Feedback for PenTest+ and Security+ Learning Content

Stephen Schneiter

Administrator
Staff member
  • Nov 26, 2018
    707
    6
    2,685
    95,121
    Knoxville, TN
    CompTIA is excited to kick off refreshes to learning content for PenTest+ and SecurityX (formerly CASP+) in the new year and would be very interested in hearing any feedback you have on these certifications, the associated learning products and your experiences with them in the classroom.

    If you have recently taught PenTest+ please provide feedback here.

    If you have recently taught CASP+ please provide feedback here.

    Thank you and we look forward to hearing from you!!
     
    As a PenTest+ holder, I see little activity from those training PenTest+ or pursuing training opportunities of PenTest+. Seems PenTest+ gets upstaged by Security+. Can CompTIA put some marketing muscle behind the PenTest+ certification and training opportunities?
    Security+ has been around for 20 years. PenTest+ has been around for 5. It's not a fair comparison.
     
    • Like
    Reactions: jlyon
    I am only a part-time contract instructor but work in network infrastructure full-time. The company I regularly teach for does not conduct the CompTIA certification boot camps but focuses on employee development. They also tailor each technical course to the customer's requirements, which usually includes getting a CompTIA certification. Early this year, I developed a curriculum based on Security+ for one of their customers. The course was for their full-time IT employees, spanned four months, used the CompTIA Security+ book, and required them to take the certification exam at the end. Because the course was four months, it was in-depth and covered security knowledge, skills, and tools. I covered virtualization and taught them Oracle VirtualBox, including installing it on Windows and Linux, using the various network settings to create a secure environment, and installing the guest additions. After that, they installed and configured a Windows 2019 Server VM, Ubuntu VM, Kali VM, and Windows 10 VM. This also allowed them to learn all the network configurations in Oracle VirtualBox. After the VMs were set up, they installed a pfSense firewall VM, Suricata on the Ubuntu VM, and Snort on a VM of their choice. Then, they built a network with the Windows 2019 servers providing DHCP and DNS and serving as the Domain controller. The pfSense firewall VM was also configured as the network gateway. They also installed and learned NMAP, netdiscover, OWASP ZAP, Wireshark, OS vulnerability scanning, port scanning, OS hardening techniques, OpenVAS, SET, Clam AV, smishing tools, and several others. In addition, the course had various labs, including using the OSINT Framework and SET to build a phishing attack, TOR browsers to navigate the dark web, how to navigate the MITRE Framework, using the Exploit database, and using John the Ripper.
     
    I am only a part-time contract instructor but work in network infrastructure full-time. The company I regularly teach for does not conduct the CompTIA certification boot camps but focuses on employee development. They also tailor each technical course to the customer's requirements, which usually includes getting a CompTIA certification. Early this year, I developed a curriculum based on Security+ for one of their customers. The course was for their full-time IT employees, spanned four months, used the CompTIA Security+ book, and required them to take the certification exam at the end. Because the course was four months, it was in-depth and covered security knowledge, skills, and tools. I covered virtualization and taught them Oracle VirtualBox, including installing it on Windows and Linux, using the various network settings to create a secure environment, and installing the guest additions. After that, they installed and configured a Windows 2019 Server VM, Ubuntu VM, Kali VM, and Windows 10 VM. This also allowed them to learn all the network configurations in Oracle VirtualBox. After the VMs were set up, they installed a pfSense firewall VM, Suricata on the Ubuntu VM, and Snort on a VM of their choice. Then, they built a network with the Windows 2019 servers providing DHCP and DNS and serving as the Domain controller. The pfSense firewall VM was also configured as the network gateway. They also installed and learned NMAP, netdiscover, OWASP ZAP, Wireshark, OS vulnerability scanning, port scanning, OS hardening techniques, OpenVAS, SET, Clam AV, smishing tools, and several others. In addition, the course had various labs, including using the OSINT Framework and SET to build a phishing attack, TOR browsers to navigate the dark web, how to navigate the MITRE Framework, using the Exploit database, and using John the Ripper.
    That is a great course layout you shared, thanks!