ProfessionalVendor-neutralTCM Security· issued from US

PNPT

Practical Network Penetration Tester

Hands-on network + AD pentesting with OSINT + reporting.

Official page at TCM Security ↔ Compare with another cert

Exam fee

$449

Ongoing

$0/yr AMF

Study time

200–400 hrs

Delivery

Hands-on practical lab

Validity

Lifetime

› Quality score

28.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

Course-aligned blueprint (TCM PEH); covers OSINT, AD, network, reporting.

7.5/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

5-day live engagement + 2-day report + live debrief with TCM staff. Practice rigour rivals OSCP at lower cost.

9.0/10

Currency & upkeep

How aggressively content is kept current with the field.

Refreshed alongside TCM courseware; ~yearly cadence.

6.5/10

Market recognition

How often this signal actually moves a hiring decision.

Growing fast in junior pentest hiring; not yet a CISSP-level default. [Holders: 4k, 2024-12]

5.5/10

› Market signals

public, citable inputs to the recognition score

Holders worldwide

4,000

as of 2024-12 · source

› Built for these roles

Junior Penetration TesterRed Team ApprenticeOSCP-prep candidateSelf-taught practitioner needing a defensible signal

› Exam format

Five-day hands-on engagement against a simulated company environment — OSINT, external recon, internal compromise, AD escalation. Followed by a 2-day window to write a professional pentest report and a live debrief with TCM staff.

› Recertification

Credential is permanent — no recertification, no maintenance fee.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-007PD-WRL-002

Recognition

GlobalUS

Exam languages

› Core domains covered

The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A9Penetration Testing & Red Teaming

Methodology (OSSTMM, PTES), web/network/mobile pentesting, social engineering, purple teaming.

A2Network Security

Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.

A6Identity & Access Management

AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.

› Prerequisites

Experience

Hands-on Linux comfort and willingness to learn AD attacks. TCM's Practical Ethical Hacking course is the standard prep.

Knowledge assumed

Active Directory attack and defense
OSINT methodology
Penetration test reporting

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (1)

eJPTINE

PNPT

TCM Security

Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Careers that commonly pursue this cert

Penetration Tester

Ethically hack systems to find vulnerabilities before attackers do. Offensive security requires deep technical knowledge.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications