In April, I got a huge surprise when Heath Adams (also known as The Cyber Mentor), founder of TCM Security and creator of TCM Academy contacted me asking me to beta test his new penetration testing certificate. Although I was surprised that I was chosen to beta test, I was not surprised that Heath was making a certificate. His courses have helped thousands of people and it seemed like, after the academy, a great addition to that would be a certificate.
I just want to state prior that I do not have any other cybersecurity certificate, other than the PNPT. I cannot make comparisons against the OSCP or the eJPT.
My Overall Experience
As I mentioned above, I first did this certificate in April and made it to day 5. However, I woke up on day 5 to find out that my mother had passed during the night. Heath was very kind about the situation and told me I could retake the exam once I felt ready to do so. Knowing what I know now, I never would have passed the first time I took the certificate. In the meantime, I went to Canada to help my father with my mother’s passing. Once everything slowed down, I re-scheduled my exam.
In terms of scheduling, you pick a date and time. From that date and time, you have 5 complete days to compromise the domain controller. You are given an OVPN file and the Rules of Engagement (that are super clear) via email the moment your exam begins. At no moment during the testing did I have any problems with the technology. I personally needed almost all of the five days, but I can see how those with a lot of experience could complete the certificate sooner. Throughout the 5 days, Heath was always accessible if I had any questions.
Although I cannot make comparisons to the eJPT or the OSCP, I can say that this certificate feels like a penetration testing engagement you would see in the real world. The emphasis here is really on the practicality. You conduct OSINT, do an external and then move onto an internal penetration test where you have to compromise the domain controller. Even the way you go about exploiting, to me, feels like something that would really happen in a real company’s network.
In addition to actually exploiting all of these systems, you have two days to write a penetration testing report and then, after, conduct a debrief, enhancing the practicality of the certificate. I took great care writing the report and prepared a PDF for the debrief. I wanted both to represent what I would do in an actual job. During the debrief, Heath gave me feedback that I could use to improve those also.
Recommendations for Test-Takers
The first thing I recommend is, if you do not have work experience as a penetration tester, make sure you complete all of Heath’s courses on the TCM Academy and take detailed notes. At this moment, you can purchase a bundle with all courses. Everything you will need to pass is either explicitly shown in his course, or alluded to.
Note that, depending on your skill and experience, you may need to take the complete 5 days. I was lucky because, since I work as a higher education instructor, I was in between semesters. I would say I worked for sometimes 15 hours a day on this certificate. Again, some other people took way less time than me to complete the certificate.
What Could Be Improved
I think the ONLY suggestion I would make to improve the experience would be for Heath to expand TCM Academy a bit. As I mentioned, everything on the exam was explained in his courses, or was alluded to at some point. However, although we make labs in PEH and exploit Hack the Box and Try Hack Me boxes, they are not exactly what you could see on the exam.
I think that, like eJPT, the PNPT could have a few practice exams (that could be purchased?) to get some more practice in some specific aspects you see on the exam. I feel like, although I understood the course material, I had a hard time practicing outside of the course.
Concerns About Adoption?
I think some people may be concerned with the adoption of this certificate. Since the certificate is so new, you may think it may better serve you to take the eJPT or just wait to take the OSCP. In all honesty, I disagree. Given that Heath is very well-known in the field and given the practicality of the certificate, I do see that the PNPT will very quickly be adopted by companies in the future. Even if you disagree, the learning curve I went through while taking the certificate was extensive, and I learned so much in just 5 days. This was the first time I REALLY became a pentester, and I was able to feel this during the certificate.
Overall, I loved my experience taking the PNPT. I never thought I would pass. I would not even have TAKEN the PNPT yet if Heath did not contact me. On Day 4 I resigned myself to not passing, but I would get as far as I could anyway. Day 5, at 5pm, I was able to compromise the domain controller. I spent 5 days banging my head on the table, but felt such elation when I solved the problem, only to be followed by another challenge. Eventually, I passed the PNPT.
The entire certificate process was extremely clear and was formatted in a practical way that gave me the confidence to know that, if I would get a penetration tester job, I have the skills to compromise systems, write a report and effectively explain my report to clients. I had no issues with technology. Although I cannot compare the PNPT with the eJPT or the OSCP, I do think it is a worthwhile certificate to obtain.
For test-takers – make sure you take all of Heath’s courses and write excellent notes. Also be aware that, depending on your skill level, you may need the 5 complete days.
The only thing I would add is perhaps more practice prior to the exam with certain aspects. Hopefully that could come in the future.
I want to thank Heath one more time for asking me to beta test the certificate and then allowing me to re-take the exam. Thank you for answering all questions I had during the certificate also. It was invaluable.