Top 10 Penetration Testing Certifications for Security Professionals [Updated 2019]

As more organizations turn to penetration testing for identifying gaps in their defense systems, the demand for skilled penetration testers has been growing. While other types of security practitioners can probe information systems and networks for their vulnerabilities, pentesters are highly specialized, trained to think like hackers when exploiting security weaknesses.

According to the TechRepublic, penetration testing was one of the top three most-in-demand jobs in cybersecurity in 2017. At the same time, a 2017 report by The Enterprise Strategy Group and the Information Systems Security Association found that 23 percent of surveyed organizations had a shortage of penetration testing skills, making it the fourth-highest area of shortage among all cybersecurity skills. While these numbers are a couple of years old, it’s unlikely the demand has tapered off, considering the need for security professionals has increased across the board.

If you’re interested in a career path as a penetration tester, you will need a mix of technical hands-on skills and broad cybersecurity knowledge. Obtaining a specialized certification is one way to gain the technical skills while at the same time proving those skills to a potential employer. Here are some of the options for pursuing a pentesting certification.

EC-Council Certified Ethical Hacker (CEH)

The EC-Council (International Council of E-Commerce Consultants) bills itself as the “world’s largest cybersecurity technical certification body.” Their Certified Ethical Hacker cert is a comprehensive certification that is designed to teach you to think like a hacker. The cert is valid for three years.

To be eligible for the four-hour certification exam, candidates must either attend official training or be approved via an application process. You also need two years of experience in the information security field.

The official CEH training program includes 20 modules covering different security domains and more than 300 attack technologies. (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: