PCES™ – Certified Entry-Level Security Specialist with Python: EXAM SYLLABUS

Exam: PCES-30-01
Status: ACTIVE


The PCES™-30-01 exam consists of single-select, multiple-select, and input-based items designed to assess a candidate’s ability to explain core security concepts, recognize threats and risks, and apply Python to basic defensive tasks, reporting, and secure coding. The exam evaluates practical knowledge in IT security fundamentals, systems security, Python for security operations, and secure development.

Each item is worth a maximum of 1 point. After completion, the candidate’s raw score is normalized and presented as a percentage.

The exam is divided into four blocks that reflect key areas of entry-level cybersecurity practice. The weight of each block indicates its importance in the overall exam.

PCES-30-0x badge

The table below summarizes the distribution of exam items and their respective weight in the total exam score.

Block Number Block Name Number of Items Weight
1 Security Essentials 10 22%
2 IT Systems Security 12 27%
3 Python for Security Operations 13 29%
4 Secure Development & Implementation in Python 10 22%
45 100%

Exam Syllabus

Last updated: August 21, 2025
Aligned with Exam PCES-30-01


Exam Syllabus Contents


Block 1: Security Essentials

10 objectives covered by the block → 10 exam items

1.1 The CIA Triad and Beyond (1)

Objective 1.1.1 – Explain the concepts of Confidentiality, Integrity, and Availability

  1. Explain the concepts of Confidentiality, Integrity, and Availability.
  2. Evaluate trade-offs between strong Security and system Usability in real-world scenarios.
  3. Explain how Authenticity and Accountability extend the CIA model.
  4. Explain the concepts of Authenticity and Accountability.
  5. Provide examples of accountability measures and authenticity in action.

1.2 IT Threats and Risks (2)

Objective 1.2.1 – Identify and classify threats and risks to IT systems

  1. Define threat and risk in the context of IT security.
  2. Differentiate between malware types (viruses, worms, trojans, ransomware, spyware), phishing/social engineering techniques, and DoS/DDoS attacks.
  3. Explain the typical motivations behind threat actors (financial gain, disruption, espionage).

Objective 1.2.2 – Describe basic protection measures against malicious software and attacks

  1. Explain the importance of encryption for stored and transmitted data.
  2. Relate specific protections to corresponding threats (e.g., antivirus to malware, MFA to phishing).
  3. Explain the role of regular backups in minimizing damage.
  4. Describe how layered defenses improve resilience against attacks.

1.3 Consequences of Data Loss, Theft, or Modification (3)

Objective 1.3.1 – Explain the potential impacts of losing critical information

  1. Define critical information in different contexts (e.g., medical records, customer databases, business contracts).
  2. Describe financial losses from lost data, such as direct revenue loss, legal costs, and recovery expenses.
  3. Explain operational impacts, including downtime, service disruption, and reduced productivity.
  4. Provide examples from healthcare (patient safety risks, incorrect treatments, compliance fines under HIPAA/GDPR), finance (unauthorized transactions, fraud, regulatory sanctions), and personal data contexts (identity theft, fraud, emotional distress).

Objective 1.3.2 – Describe the security and reputational consequences of data theft

  1. Explain how stolen intellectual property can benefit competitors or criminals.
  2. Describe risks from the exposure of personally identifiable information (PII).
  3. Discuss reputational harm, including loss of customer confidence and media scrutiny.

Objective 1.3.3 – Describe the consequences of manipulated or altered data

  1. Define data manipulation and distinguish between intentional (malicious) and accidental causes.
  2. Explain operational consequences, such as incorrect decision-making based on false data.
  3. Identify safety risks in critical systems (e.g., incorrect GPS coordinates in aviation, wrong dosage in pharmacy systems).
  4. Discuss the reputational impacts that occur when customers discover incorrect information was used.
  5. Provide examples from industries such as logistics, manufacturing, and emergency services.

