DoD DCWF - Vulnerability Assessment Analyst

MCSI Certification

MVAA - Certified Vulnerability Assessment Analyst

The Vulnerability Assessment Analyst course is meticulously designed to equip participants with the expertise needed to proficiently identify, assess, and mitigate vulnerabilities across computer systems, networks, and applications.

Through a blend of theoretical concepts, hands-on exercises, and real-world scenarios, participants will develop a deep understanding of vulnerability assessment methodologies, security principles, and best practices, ensuring they are well-prepared to navigate the complexities of modern cybersecurity landscapes.

Additionally, through rigorous exercises and real-world simulations, participants will cultivate critical thinking and analytical skills, enabling them to anticipate potential cybersecurity threats and proactively devise strategic solutions. By analyzing complex scenarios and evaluating diverse risk factors, participants will gain the ability to think ahead, identifying vulnerabilities before they escalate into significant security breaches.

The Vulnerability Assessment Analyst course serves as a cornerstone in equipping cybersecurity professionals to navigate the complex terrain of contemporary threats, with readiness and expertise.

Intermediate Level MCSI Certification Intermediate
ic-certificate Certification
ic-clock 600+ hours
ic-money $1295
No Expiry, No Renewals

Course Overview

The Vulnerability Assessment Analyst course aims to equip participants with the skills required to adeptly identify, assess, and mitigate vulnerabilities across computer systems, networks, and applications.

Engaging in immersive practical lab sessions, students will delve into hands-on activities aimed at analyzing security architectures, evaluating security controls, and implementing defense-in-depth strategies to safeguard critical assets and data.

Participants will develop advanced proficiency in penetration testing, vulnerability assessment, and compliance auditing of web applications, software applications, hosts, and networks.

Additionally, they will master the art of drafting comprehensive, industry-standard reports that effectively communicate findings, recommendations, and remediation strategies to stakeholders.

Upon completion of the Vulnerability Assessment Analyst course, participants will be equipped with a diverse skill set enabling them to:

  • Develop the ability to define project scope and perform effective assessment activities within specified timeframes.
  • Utilize standard automated tools for vulnerability assessment to identify and mitigate security risks.
  • Identify and address security vulnerabilities on Windows and Linux systems through comprehensive assessments.
  • Conduct network vulnerability assessments to secure organizational networks from potential cyber threats.
  • Assess web applications for vulnerabilities using best practices in security testing and remediation.
  • Analyze vulnerability assessment outcomes to prioritize risk management efforts and implement corrective measures.
  • Utilize sophisticated scanning technologies and develop checklists for continuous system, network, and application security monitoring.

Knowledge, Skills and Abilities You Will Acquire

MCSI is one of the most respected and trusted names in cyber security education and training. Our certifications teach critical skills, knowledge and abilities needed to advance a career in cyber security. Our courses are comprehensive and up-to-date, and our instructors are experienced professionals who are dedicated to helping students learn. MCSI provides the real-world skills and knowledge you need to protect any organization from cyber threats.

  • Lab Setup and Virtualization
  • Automated Vulnerability Scanning

    Automated vulnerability scanning is essential for vulnerability assessment analysts because it enables efficient and comprehensive identification of security weaknesses across systems, networks, and applications. This approach saves time and resources by automating repetitive tasks, allowing analysts to focus on analyzing and addressing critical vulnerabilities promptly.


    OpenVAS is essential for MVAA professionals as it automates vulnerability scanning, allowing for comprehensive audits of networks and applications. It enables analysts to identify and prioritize vulnerabilities efficiently, supporting robust remediation efforts.


    OWASP ZAP (Zed Attack Proxy) plays a critical role in web application security testing for MVAA analysts. It automates vulnerability detection in web applications, enabling thorough security assessments and enhancing the overall security posture of applications.


    W4AF (Web Application Attack and Audit Framework) is a valuable tool for MVAA professionals, providing a framework to assess and exploit vulnerabilities in web applications. It supports automated scanning and manual testing, enhancing the accuracy and depth of vulnerability assessments.

