What is included?

• You have 12 months time as of reception of the learning material to learn, do the exam and get your certification
  
• Certification and examination fees are included in the price of the training course 
• Training material containing over 400 pages of information and practical examples will be distributed  
  
• An Attestation of Course Completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course. 
• In case candidates do not pass the exam, they are entitled to a free retake within 12 months from the date the coupon code is received  
• + 20% reduction on the first year subscription for our all-in-one ISMS/GRC management solution
  

Why should you take this training course?

Lead Pen Test Professional training enables you to develop the necessary expertise to lead a professional penetration test by using a mix of practical techniques and management skills. 

This course is designed by industry experts with in-depth experience in the Penetration Testing field. Unlike other trainings, this training course is focused specifically on the knowledge and skills needed by professionals looking to lead or take part in a penetration test. It drills down into the latest technical knowledge, tools and techniques in key areas including infrastructure, Web Application security, Mobile security and Social Engineering. In addition, this course concentrates on how to practically apply what is learned on current day-to-day penetration testing and does not expand on unrelated, dated or unnecessary theoretical concepts. 

Along with the in-depth hands-on practical skills, this training course equips you with the management skills you need to lead a penetration test, taking into account business risks and key business issues. The individuals who complete the course have the right blend of the real business and technical competencies needed to be a respected, understood and professional penetration tester. On the last day of the training course, you will get to use the skills learned in a comprehensive capture and flag penetration testing exercises. 

Who should attend?

This training course is intended for:

• IT professionals looking to enhance their technical skills and knowledge
• Auditors looking to understand the Penetration Testing processes
• IT and Risk managers seeking a more detailed understanding of the appropriate and beneficial use of Penetration Tests
• Incident handlers and Business Continuity professionals looking to use testing as part of their testing regimes
• Penetration testers
• Ethical hackers
• Cybersecurity professionals

Training course structure

Module 1: Introduction to Penetration Testing, ethics, planning and scoping

• Course objectives and structure
• Penetration Testing principles
• Legal and ethical issues
• Fundamental principles of information security and risk management
• Penetration Testing approaches
• Penetration Testing phases
• Management of a Penetration Test

Module 2: Technical foundation knowledge and techniques (with practical exercises in all areas)

• Technical foundation knowledge

Module 3: Conducting a Penetration Test (using tools and techniques) and reviewing testing areas

• Conducting a penetration test – Infrastructure testing
• Conducting a penetration test – Web application penetration testing
• Conducting a penetration test – Mobile testing
• Conducting a penetration test – Social engineering testing
• Conducting a penetration test – Physical security testing

Module 4: Analyzing results from testing, reporting and follow up

• Documentation of the test quality review and reporting
• Action plans and follow up
• Managing a test program
• Competence and evaluation of penetration testers
• Capture the flag exercises
• Closing the training

Certification Exam

Learning objectives

Upon successfully completing the training course, you will be able to:

• Learn how to interpret and illustrate the main Penetration Testing concepts and principles
• Understand the core technical knowledge needed to organize and carry out an effective set of Pen Tests
• Learn how to effectively plan a Penetration Test and identify a scope which is suitable and appropriate based on risk
• Acquire hands-on practical skills and knowledge on relevant tools and techniques used to efficiently conduct a Penetration Testing
• Learn how to effectively manage the time and resources needed to scale a specific Penetration Test

Examination

The “PECB Certified Lead Pen Test Professional” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:

• Domain 1: Fundamental principles and concepts in Penetration Testing 
• Domain 2: Technical foundations for Penetration Testing
• Domain 3: Scoping and planning a Penetration Test
• Domain 4: Conducting a Penetration Test including test types, tools and methods
• Domain 5: Specific Penetration Testing types and techniques (infrastructure, application, mobile technology and social engineering)
• Domain 6: Analyzing results and the reporting process
• Domain 7: Penetration Test follow up

Duration: 3 hours
Location: Online through the PECB app OR in person in one of the PECB exam centers
Preparation: PECB Exam Preparation Guides
Language: The exam is available in multiple other languages and does not need to be taken in the same language as the training material. Additional time can be requested when your native language is not available in your mother tongue (to be requested by candidates on the exam day)
Retake: In case you fail the exam, you can retake it within 12 months following the initial attempt for free

For specific information about the exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification? 

After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential. 

The requirements for PECB Pen Testing Professional Certifications are:

To be considered valid, these activities should follow best practices and include the following:

• 1. Understanding an organization and its context
  2. Defining a Pen Testing approach
  3. Selecting a Pen Test methodology
  4. Defining Pen Test criteria
  5. Identification of assets, threats, existing controls, vulnerabilities and consequences (impacts)
  6. Assessing consequences
  7. Evaluating Pen Test scenarios
  8. Evaluating Pen Test treatment options
  9. Selecting and implementing controls
  10. Performing a Pen Test review​
      

​​For more information about Pen Testing certifications and the PECB certification process, refer to the Certification Rules and Policies..

Contact us on [email protected] if you have other questions