Pentesting - worthwhile to pursue MCSA?

yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
Among the many things I do at my day-to-day information security job, I occasionally participate in penetration testing. My company is encouraging me to transition from occasional junior penetration tester to full blown penetration tester.

I wonder if there's much ROI in studying for an MCSA -- something like server 2016 or even Windows 10.
I'm glad I took the time to study for and obtain the LFCS last year. In retrospection, it felt like maybe not the most efficient way to boost my pentest skills on the Linux side.

So MCSA. I don't really need this cert from a resume perspective. Waste of time spent learning something else more relevant? The goal really is better pentester and I have a lot to learn.
A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP


  • [Deleted User][Deleted User] Senior Member Posts: 0 ■■□□□□□□□□
    I would say go for your GPEN or GWAPT.
  • JamesBarkerJamesBarker Member Posts: 18 ■■□□□□□□□□
    Your in the position I want to be in haha
    I'm currently studying MCSA Windows 10, I have my 70-698 & have got my 70-697 booked in.
    I eventually want to do a CEH/ SANS GIAC GPEN.
  • airzeroairzero Member Posts: 126
    I wouldn't say having an MCSA will make a big difference as a pen tester. However how the knowledge of windows and active directory environments that you learn from studying for that cert would definitely be beneficial. If anything I would say get security/pen testing certs, but study other things as well to broaden your knowledge. I have to say building an active directory lab environment really help me understand what is actually going on in the network, which translates to being able to hack it easier/more efficiently. It really comes down to knowing the technologies and environments you are trying to test.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Yeah I think you guys are right. When I want to increase Windows knowledge, what I really mean is
    1. Active directory
    2. DLLs and the registry
    3. PowerShell/cmd.exe
    4. Maybe a little on DEP/ASLR for exploits
    5. WMI
    6. Probably something I'm not thinking of

    Everything else that comes with the cert would be fluff I think.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Google, MS site, and lab. Maybe utilize Pluralsight or Safaribooks if you want more of a deep dive. I'd save the money and time on the certs though.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • ThePawofRizzoThePawofRizzo Member Posts: 389 ■■■■□□□□□□
    Most of the IT security guys I know would benefit from training for an MCSA. I think the best IT Sec. personnel have well-rounded knowledge in a lot of things: Linux, Unix, MS, networking, etc. Of course, few of us can be experts in it all.
Sign In or Register to comment.