1.4 Losses from System Unavailability (1)

Objective 1.4.1 – Analyze the operational, financial, and safety impacts of system downtime in critical environments

  1. Explain lost sales and revenue during outages, especially in peak sales periods.
  2. Describe indirect impacts such as abandoned shopping carts, reduced future purchases, and missed opportunities.
  3. Discuss costs of emergency fixes, service credits, and refunds to customers.
  4. Explain delays in critical services (e.g., patient care in healthcare) and the potential for life-threatening situations.
  5. Describe risks to data availability during emergencies, including medical records and transaction histories.
  6. Identify compliance and regulatory issues when systems cannot provide timely access to required data.
  7. Explain how service outages can reduce customer trust and damage brand reputation

1.5 Legal, Regulatory, and Business Consequences of Data Breaches and Trade Secret Disclosure (1)

Objective 1.5.1 – Understand the legal requirements, penalties, and business impacts related to the unauthorized disclosure of personal data or trade secrets

  1. Identify common data protection laws and regulations (e.g., GDPR, CCPA, HIPAA) and their scope.
  2. Describe reporting obligations and timelines following a data breach or unauthorized disclosure.
  3. Outline potential fines, sanctions, and loss of operating licenses for non-compliance.
  4. Explain possible civil liabilities, such as lawsuits from affected individuals or organizations.
  5. Discuss criminal penalties for severe or intentional violations.
  6. Define trade secrets and distinguish them from other forms of confidential information.
  7. Explain the role of non-disclosure agreements (NDAs) and contractual clauses in protecting sensitive information.
  8. Describe how accidental disclosure may occur (e.g., misdirected emails, unprotected files, public presentations).

1.6 Communication and Collaboration in Security (2)

Objective 1.6.1 – Understand the importance of communication in IT security

  1. Describe how clear reporting of security issues reduces response times.
  2. Explain the difference between communicating with technical and non-technical audiences.
  3. Provide examples of poor communication leading to delayed responses or misunderstandings.
  4. Explain the need for timely and accurate reporting.

Objective 1.6.2 – Collaborate effectively in basic security processes

  1. Document incidents using simple, structured formats (e.g., incident report templates).
  2. Follow escalation chains when reporting a threat or suspected breach.
  3. Recognize the role of teamwork between IT staff, management, and end users.
  4. Describe the roles and responsibilities in an incident response team (IRT).
  5. Explain the importance of security drills and awareness programs in preparing for incidents.

Block 2: IT Systems Security

12 objectives covered by the block → 12 exam items

2.1 Security Principles and Practices (4)

Objective 2.1.1 – Explain why security is a continuous process

  1. Describe the evolving nature of security threats.
  2. Explain how continuous monitoring and updating reduces risk.
  3. Provide examples of threats emerging from unpatched systems or outdated policies.

Objective 2.1.2 – Implement technical safeguards to protect systems and networks

  1. Describe the purpose and function of firewalls in blocking unauthorized access.
  2. Explain how intrusion detection systems (IDS) monitor and alert on suspicious activity.
  3. Explain how intrusion prevention systems (IPS) can actively block threats.
  4. Describe the role of virtual private networks (VPNs) in securing remote communications.

Objective 2.1.3 – Apply organizational safeguards to protect assets and data

  1. Apply core practices for protecting sensitive and protected information.
  2. Manage user access rights and permissions in accordance with the principle of least privilege.
  3. Apply device restrictions (use only approved devices).
  4. Apply limited trust models to reduce insider threat potential.
  5. Explain anonymization methods for data before internet use.
  6. Conduct regular IT security training to raise employee awareness.
  7. Explain the need to isolate production from testing environments (different data, systems, and access).

Objective 2.1.4 – Apply secure development practices

  1. Conduct peer reviews to identify potential security issues in code.
  2. Integrate security requirements early in software specifications.
  3. Apply anonymization techniques to sensitive log data.
  4. Discuss the need for anonymizing data before it is logged.

2.2 System Hardening (1)

Objective 2.2.1 – Implement a system hardening process

  1. Explain when and how often system hardening should be performed.
  2. Identify and describe the sequential stages of system hardening (removing unnecessary services, applying updates, and configuring secure settings).

2.3 Network Security Basics (2)

Objective 2.3.1 – Explain the roles of ports, protocols, and services in network communication

  1. Provide examples of common ports and protocols (e.g., HTTP, HTTPS, SSH, FTP).
  2. Explain how open ports can present vulnerabilities.

Objective 2.3.2 – Configure basic network security settings to reduce exposure to threats

  1. Describe how to disable unused services and ports.
  2. Explain the role of network segmentation and isolation.

2.4 Authentication, Authorization, and Access Control (3)

Objective 2.4.1 – Differentiate authentication and authorization

  1. Define authentication as verifying identity.
  2. Define authorization as granting permissions.
  3. Provide examples (login vs. file access rights).

