SecProve
ProfessionalVendor-neutralISO 17024GIAC / SANS· issued from US

GPEN

GIAC Penetration Tester

Penetration testing methodology + documentation.

Official page at GIAC / SANS↔ Compare with another cert
Exam fee
$979
Ongoing
$0/yr AMF · 9 CPE/yr
Study time
100–200 hrs
Delivery
Online proctored
Validity
4 yrs (renewal cycle)

› Quality score

28.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
Tight blueprint mapped to SANS SEC560; explicit task list per phase.
8.5/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
Open-book MCQ + Cyber Live hands-on segment. Less rigorous than OSCP but more than MCQ.
6.5/10
Currency & upkeep
How aggressively content is kept current with the field.
SEC560 refreshed in 2022 with cloud and modern AD content.
7.0/10
Market recognition
How often this signal actually moves a hiring decision.
Strong inside SANS-trained orgs and DoD/federal; less weighted in commercial pentest hiring. [Holders: 10k, 2024-12]
6.5/10

› Market signals

public, citable inputs to the recognition score
Holders worldwide
10,000
as of 2024-12 · source

› Built for these roles

Penetration TesterRed Team OperatorSecurity Consultant (offensive)

› Exam format

Open-book MCQ exam, 82 questions over 3 hours plus a 15-minute Cyber Live exam component (hands-on labs). Online proctored.

Passing score
75% (scaled per attempt)
Retake policy
Fee: $999 per attempt
Wait: 30d between attempts

30-day wait. SANS course bundles typically include 2 attempts.

› Recertification

36 CPE credits over four years (avg 9/yr) plus the $499 renewal fee per cycle.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-007PD-WRL-002
Recognition
GlobalUSEUUK
Exam languages
en

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A9Penetration Testing & Red Teaming

Methodology (OSSTMM, PTES), web/network/mobile pentesting, social engineering, purple teaming.

A2Network Security

Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.

› Also touched

Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.

A4Application Security

OWASP Top 10, secure SDLC, SAST/DAST/IAST, API security, code review, DevSecOps.

A6Identity & Access Management

AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.

› Prerequisites

Experience

Two-plus years of IT or security experience. Often paired with SANS SEC560.

Knowledge assumed
  • Penetration testing methodology (PTES / OSSTMM)
  • Active Directory attacks
  • Exploit use and post-exploitation

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (1)
GSECGIAC / SANS
GPEN
GIAC / SANS
Required by (0)

No certs require this one.

Recommended next (4)
GX-PTGIACGRTPGIACGXPNGIACGCPNGIAC

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides
Practice tests
  • GIAC Practice Tests (2 included with exam)
Free / community

› Version & lifecycle

Current version
2024 SEC560 refresh
Released
2024-04

› Salary signal

Penetration tester, US, 3-5 years.

$115K$175K
median $140K

Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

vs
OSCP

GPEN is SANS-deep methodology; OSCP is hands-on lab-graded.

↔ Compare side-by-side

› Careers that commonly pursue this cert

Penetration Tester

Ethically hack systems to find vulnerabilities before attackers do. Offensive security requires deep technical knowledge.

Vulnerability Management Lead

Owns the end-to-end find → prioritize → fix → verify loop at scale, now increasingly AI-driven.

Threat Exposure Management / Attack Surface Analyst

External-first role: inventories what an attacker can see, tracks what's new, and drives closure through the org. The outside-in counterpart to vuln management.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications