thanks, Brian. I agree that I see value in the cert. I like the changes. I'll have to wait and see how the TTT and material actually get us to the learning outcomes. You know what they say: doctors make the worst patients .... and teachers the worst students ;-)
Click to expand...

Am I overthinking the new Pentest+ 003?

BrianFord
Sean,
I don't believe you're overthinking this. I'm writing this as I participate in the Pentest-3 TTT. I took away from the first TTT session that being able to write scripts and scripting is required. Nick Peirce, who's presenting the TT, said as much but, more importantly, demonstrated it in both sessions. If you follow the TTT presentation over the Perform lab environment students will need to be able to use critical thinking to analyze and present results.
I don't currently hold Pentest+, but after reviewing the objectives and given what I've seen in the TTT so far, I will probably pursue this. It's very different from the previous version of the certification in a very good way.
Brian
Click to expand...
  • Love
Reactions: precious

Printed courseware is gone, but what about the PDFs?

jasoneckert
Tess Sluijter said:
Heck, here in the Netherlands @jasoneckert 's book is incredibly expensive (probably because Cengage doesn't target the EU)... but I was willing to pay for that book! Browsing through that book, compared to the CompTIA Linux+ book, made me go "this is quality!".

Click to expand...
Obviously, I had to like this post! :)

I wholeheartedly agree with everything mentioned in this thread - we choose courseware/textbooks at our college based on content and value.

As a result, most of the courses that have an associated CompTIA certification attached to them use materials from Wiley/Sybex because they are very good (topics are introduced in a logical prerequisite order), inexpensive, and students find them easy to read and understand because the authors wrote them specifically for that audience.

We do use one McGraw Hill book (for CASP+, now SecurityX) because it's excellent, but I find that other titles from them are also great (e.g., the Mike Myers A+ book).

Cengage is the Apple of the publishing world (very expensive but worth it) - we use them for cornerstone courses that teach foundational practical skills such as Linux Administration (Linux+) and Windows Server 2022 (ironically I'm the author of both of these), but I can tell you that the other titles are equally excellent (e.g., Jill's books on Network+ and Cloud+).

My two cents...
Click to expand...
  • Like
Reactions: Eddy Harden

Am I overthinking the new Pentest+ 003?

S
In the past, I've found that the certification exams do a pretty good job of meeting the outcomes stated at the top of the exam guide regardless of the material that is presented for the different learning objectives...ie that there is often a difference of interpretations between what gets trained and how it gets tested.

This particular exam and the course material seems to leave a lot of whitespace within the words used to define the outcomes and objectives, and the scope of the objectives (given the number of sub-topics), that a test developer can fill in ... (outcomes and a couple of objectives noted at the bottom of the post)

For example, in Pentest+ 003 what is the definition of phases, ttp's, and laws referenced in the outcomes?
a) phases that the outcomes refer to (note the domains and objectives don't follow any published pentest methodology and seem to conflate phases with tactics in mitre attack)
b) which list of tactics, techniques and procedures are we aligning the attacks, tools and phases with...(note Mitre attack is the only ttp listed but it is not used consistently in the objectives)
c) what laws and compliance/control frameworks should we be aligning the attacks with (note, I don't really see this level of detail reflected in the course material...the objectives just say security and privacy laws in 1.1 and the frameworks in objective 1.3 don't identify any control frameworks beyond the owasp masvs)

...and given the outcomes, 80+ tools and 100+ "attacks", and just 2 of the objectives (noted below), I'm led to believe that the students will need to:
1. Associate each tool with all of the relevant phases, tactics and techniques...note I don't know what the authoritative list/lists of these are
2. Be able to script the commands and switch options for every tool ... and associate those with specific attacks
3. Know the appropriate mitigations for each attack and probable root causes for each control's failure
4. Be able to identify an attack with the control or law you intend to test

so, am I overthinking what my students will need to be capable of or where the test writers may take the exam?

---------exam outcomes and objectives -----------

The exam guide identifies 4 outcomes for Pentest+ 003:
• Plan, scope, and perform information gathering as part of a penetration test.
Perform attacks that are aligned to and fulfill legal and compliance requirements.
• Perform each phase of a penetration test using and modifying appropriate tools and use the appropriate tactics, techniques, and procedures.
Analyze the results of each phase of a penetration test to develop a written report, effectively communicate findings to stakeholders and provide practical recommendations.

