CompTIA PenTest+ in Nairobi
Kenya · Africa
What is CompTIA PenTest+?
CompTIA PenTest+ (PT0-003) is a vendor-neutral, intermediate-level certification that validates your ability to plan, scope, and execute penetration tests across networks, applications, and cloud environments. It covers the full pentest lifecycle — from reconnaissance and exploitation to reporting and remediation. In Nairobi, where financial institutions, telecoms, and fast-growing tech firms are rapidly expanding their security teams, a recognized pentesting credential signals serious technical credibility. Kenya's digital economy is accelerating, and organizations like Safaricom, KCB, and a surge of fintech startups are actively seeking professionals who can proactively identify vulnerabilities before attackers do. PenTest+ sits at the right level to get you into those roles.
Exam details
- Exam cost
- $404 USD
- Duration
- 165 min
- Passing score
- 750
- Renewal
- Every 3 yrs
Prerequisites: Network+, Security+, or 3-4 years hands-on experience
Is CompTIA PenTest+ worth it in Nairobi?
With an average IT salary of around $18,000 per year in Nairobi, the $404 exam fee is a straightforward investment. Certified pentesters in Kenya's market command a salary uplift of approximately $14,000 annually — meaning the cert can pay for itself within weeks of landing a new role or negotiating a raise. Nairobi's cybersecurity talent gap is real: demand consistently outpaces supply, giving certified candidates genuine leverage. PenTest+ is also renewable every three years, keeping your credential current without constant re-examination. For mid-career IT professionals in Nairobi looking to move from general networking or security roles into dedicated offensive security, PT0-003 offers one of the clearest and most cost-effective paths forward.
12-week study plan
Weeks 1–4
Planning, Scoping, and Reconnaissance
- Study pentest engagement scoping, rules of engagement, and legal considerations covered in PT0-003 Domain 1
- Practice passive and active reconnaissance techniques using tools like theHarvester, Shodan, and Maltego in a lab environment
- Review compliance frameworks relevant to East African financial and telecom sectors to contextualize scope discussions
Weeks 5–8
Exploitation, Attacks, and Post-Exploitation
- Work through network, application, and wireless attack techniques using Metasploit, Burp Suite, and Nmap in a controlled lab
- Practice privilege escalation, lateral movement, and persistence techniques on platforms like Hack The Box or TryHackMe
- Study cloud and hybrid environment attack vectors, which carry increased PT0-003 exam weight compared to the previous version
Weeks 9–12
Reporting, Tools Mastery, and Exam Readiness
- Draft a sample pentest report covering findings, risk ratings, and remediation recommendations to reinforce Domain 5 objectives
- Run timed practice exams focusing on performance-based questions — these simulate real tool usage and are heavily weighted on PT0-003
- Review all scripting basics (Python, Bash, PowerShell) tested in the exam and revisit any weak domains identified in practice tests
Recommended courses
coursera
CompTIA PenTest+ Professional Certificate
Professional certificates & degrees
View on Coursera →pluralsight
CompTIA PenTest+ Learning Path
Tech skills platform — monthly subscription
View on Pluralsight →udemy
CompTIA PenTest+ Complete Course
by Top-rated instructor
One-time purchase, lifetime access
View on Udemy →Exam tips
- 1.Prioritize hands-on lab practice over passive reading — PT0-003 includes performance-based questions that present you with a simulated terminal or tool interface, and you cannot memorize your way through them.
- 2.Know your core pentest tools cold: Metasploit modules, Nmap scan types, Burp Suite's proxy and scanner, and basic Netcat usage are all fair game and frequently appear in scenario questions.
- 3.Study the pentest reporting domain seriously — PT0-003 tests your ability to interpret findings, assign CVSS scores correctly, and recommend prioritized remediation, not just identify that a vulnerability exists.
- 4.Practice reading and writing basic Python and Bash scripts for tasks like port scanning and file parsing — PT0-003 expects you to understand what a script does and identify errors or improvements in short code snippets.
- 5.When answering scenario questions, always filter choices through the pentest lifecycle phase described — an action that's valid during exploitation may be wrong during scoping, and CompTIA tests whether you know the difference.