    Nmap Scripting Engine

    The Nmap Scripting Engine (NSE) is indispensable for MVAA analysts due to its automation capabilities in vulnerability detection and exploitation. It empowers analysts to customize and extend Nmap's capabilities, enabling targeted assessments tailored to specific security requirements.

  • Network Reconnaissance

    Network reconnaissance is crucial for cybersecurity professionals, including Vulnerability Assessment Analysts (MVAA), because it enables them to gather critical information about target networks, systems, and applications.

    By conducting network reconnaissance, analysts can identify potential vulnerabilities, map network architectures, and understand the security posture of an organization. This knowledge is essential for developing effective vulnerability assessment strategies and implementing robust security measures to safeguard against cyber threats. Additionally, network reconnaissance helps analysts assess the attack surface and prioritize security efforts, ensuring comprehensive protection against potential threats.


    Theharvester is a powerful tool used by Vulnerability Assessment Analysts (MVAA) to gather information about email addresses, subdomains, virtual hosts, and open ports. This information is essential for conducting reconnaissance and identifying potential attack vectors.


    Fierce is another tool employed by MVAA for DNS enumeration, assisting in the discovery of non-contiguous IP space, particularly for identifying target subdomains. This information aids in mapping the network infrastructure and identifying potential vulnerabilities.


    Shodan.IO is a search engine that allows MVAA to explore and discover devices connected to the internet. This tool provides insights into exposed services, including those with potential security risks, aiding in vulnerability assessment and risk management.

    Passively Mapping and Enumerating Subdomains

    Passively mapping and enumerating subdomains is a critical activity for MVAA, involving methods to identify and map subdomains without directly interacting with the target organization's systems. This passive reconnaissance approach provides valuable insights into the attack surface and potential vulnerabilities.

  • System Exploitation and Penetration Testing

    System Exploitation and penetration testing are crucial for Vulnerability Assessment Analysts (MVAA) because they simulate real-world attack scenarios to identify and validate vulnerabilities. By conducting these tests, MVAA can assess the actual impact of vulnerabilities and provide actionable recommendations for remediation, enhancing overall cybersecurity posture and mitigating potential risks.

    Writing PowerShell Scripts to Detect Windows Vulnerabilities

    Writing PowerShell scripts to detect Windows vulnerabilities is crucial for MVAA, allowing for automated scanning and identification of security weaknesses within Windows environments. This automation enhances efficiency and accuracy in vulnerability assessment processes.

    Exploiting Numerous Linux Vulnerabilities (Privilege Escalation, etc.)

    Exploiting numerous Linux vulnerabilities, including privilege escalation, is important for MVAA to gain insights into common security weaknesses in Linux systems. This knowledge helps in effectively assessing and mitigating vulnerabilities across diverse environments.

    Exploiting Systems Using Metasploit (such as Pivoting, SMB, etc.)

    Exploiting systems using Metasploit, including techniques like pivoting and SMB exploitation, is essential for MVAA to simulate realistic attack scenarios and evaluate defensive measures. This hands-on experience enhances the ability to identify and remediate critical vulnerabilities.

    Exploiting Stack Overflow Exploits

    Exploiting stack overflow exploits is important for MVAA to understand memory vulnerabilities and how attackers can leverage them to gain unauthorized access. This knowledge aids in developing effective countermeasures and securing systems against such attacks.

    Bypassing DEP Protection on Windows

    Bypassing DEP (Data Execution Prevention) protection on Windows systems is relevant for MVAA to assess and address memory protection mechanisms that can be circumvented by sophisticated attacks. Understanding these techniques strengthens the ability to defend against advanced threats.

  • Web Exploitation and Penetration Testing

    Web exploitation and penetration testing are crucial for MVAA to assess the security of web applications, identifying vulnerabilities that could be exploited by attackers. By conducting these tests, MVAA can proactively address weaknesses in web systems, preventing potential cyber threats and securing critical assets.

