Do I need a microsoft cert if I want to get into pentesting?

YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
Right now I'm working on a+ and s+ then ill move to ccnet/ccna...once I pass the 1st certs in may I'll start applying for jobs but I dont know if I should get a microsoft cert? I know its going to be 1-5 years before I get a pentest job, so what do you think?

Comments

  • ehndeehnde Member Posts: 1,103
    Right now I'm working on a+ and s+ then ill move to ccnet/ccna...once I pass the 1st certs in may I'll start applying for jobs but I dont know if I should get a microsoft cert? I know its going to be 1-5 years before I get a pentest job, so what do you think?

    Have you ever seen a job ad looking for a pen tester? Chances are you should be aiming for a security analyst job or something like that - and pen testing may be part of your job.
    Climb a mountain, tell no one.
  • kriscamaro68kriscamaro68 Member Posts: 1,186 ■■■■■■■□□□
    Right now I'm working on a+ and s+ then ill move to ccnet/ccna...once I pass the 1st certs in may I'll start applying for jobs but I dont know if I should get a microsoft cert? I know its going to be 1-5 years before I get a pentest job, so what do you think?

    You don't need to get the cert per se' but you need to know the technology. How can you hack what you don't know. You may be able to get around the network but what happens when you need to hack the Windows box and you don't know anything about the inner workings of any Windows OS. I would say if you want to be a good pentester you either need to specialize in 1 area and, work with a team where each member specializes in other areas. Or, know a lot about Windows OS, Linux, Cisco IOS, Firewalls, IPS, IDS, and all that good stuff so you work alone.
  • it_consultantit_consultant Member Posts: 1,903
    Pen testing is really something you need to have intimate knowledge of networks and operating systems for. I am not talking about being able to program for wireshark, you need to know how systems are commonly implemented to be able to figure out the easiest and most effective attack vectors. I am not sure that a certification is necessary for this, it boils down to experience. Go to a computer, look under the keyboard, find password. Chat up a coworker, learn husband, kids, pets, name, learn password.

    Have you ever had to crack an admin password someone changed? How about an excel spreadsheet? You can forget about burrowing through firewalls or doing man in the middle attacks.

    You probably need at least 7 years of actual IT experience before you would be able to pen test, unless someone is willing to apprentice you.
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Thanks for all the replies, I know the biggest thing is getting experience, which is probably the hardest part.
Sign In or Register to comment.