That said, the 26 objectives (including 15 apply and 3 analyze level of learning) list over 80 pentest tools/platforms/technologies and over 100 attacks/tactics/techniques. Including these two doozies
- Given a scenario, use scripting to automate attacks.
- Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
Click to expand...
  • Like
Reactions: BrianFord, precious and Eddy Harden

Printed courseware is gone, but what about the PDFs?

Tess Sluijter
Heck, here in the Netherlands @jasoneckert 's book is incredibly expensive (probably because Cengage doesn't target the EU)... but I was willing to pay for that book! Browsing through that book, compared to the CompTIA Linux+ book, made me go "this is quality!".

Click to expand...
  • Like
Reactions: Eddy Harden and jasoneckert

Post Quality and CIN (long-read - get some coffee)

B
As with life, you take the good with the bad. The 'where's my voucher' post along with the TTT updates are the bad and the good. In my opinion, if i have to filter through some of the 'noise' to get to the goal, then it's a cost of being a member of this great group. Some will use this as their own echo chamber. Others use this to meet fellow CINers, seek advice and comments, and sometimes make non sequitur posts.
I agree wholeheartedly with an earlier comment from @Greg Childers that is apropos for the current and (fingers-crossed) continuance of this platform. "Raise the level of discourse. Don't lower it".
Click to expand...
  • Like
Reactions: Eddy Harden

Printed courseware is gone, but what about the PDFs?

Gregory Childers
Tess Sluijter said:
To be honest, even when I started with CompTIA five years back I already thought their training materials were over-priced and offered too low ROI, when compared to other offerings. If the new org starts dropping quality even further, you're right: ain't nobody picking the "official" options anymore.

Heck, many students already refer to the Sybex books as "the official study guide".

Mind you: I was very surprised to hear that McGraw-Hill has actually pulled out of creating content for IT exams, or in the very least CompTIA materials. What a loss! I wonder what played into that!
Click to expand...
I have long agreed that CompTIA courseware is priced well beyond the rest of the market. Their books and PDFs were over $100 USD, while the average comparable exam prep book can be found online for $40-$60 USD. The labs are useful for providing hands-on experiences to illustrate the technical concepts, but they were unnecessary for passing the exams. The practice quizzes and assessments were no better than other low-cost or free options. The ROI is just not there.

It's not just CompTIA. ISACA publishes expensive "official" courseware while there are many cost-effective solutions available online.

Self-paced e-learning seems to be the overall trend. E-courseware, online labs, practice exams, and generative AI. Content providers are moving away from classroom instruction. There are fewer opportunites for live or virtual trainers. I'm disheartened by this trend because students are given fewer options for human-based training. They can't ask questions from experienced professionals. Our roles are being reduced to a ChatGPT prompt. I find myself doing more instructional design and content development than actual training these days. I'm already exploring possible future career paths outside of training and education.

I hope that the new CompTIA makes positive changes. All we can do now is wait and see.
Click to expand...
  • Like
Reactions: Eddy Harden, Tess Sluijter and Hank Cox

Post Quality and CIN (long-read - get some coffee)

Tess Sluijter
It makes me question if those individuals are truly instructors for a partner or if that partner is active with their Business Development Manager.
Click to expand...

Agreed. I know that when I first weaseled my way into CIN, I most definitely was not a partnered trainer. Now I am, but back then I wasn't.

Then again, I actually wasn't here for the TTT or vouchers. I was here to talk to y'all. :)
Click to expand...
  • Like
Reactions: Brandon G and Rick Butler

Printed courseware is gone, but what about the PDFs?

Tess Sluijter
Gregory Childers said:
If CompTIA doesn't reverse the trend of lowering the bar and start raising the bar, competitors will start taking over the training space. CompTIA will still have the certifications, but students will go elsewhere for the training offerings.
Click to expand...
To be honest, even when I started with CompTIA five years back I already thought their training materials were over-priced and offered too low ROI, when compared to other offerings. If the new org starts dropping quality even further, you're right: ain't nobody picking the "official" options anymore.

Heck, many students already refer to the Sybex books as "the official study guide".

Mind you: I was very surprised to hear that McGraw-Hill has actually pulled out of creating content for IT exams, or in the very least CompTIA materials. What a loss! I wonder what played into that!
Click to expand...
  • Like
Reactions: Eddy Harden and Hank Cox

Printed courseware is gone, but what about the PDFs?

jasoneckert
As a Cengage author for Linux+, I know that most colleges purchase the printed copies of my titles instead of just using the eBooks (which are part of the Cengage MindTap platform). The printed version is costlier than the MindTap version, but better because readers benefit from the composition/layout features (i.e., it's easier to learn from). That being said, I think it's important to always have both options available.
Click to expand...
  • Like
Reactions: Tess Sluijter, Eddy Harden and Hank Cox

Post Quality and CIN (long-read - get some coffee)

Abby N Krane
Well said! I have to admit, I have stopped checking the CIN because of the posts over the last couple of months. I consistently see posts where answers can be found via Google. All of the "Where is my voucher" posts drive me bonkers because earning a voucher is not the main benefit of the TTT series. If you are involved with a CompTIA training partner receiving a voucher for any exam shouldn't be an issue for you. It makes me question if those individuals are truly instructors for a partner or if that partner is active with their Business Development Manager.

I love the CIN and I would hate to see it go away with the CompTIA restructuring because the powers that be don't consider it valuable. CompTIA is the only governing body that offers support like TTT for their instructors. I work for a commercial training provider and we provide training and certifications for over a dozen different certification governing bodies. CompTIA provides the best support hands down! It is a relief to know that the CIN exists to reach out to a body of active instructors.
Click to expand...
  • Like
Reactions: Brandon G, Rick Butler, Chukwunwike_Ndukaji and 5 others

Printed courseware is gone, but what about the PDFs?

Rick Butler
So, I spoke to a few folks in CompTIA during Summit about this. In fact, @Becky Mann even asked me directly as to what was the principal reason for keeping printed materials. I mentioned a lot of these things to her.

1) Offline access - As you stated *and* as someone pointed out on the TTT last night, without some kind of offline access to training materials, training within closed network environments like military facilities would be limited or not possible. Additionally, folks who are in low connectivity areas also would not have viable access to CM Perform.

But, as Gregory points out, it does open up opportunities (I would think) for book authors to continue to produce material. I'm quite certain that traditional publishers like Cengage, Pearson, Sybex, and others will be providing printed materials. It will be interesting to see if academic institutions go that route.

2) Profitability - As CompTIA has shifted to a for-profit model now, I suspect this will also drive those changes. The incorporation of LabSim really was the change catalyst for CertMaster. Personally, a way into my pocketbook would be adapting training material to mobile and making it more audibly accessible, as @jsgoodrich_wmu pointed out. I used to be able to use screen readers and PDFs, but that's gone now.

Maybe at the end of the day, the only folks who are complaining about the more traditional training material types are us older ones who've been in the field and started their careers out with that hard printed book from Barnes and Noble. I know that CompTIA has put a lot of time and money to try and build CertMaster, but I also wonder if they are painting themselves into a corner.
Click to expand...
  • Like
Reactions: Tess Sluijter, Hank Cox and Eddy Harden

PenTest+ PT0-003

precious
Melvin McDonald said:
I registered for the PenTest+ PTO-003 on 1/20/2025. I never received the email today with the link to the class.

This is from the page where I registered.

Select All
CIN TTT Series: PenTest+ PT0-003 - Session 1
Tuesday, January 21, 2025, 6:00 PM CST
CIN TTT Series: PenTest+ PT0-003 - Session 2
Thursday, January 23, 2025, 6:00 PM CST
CIN TTT Series: PenTest+ PT0-003 - Session 3
Tuesday, January 28, 2025, 6:00 PM CST
CIN TTT Series: PenTest+ PT0-003 - Session 4
Thursday, January 30, 2025, 6:00 PM CST
CIN TTT Series: PenTest+ PT0-003 - Session 5
Tuesday, February 04, 2025, 6:00 PM CST
CIN TTT Series: PenTest+ PT0-003 - Session 6
Thursday, February 06, 2025, 6:00 PM CST
CIN TTT Series: PenTest+ PT0-003 - Session 7
Tuesday, February 11, 2025, 6:00 PM CST
CIN TTT Series: PenTest+ PT0-003 - Session 8
Thursday, February 13, 2025, 6:00 PM CST
Click to expand...
Either re-register or check in junk folder

Sign Up
Click to expand...
Load more

Filter

Top Bottom
Back
Home
Media
Resources
Menu