Pentesting - worthwhile to pursue MCSA?
yoba222
Member Posts: 1,237 ■■■■■■■■□□
Among the many things I do at my day-to-day information security job, I occasionally participate in penetration testing. My company is encouraging me to transition from occasional junior penetration tester to full blown penetration tester.
I wonder if there's much ROI in studying for an MCSA -- something like server 2016 or even Windows 10.
I'm glad I took the time to study for and obtain the LFCS last year. In retrospection, it felt like maybe not the most efficient way to boost my pentest skills on the Linux side.
So MCSA. I don't really need this cert from a resume perspective. Waste of time spent learning something else more relevant? The goal really is better pentester and I have a lot to learn.
I wonder if there's much ROI in studying for an MCSA -- something like server 2016 or even Windows 10.
I'm glad I took the time to study for and obtain the LFCS last year. In retrospection, it felt like maybe not the most efficient way to boost my pentest skills on the Linux side.
So MCSA. I don't really need this cert from a resume perspective. Waste of time spent learning something else more relevant? The goal really is better pentester and I have a lot to learn.
A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Comments
-
JamesBarker
Member Posts: 18 ■■□□□□□□□□
Your in the position I want to be in haha
I'm currently studying MCSA Windows 10, I have my 70-698 & have got my 70-697 booked in.
I eventually want to do a CEH/ SANS GIAC GPEN. -
airzero
Member Posts: 126
I wouldn't say having an MCSA will make a big difference as a pen tester. However how the knowledge of windows and active directory environments that you learn from studying for that cert would definitely be beneficial. If anything I would say get security/pen testing certs, but study other things as well to broaden your knowledge. I have to say building an active directory lab environment really help me understand what is actually going on in the network, which translates to being able to hack it easier/more efficiently. It really comes down to knowing the technologies and environments you are trying to test.
-
yoba222
Member Posts: 1,237 ■■■■■■■■□□
Yeah I think you guys are right. When I want to increase Windows knowledge, what I really mean is
1. Active directory
2. DLLs and the registry
3. PowerShell/cmd.exe
4. Maybe a little on DEP/ASLR for exploits
5. WMI
6. Probably something I'm not thinking of
Everything else that comes with the cert would be fluff I think.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
JoJoCal19
Mod Posts: 2,835 Mod
Google, MS site, and lab. Maybe utilize Pluralsight or Safaribooks if you want more of a deep dive. I'd save the money and time on the certs though.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
ThePawofRizzo
Member Posts: 389 ■■■■□□□□□□
Most of the IT security guys I know would benefit from training for an MCSA. I think the best IT Sec. personnel have well-rounded knowledge in a lot of things: Linux, Unix, MS, networking, etc. Of course, few of us can be experts in it all.