Objective 2.4.2 – Configure secure password-based authentication

  1. Describe characteristics of secure passwords.
  2. Explain password policy settings (expiry, history, complexity).

Objective 2.4.3 – Describe the components and benefits of multi-factor authentication (MFA)

  1. Explain common MFA methods (SMS, authenticator apps, hardware tokens).
  2. Discuss how MFA mitigates stolen password risks.

2.5 Cloud and Remote Security Basics (2)

Objective 2.5.1 – Identify security risks associated with cloud storage services

  1. Explain risks such as misconfigured storage buckets and unauthorized access.
  2. Describe shared responsibility models for cloud security.

Objective 2.5.2 – Apply best practices for securing SaaS applications and remote access tools

  1. Explain VPN use for secure remote connections.
  2. Describe device hardening for remote workers.

Block 3: Python for Security Operations

13 objectives covered by the block → 13 exam items

3.1 Using Python for Ethical Security Assessments (3)

Objective 3.1.1 – Conduct authorized security assessments using Python

  1. Explain the purpose of offensive security testing for identifying vulnerabilities before attackers can exploit them.
  2. Define the concept of authorized testing and the importance of obtaining written permission before scanning.
  3. Conduct network port scans using Python’s socket library or python-nmap.
  4. Identify active services and open ports on authorized target systems.

Objective 3.1.2 – Perform basic vulnerability checks with Python

  1. Write scripts to identify outdated software versions.
  2. Check for weak or default passwords in test environments.

Objective 3.1.3 – Gather information using Python in a legal and ethical way

  1. Extract domain registration information using WHOIS queries.
  2. Perform banner grabbing to identify software versions on open ports.

3.2 Using Python for Defensive Security (4)

Objective 3.2.1 – Detect outdated or insecure websites

  1. Check SSL/TLS certificate validity and expiration dates with Python’s ssl and socket libraries.
  2. Generate alerts for certificates near expiry.

Objective 3.2.2 – Monitor OS processes for suspicious activity

  1. Use the psutil library to list running processes and resource usage.
  2. Identify unusual CPU, memory, or network usage patterns.

Objective 3.2.3 – Automate system security checks and responses

  1. Verify that firewall services are running.
  2. Check for pending system updates and patches.
  3. Notify administrators with email or messaging API.
  4. Restart services automatically if stopped.

Objective 3.2.4 – Execute OS-level commands for security tasks

  1. Use Python’s subprocess module to run antivirus scans.
  2. Automate log archiving and cleanup tasks.

3.3 Event Correlation (1)

Objective 3.3.1 – Correlate logs from multiple sources

  1. Combine firewall, server, and authentication logs.
  2. Identify patterns such as failed logins and correlated alerts.

3.4 Security Reporting (2)

Objective 3.4.1 – Generate structured reports

  1. Export security findings to CSV, JSON, or PDF formats.
  2. Include timestamps, IP addresses, and threat types in reports.
  3. Create visual summaries.

Objective 3.4.2 – Document and report test results

  1. Provide actionable recommendations from automated testing outputs.

3.5 Scheduling and Orchestration (3)

Objective 3.5.1 – Schedule recurring scans and checks

  1. Automate Python scripts with cron (Linux) or Task Scheduler (Windows).
  2. Use APScheduler for dynamic scheduling in Python.

Objective 3.5.2 – Automate backups and verify them

  1. Use Python to check backup completion.
  2. Validate file integrity and recovery from backup.

Objective 3.5.3 – Chain security tasks

  1. Perform checks, backups, cleanups, and reporting in sequence.

Block 4: Secure Development and Implementation in Python

10 objectives covered by the block → 10 exam items

4.1 Secure Coding Practices (5)

Objective 4.1.1 – Perform static analysis with linters

  1. Use pylint and flake8 to find insecure or inefficient code.

Objective 4.1.2 – Validate and sanitize user input

  1. Prevent SQL injection by using parameterized queries.
  2. Test for SQL injection vulnerabilities.
  3. Block cross-site scripting (XSS) by escaping HTML output.

