Having reached a certain level in my information security career where the next logical step is to get into Penetration Testing, I decided that it’s time to get a relevant certification.
After careful research trough the plethora of online courses and certifications such as Security+ from Comptia, SSCP from ISC2 or CEH from EC-Council, I chose Penetration Testing Student v3 from eLearnSecurity and I will explain below my reasons.
First of all I was looking for a certification and course that can offer me the hands on experience in penetration testing, while improving my existing knowledge of networking, scripting and fundamentals of security. PTS v3 covers all of these, as it offers practice labs, course material and a valuable certification (eJPT eLearnSecurity Junior Penetration Tester).
I knew almost nothing about eLearnSecurity as they are a rather smaller player when compared to ISC2, ISACA or Offensive Security; however, I was really impressed by the quality of the material, videos and labs. I dare to compare eLearnSecurity to the other organizations as you would consider David and Goliath and we all know who won in the end. Nimbler than the rest, this eLearnSecurity goes the extra mile for it’s students.
Brief overview of the course and what it offers:
- The course material comes in 3 formats, Flash, PDF and HTML5. I mostly used the online HTML5 version as it has a nice feature to resume the course where you previously left it. The slides are detailed and fun to learn, also containing links to study further a certain topic in books, websites or videos. My only complaints about the slides are that in a few cases the information is repetitive but we all know the saying “repetition is the mother of learning”.
Secondly you can’t copy/paste the scripts so I would advise the instructors to set up a GitHub repository. I never skipped any of the slides as they offered me a refresh on already known topics however there are no instructions on how to write an executive summary or pentest report (a template would be nice). No one knows everything, but everyone knows something.
- The videos are really fun to watch and are a great addition to the slides. One big advantage is that you can also download them. I uploaded both the PDF’s and the videos to my smart phone so I was learning while commuting to work. It’s a nice experience when you realize that people near you in the subway look strange and treat you as a hacker. Achievement unlocked.
- The labs are really creative and offer great instructions and walk-through if you get stuck. After each chapter you get a lab where you can practice what you learn. This was another selling point for me as PTSv3 teaches you both theory and practice. Since I purchased the Elite Plan, I got 60 hours of HERA lab access, more than enough if you want to pass twice trough them before going for the exam. The process is really simple, you start a lab, download the OpenVPN tunnel files, connect to it then start your exercise. Most labs boot in under 30 seconds and if you get stuck or mess it you can always click the red flashy RESET button to restart the scenario. Network wise the labs offer a speedy connection and I encountered no problems. Just make sure to set up your OpenVPN credentials from the console before starting the lab. Again, I would like to highlight that the labs offer well build web applications or systems that you can encounter in real life. They are not easy to solve, however definitely not impossible. I will not spoil it for you, however the 12 challenges are the best part of the entire course.
If the above didn’t convince you to register for PTSv3 then please read on my 6 reasons for opting with eLearnSecurity:
- Pricing. At $299 it’s hard to find another course with labs & certification that beats PTSv3. Make sure to follow /r/netsecstudents on Reddit as the course instructors regularly post discounts or barebone access to the course.
- No expiry. You get an eJPT certification that doesn’t expire. It’s silly that we live in a world where every 2-3 years we have to renew our professional certifications or get a certain amount of points.
- Free retakes. Depending on the plan you can get either 1 or several free retakes if you fail the exam. This was another selling point for me as no matter the confidence level, we all fail exams sometimes.
- Real life test. Instead of sitting for hours in an exam room to pick multiple choice answers you get to do an actual penetration test in a corporate network.
- Lifetime access. You can login at any moment and download again the course material or watch any of the videos to refresh your knowledge.
- Paper certificate. Life is too short so why not have a nice printed certificate to put on your desk or wall and be proud of.
It took me 3 months to study all the materials and solve all the lab challenges. I’m planning to take the eJPT exam this October and will write a follow-up.
TL;DR: PTSv3 course and eJPT certification from eLearnSecurity are your best options if you are looking to get into penetration testing.