Henry Dalziel | Certified Ethical Hacker, CompTIA, CPTE, EC Council, Mile2 | December 27, 2012
Mile2, an information security training organization and awarding body, is growing in stature. Their two most popular IT information security certifications, CPTE and CPTC, are relatively new on the scene compared with EC-Council with their ever-popular Certified Ethical Hacker (now in CEHv8 revision – v8 – i.e. the 8th update/ revision), ISC2 with the CISSP designation and CompTIA with their robust and widely respected Security+. These awarding bodies and training organizations are vendor-free and in our opinion represent the best of information security training and certifications out there.
We have had the privilege to have worked with mile2 over the last few years and have really taken notice to their attention to detail. The folks at mile2 place considerable resources into ensuring that their content and syllabi is regularly updated and contains as much practical information as possible. It is also worth mentioning that mile2 security certifications are very popular with the US military.
So what’s the difference between CPTE and CPTC?
Mile2’s CPTC stands for “Certified Penetration Testing Consultant” whilst their CPTE means Certified Penetration Testing Engineer. They both have the same exam structure of 100 questions which must be answered within 120 Minutes. The pass-mark is 75% and the exam can be taken through Pearson VUE. If you are interested in taking a mile2 cert then you will likely want to understand the difference between CPTE and CPTC.
What is CPTC all about?
Probably best to take a look at the syllabus – that should give you a solid understanding of the pentesting and security skills that you will acquire:
Certified Penetration Testing Consultant Modules:
Module 1: Introduction and Pen Test Overview
Module 2: Refresher: The Attack Stage
Module 3: Core Impact: Initial Pen Test
Module 4: External/DMZ Assessments
Module 5: Wireless Site Surveying
Module 6: Attacking Bluetooth Devices
Module 7: Programming 101
Module 8: Internal Pen Testing
Module 9: Physical Security
Module 10: After the Pen Test
The CPTC cert is designed to teach students the processes involved with all aspects of penetration testing within a controlled classroom or online (CBT) environment. The CPTC syllabus is very detailed and covers slightly more ground than other similar Penetration Testing and Ethical Hacking courses such as CPTE, CEHv8 and OSPT.
Students studying CPTC have the opportunity to learn and become skilled in the following:
1. Being able to perform accurate penetration tests and submit professional audited reports
2. Capture and replay VoIP traffic – not just with WireShark but also by using other tools.
3. Ability to find and exploit databases with SQL Injection vulnerabilities.
4. Competency is being able to obtain and transfer information via Bluetooth enabled telephones.
5. Being able to use necessary pentesting tools and resources for picking simple and complex passwords (and hence apply prevention).
6. Competency in Wireless Site Surveying, auditing and Cracking WEP/WPA/ WPA2 keys
All students will have the opportunity to participate in Capture the Flag Competitions that are designed to ensure that the necessary objectives have been met.
CPTC is designed to take a student with basic knowledge of pentesting and information security to the next stage of their career progression. As stated above, many infosec courses train students “how to hack”; or “how to become an ethical hacker” whilst the CPTC cert is involved with “the business of penetration testing”. CPTC delivers advanced and cutting edge pentesting techniques for auditing across many disciplines. The primary difference between CPTC and CPTE is really best explained with CPTC equipping the pentester with commercial business consultancy expertise. What we mean is that CPTC trains the professional to be a Consultant – hence the last C in the CPTC title: Consultancy. This cert drills into the business of security – i.e. the course and training takes a good look at generating RFPs, Authorization, Security Policy Reviews and Compliance issues etc.
CPTC really has a solid dual purpose when compared to CPTE. Not only will the professional pentester acquire the in-demand skills of being able to plan, manage and perform a penetration test, but will also be able to consult and advise clients with their organization’s security.
What about CPTE – whats the difference there?
CPTE is the more hands-on pure pentesting cert – a security qualification that demonstrates your ability to think like a hacker to defend hackers and other advanced persistent threats. Here’s the CPTE syllabus:
Certified Penetration Testing Engineer Module Topics:
Module 0: Course Overview
Module 1: Business and Technical Logistics of Pen Testing
Module 2: Financial Sector Regulations
Module 3: Information Gathering
Module 4: Detecting Live Systems
Module 5: Enumeration
Module 6: Vulnerability Assessments
Module 7: Malware, Trojans and BackDoors
Module 8: Windows Hacking
Module 9: Hacking UNIX/Linux
Module 10: Advanced Exploitation Techniques
Module 11: Pen Testing Wireless Networks
Module 12: Networks, Sniffing and IDS
Module 13: Injecting the Database
Module 14: Attacking Web Technologies
Module 15: Report Writing
Appendix 1: The Basics
Appendix 2: Linux Fundamentals
Appendix 3: Access Controls
Appendix 4: Protocols
Appendix 5: Cryptography
Appendix 6: Economics and Law
Mile2 touts CPTE as the certification that teaches real world security by enabling students to recognize vulnerabilities, backdoors, exploit system weaknesses, and safeguard organizations against threats. CPTE students will learn the skills of Ethical Hacking (Penetration Testing) in a slightly more in-depth process than compared to CPTC, for example the course has five tenets or principles that they refer to as the “5 Key Elements of Pen Testing.” Those are
1. Information Gathering
2. Followed by Scanning
4. Exploitation and finally,
5. Reporting system or network vulnerabilities.
Last word on comparing and the differences between CPTE and CPTC.
Mile2 certs are based upon solid foundations with proven history and the fact that the US military has leaned towards these two infosec training courses further strengthens the case for getting a mile2 certification. We have had the privilege of working with Kevin Henry – a highly respected trainer and Ray Friedman – the mile2 CEO (click on their names to watch them present) and can certainly vouch for their professionalism and relentless drive to seek to improve their information security certifications and training programs.
We have more detailed information on CPTE, or you can enrol (with our discounted fee) on the course either as a live online boot camp or CBT. We have also compiled an in-depth report of CPTE which might be of interest to you.
Have you studied either of these courses? Let us know in the comments below. Are we accurate with what to expect from mile2? Is it worth the course fee? Has it helped your career?