Objective 4.1.3 – Apply output encoding and escaping

  1. Encode special characters to prevent injection in HTML, XML, or JSON output.

Objective 4.1.4 – Implement secure file and exception handling practices

  1. Sanitize file paths to prevent directory traversal attacks.
  2. Hide tracebacks and sensitive system paths from end users.

Objective 4.1.5 – Manage sensitive configuration data securely

  1. Store passwords and API keys in environment variables.
  2. Avoid committing secrets to version control.

4.2 Using Security Libraries and Tools (3)

Objective 4.2.1 – Encrypt and decrypt data with cryptography

  1. Generate secure keys using Fernet.
  2. Encrypt and decrypt text or files.

Objective 4.2.2 – Use paramiko for secure communications

  1. Establish SSH connections to remote systems.
  2. Transfer files securely with SFTP.

Objective 4.2.3 – Handle documents and files securely with Python libraries

  1. Apply password protection and encryption to PDF files using PyPDF2.
  2. Extract text securely from PDFs for scanning or review.
  3. Use python-docx to inspect and sanitize Word documents (e.g., remove metadata, hidden comments).
  4. Use openpyxl to inspect and sanitize Excel files (e.g., remove hidden sheets, sensitive formulas).
  5. Validate that documents and spreadsheets do not contain embedded malicious macros or scripts.
  6. Explain best practices for sharing protected files, including use of strong passwords and secure transmission methods.

4.3 Data Integrity and Authenticity (2)

Objective 4.3.1 – Verify file integrity with hashes

  1. Apply SHA-256 or stronger hashing algorithms to detect unauthorized file changes.
  2. Explain why older algorithms such as MD4 and MD5 are considered insecure due to collision vulnerabilities.
  3. Compare the reliability of weak and strong hash functions for ensuring data integrity.

Objective 4.3.2 – Validate downloaded files with checksums

  1. Compare computed checksums with published values.

Download PCES-30-01 Exam Syllabus in PDF


MQC Profile

A Minimally Qualified Candidate (MQC) for the PCES exam is an individual with foundational knowledge of cybersecurity concepts and basic Python programming skills (PCEP™ level or equivalent). The candidate can use Python to support simple, well-defined security tasks such as process monitoring, certificate checks, basic scanning, log correlation, and structured reporting.

The MQC understands core security principles (CIA, threats vs. risks), basic protective measures (encryption, MFA, backups, firewalls, VPNs), and secure coding basics (input validation, safe file handling, secrets management). The candidate can work with standard Python libraries such as socket, ssl, psutil, subprocess, cryptography, and paramiko.

This profile represents a blend of technical awareness, practical scripting, and clear communication skills needed for entry-level participation in security operations and secure development.

Block 1: Security Essentials (22% of total exam)

Minimum Coverage – the candidate can:

  • Explain CIA, authenticity, and accountability with simple examples.
  • Identify common threats/risks and basic protections (encryption, MFA, backups, defense-in-depth).
  • Describe impacts of data loss, theft, modification, and system downtime.
  • Recognize legal duties (GDPR/CCPA/HIPAA scope, reporting) and why clear communication and teamwork matter in incidents.

Block 2: IT Systems Security (27% of total exam)

Minimum Coverage – the candidate can:

  • Describe ongoing security practices, hardening steps, and technical/organizational safeguards.
  • Explain network basics (ports/protocols), segmentation, and AAA (authn vs. authz; MFA benefits).
  • Identify cloud storage risks, shared responsibility, and remote access good practices (VPN, device hardening).

Block 3: Python for Security Operations (29% of total exam)

Minimum Coverage – the candidate can:

  • Run basic authorized scans, simple vulnerability checks, and ethical information gathering.
  • Use Python to detect insecure sites, monitor processes, automate checks/responses, and run OS commands safely.
  • Correlate logs, generate structured reports, document test results, and schedule recurring tasks.

Block 4: Secure Development & Implementation in Python (22% of total exam)

Minimum Coverage – the candidate can:

  • Use linters; validate/sanitize input; encode output; handle files/exceptions safely; manage secrets.
  • Use cryptography (Fernet) and paramiko; handle PDFs/DOCX/XLSX safely.
  • Verify integrity with hashes (SHA-256+), explain MD4/MD5 weaknesses, and validate downloads with checksums.

Passing Requirement

To pass the PCES exam, a candidate must achieve a cumulative average score of at least 75% across all exam blocks.