I obtained my Pentest+ certification at the end of 2023 while I was in Canada, after about a month of studying. In this article, I will describe this process.

Intro

The Pentest+ certification is a Comptia certification. Comptia is a well-known certification organization in the IT field, particularly valued in the Americas. It focuses on the entire penetration testing process, both operationally and technically. There are minor differences between the old and new versions. The differences can be described as topic distribution and minor paragraph adjustments. I worked with the official content of the new version, and I recommend it. Although the tools section is not exactly the same as today’s pentest process, unfortunately, questions come from there too, so it is necessary to study it.

Zero Day

My first encounter with this certification was through TryHackMe’s Pentest+ Path. This course consists of hands-on training built directly on the PenT+ curriculum, and I recommend completing it if you plan to obtain this certification. When I decided to pursue certification, I researched and investigated many certifications. Although this certification is not very popular, it is more suitable than Sec+ in terms of content for those who want to work in offensive security. As the name Sec+ suggests, it is aimed at the entry level of the entire cybersecurity industry, but PenT+ is more suited for offensive security. As a result of my research, I decided to take PenT+ because, although it is not very popular, its affordable price was a major factor. I purchased two exam attempts and the training materials. Before obtaining this certification, I had 1.5 years of professional experience and approximately 3 years of self-study. Actually, when I got the certification, I realized I could have easily obtained it a year earlier.

Prep

This certification consists entirely of theoretical multiple-choice questions. I took a practice exam included in the training materials and saw the areas where I was lacking (which I already knew, most of it was about tools). I studied for about 1.5 months, taking notes when necessary and reading most of it. I already had experience with both CTF and real pentesting before this.

Exam Day

I chose the exam center as my exam location option. If I had taken it from home, I would have been stressed if there had been any internet issues, and I figured there would be a procedure to follow in that case, so I didn’t want to deal with it. I chose Toronto College of Technology as my exam location. It was the closest one to where I was staying. I barely slept at all that night. I woke up feeling quite tired and chose to take an Uber for the trip (I walked back).

Exam

I was very happy to learn that I passed the exam. To be honest, I have a fear of exams and was afraid I wouldn’t pass while taking it. It was my first time taking a cybersecurity certification exam, and I realized I had made it out to be too big in my mind.

Result

I think it’s a certificate that can be obtained without much effort for those who are new to the industry or who have experience on platforms such as THM. If I were a pentest manager, I would have my entire team take it. I recommend studying from official sources and solving the official sources’ practice exams, as they give the closest performance to the actual exam. Dion Training courses are also quite well-regarded.