Imagine that, several months ago, say in January or February, a certified penetration tester had conducted a thorough examination of the digital perimeter at Equifax. It's possible that nothing would be different today — but probably not very likely.
The only time that a breach can be prevented is before it happens. It sounds obvious, but countless high-profile hacks — including, there is excellent reason to believe, the aforementioned Equifax incident — could have been blocked through fairly routine security monitoring.
In that sense, the timing of the launch by EC-Council of a new and innovative certification exam couldn't be better. With the release of the new Master-level Licensed Penetration Tester (LPT) exam, skilled information security professionals with a particular interest in the penetration testing realm now have a new bar to clear.
In certification circles, EC-Council, a member-supported professional organization based in New Mexico, is best known for its popular Certified Ethical Hacker (CEH) credential. Penetration testing is a close cousin to ethical hacking in the preventive cybersecurity realm, so the new LPT exam almost certainly benefited in its composition from the input of top SMEs.
The new test is an 18-hour hands-on marathon that is likely to challenge the endurance of candidates as much as their knowledge of cybersecurity. EC-Council president and CEO Jay Bavisi acknowledged the impressive physical difficulty of the LPT exam in a press release announcing its launch.
"In the real world, penetration testers go through a strenuous, arduous and laborious process to keep their clients and organizations secure," Bavisi said. "This exam is meant to mimic the real-world environment and is meant to stress, burden and ardently push the candidates to their limits to test their actual abilities in penetration testing."
Exam candidates must have already earned the EC-Council Certified Security Analyst credential, or must have another approved industry penetration testing credential, or must have a minimum of two years' experience working as a penetration tester. The LPT certification is valid for two years upon receipt, after which it must be renewed annually.