    Exploiting Web Applications via File Uploads

    Exploiting web applications through file uploads is essential for MVAA, allowing identification and remediation of vulnerabilities related to insecure file handling and validation.

    Exploiting Web Applications via Local/Remote File Inclusion

    Exploiting web applications via local or remote file inclusion techniques is critical for MVAA to assess and mitigate vulnerabilities related to improper input validation and access control mechanisms.

    Exploiting Web Applications via Command Injection

    Command injection exploitation is important for MVAA to identify and address vulnerabilities that allow malicious commands to be executed on web servers through user input.

    Exploiting Web Applications via Advanced SQL Injection

    Advanced SQL injection exploitation is crucial for MVAA to uncover vulnerabilities in database-driven web applications, allowing unauthorized access to sensitive data.

    Exploiting Web Applications via Server-Side Template Injection

    Server-side template injection exploitation is essential for MVAA to identify vulnerabilities in web applications that use server-side templating engines, potentially leading to remote code execution.

    Exploiting Web Applications via XPath Injection

    XPath injection exploitation is important for MVAA to assess vulnerabilities in web applications that use XPath queries, allowing attackers to manipulate XML-based data.

    Bypassing Web Application Protections

    Bypassing web application protections is critical for MVAA to understand the effectiveness of security controls and to identify weaknesses that could be exploited by attackers.

  • Phishing and Spear-Phishing

    Phishing and spear-phishing are crucial for MVAA because they simulate real-world social engineering attacks, helping analysts assess human vulnerabilities and the effectiveness of security awareness training. By executing controlled campaigns, analysts can identify weaknesses in organizational defenses and improve overall security posture against targeted cyber threats.

    Performing Reconnaissance on a Target

    Performing reconnaissance on a target is essential for MVAA analysts to gather information about potential vulnerabilities, attack surfaces, and system configurations before conducting assessments.

    Creating a Decoy Phishing Website

    Creating a decoy phishing website is an important technique for MVAA analysts to simulate phishing attacks, assess user behaviors, and evaluate the effectiveness of security controls.

    Creating Evasive Payloads

    Developing evasive payloads is critical for MVAA analysts to test security defenses and assess the ability of systems to detect and prevent malicious payloads.

    Bypassing Mark of the Web

    Bypassing Mark of the Web is important for MVAA analysts to evade browser security features and test web-based vulnerabilities effectively.

    Using HTML Smuggling

    HTML smuggling is a valuable technique for MVAA analysts to evade detection mechanisms and assess web application security controls comprehensively.

    Creating Convincing Email Templates

    Crafting convincing email templates is essential for MVAA analysts to simulate phishing attacks and evaluate user awareness and response to email-based threats.

    Utilizing GoPhish

    Using GoPhish is a powerful tool for MVAA analysts to orchestrate phishing campaigns and assess user behavior, thereby improving organizational security awareness and defenses.

  • Documentation & Procedures

    Documentation and procedures are crucial for MVAA analysts to maintain clear records of vulnerabilities, assessments, and remediation strategies, ensuring accountability and facilitating knowledge transfer within the organization. Standardized documentation also supports compliance efforts and enables efficient collaboration among security teams, enhancing overall cybersecurity posture.

    Creating Windows Privilege Escalation Checklist

    Developing a Windows Privilege Escalation Checklist is essential for MVAA analysts to systematically identify and mitigate vulnerabilities related to escalating privileges on Windows systems, ensuring comprehensive security assessments.

    Creating Web Application Penetration Testing Checklist

    Establishing a Web Application Penetration Testing Checklist allows MVAA analysts to methodically assess and address security weaknesses in web applications, improving overall application security and resilience against cyber threats.

    Creating Network Penetration Testing Checklist

    Developing a Network Penetration Testing Checklist enables MVAA analysts to conduct thorough assessments of network infrastructure, identifying vulnerabilities and enhancing network security measures.

