Report: Certifications to Look for When Choosing a Pen Testing Team 


You may know that building a penetration testing team or hiring pen testing services can help uncover security gaps putting your organization at risk, but getting started is sometimes difficult. What makes a good security tester? Is there a way to differentiate true security pros from the inexperienced and unprofessional? Actually, there is. Pen testers may have a variety of education and employment backgrounds, but one of the best measures of skill and dedication is industry certifications. 

What Makes Pen Testing Certifications Important?


Pen testing certifications help verify that pen testers have spent time adequately training and possess the necessary skills required in order to successfully conduct a pen test. Reputable certifications are issued by institutions and organizations that are considered authorities in the field. There are a number of possible certifications that a pen tester can train and test for, with some covering broad pen testing concepts and others narrow in on specific topics for testers who want to further their expertise and specialize in a niche area. The following list has details on some of the most common certifications, including how long they are valid and what they focus on.


Card image cap

Cisco Certified Network Associate

Granted by: The Cisco Learning Network, the training and certifications arm of Cisco Systems, an international seller of switches, routers, networking, and cybersecurity products   

Requirements: Recommended at least one year experience with Cisco solutions

Format: Two-hour exam with a varying number of questions and variable requirements for passing 

Valid: Three years; can recertify with 30 continuing education credits

Focuses on:

  • Automation and programmability              10%
  • IP connectivity                                           25%
  • IP services                                                 10%
  • Network access                                         20%
  • Network fundamentals                              20%
  • Security fundamentals                              15%


Using Certifications to Inform Your Third-Party Team Selection


When shopping for a third-party cybersecurity vendor, due diligence is important. After all, you’re trusting them with the security of your highly valued assets. But cybersecurity talent is scarce, so not all pen testing teams are on equal footing. Many focus on basic, routine tests that are performed with a vulnerability scanner and an automated pen testing tool, packaging it as a custom service. However, such tools can be used by your own security team, so it’s important to find a partner with a team that can advise you on the different options, tailor their tests to suit your needs, and expertly probe your systems and exploit vulnerabilities.

Certifications are a key measure you can look for when evaluating whether a vendor has the experience needed to effectively assess your network. Though a minimum level of certification is important, a team with a variety of certifications among its members could be most capable at tackling an array of testing scenarios. At Fortra, our security testing teams have essential certifications and more so you can feel confident in their ability to uncover vulnerabilities before bad actors do.  

Fortra offers a number of penetration testing services to meet the unique security objectives and challenges of any environment. Testing areas include network infrastructure, web applications, mobile applications, wireless networks, IoT, social engineering, and more. Our testing teams offer a fresh perspective on the state of your security and provide new ways to make improvements, including increasing user awareness, finding new vulnerabilities, circumventing access controls, and finding paths to compromise high-value assets that were not explored before. In addition to thorough testing procedures, Fortra provides detailed reports that present a clear path forward, with recommendations on remediation and other best practices.

Which Pen Testing Is Right for Your Organization?

CTA Text

Now that you know which certifications to look for, find out find out when to use pen testing software, services, or both.

View Guide