    Creating Linux Privilege Escalation Checklist

    Crafting a Linux Privilege Escalation Checklist is essential for MVAA analysts to detect and address vulnerabilities related to privilege escalation on Linux systems, ensuring robust security posture across diverse platforms.

    Creating Penetration Testing Report

    Generating a comprehensive Penetration Testing Report is crucial for MVAA analysts to document findings, recommendations, and remediation strategies, facilitating informed decision-making and enhancing overall cybersecurity resilience.

DoD Cyber Workforce Framework KSATs

This course teaches the specific Knowledge, Skills, Abilities, and Tasks (KSATs) aligned with the DoD Cyber Workforce Framework (DCWF) as outlined in DoD 8140. By focusing on these critical competencies, the course ensures that you develop the essential capabilities required for various cybersecurity roles within the Department of Defense. This alignment not only guarantees that the training is relevant and comprehensive but also that it prepares you to meet the specific operational needs and standards of the DoD cyber workforce.

  • knowledge
    ID Description
    10 Knowledge of application vulnerabilities.
    22 Knowledge of computer networking concepts and protocols, and network security methodologies.
    92 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
    105 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
    108 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
    150 Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
    1072 Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
    1158 Knowledge of cybersecurity principles.
    1159 Knowledge of cyber threats and vulnerabilities.
    6900 Knowledge of specific operational impacts of cybersecurity lapses.
    6935 Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
    6938 Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.
    27 Knowledge of cryptography and cryptographic key management concepts.
    29 Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
    49 Knowledge of host/network access control mechanisms (e.g., access control list).
    63 Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
    79 Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).
    81A Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
    95B Knowledge of penetration testing principles, tools, and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).
    102 Knowledge of programming language structures and logic.
    128 Knowledge of systems diagnostic tools and fault identification techniques.
    214B Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
    801B Knowledge of threat and risk assessment.
    904 Knowledge of interpreted and compiled computer languages.
    991 Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
    992C Knowledge of threat environments (e.g., first generation threat actors, threat activities).
    992B Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
    1033 Knowledge of basic system administration, network, and operating system hardening techniques.
    1038A Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.
    1069 Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
    1141A Knowledge of an organization’s information classification program and procedures for information compromise.
    1142 Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
    3150 Knowledge of ethical hacking principles and techniques.
    3222 Knowledge of data backup and restoration concepts.
    3513 Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.
    6210 Knowledge of cloud service models and possible limitations for an incident response.
  • skills
    ID Description
    10A Skill in conducting application vulnerability assessments.
    3B Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.
    27B Skill in assessing the application of cryptographic standards.
    160 Skill in assessing the robustness of security systems and designs.
    181A Skill in detecting host and network based intrusions via intrusion detection technologies.
    210 Skill in mimicking threat behaviors.
    225A Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).
    226 Skill in the use of social engineering techniques.
    897A Skill in performing impact/risk assessments.
    922B Skill in using network analysis tools, including specialized tools for non-traditional systems and networks (e.g., control systems), to identify vulnerabilities.​
    6660 Skill in reviewing logs to identify evidence of past intrusions.
  • abilities
    ID Description
    4 Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
    102A Ability to apply programming language structures (e.g., source code review) and logic.
    6918 Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
  • tasks
    ID Description
    692 Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
    784 Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
    411A Analyze organization’s cybersecurity policies and configurations and evaluate compliance with regulations and organizational directives.
    448 Conduct and/or support authorized penetration testing on enterprise network assets.
    685A Maintain deployable cybersecurity audit toolkit (e.g., specialized cyber defense software and hardware) to support cybersecurity audit missions.
    939 Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
    940B Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, control system and operational environments, enclave boundary, supporting infrastructure, and applications).
    941A Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Career Outcomes

Our Vulnerability Assessment Analyst course provides comprehensive training in identifying and mitigating security vulnerabilities. Through practical exercises, you will learn to conduct thorough vulnerability assessments, perform risk analyses, and prepare detailed audit reports. Gain hands-on experience with industry-standard tools and techniques for vulnerability scanning and penetration testing. By the end of the course, you will be equipped to protect your organization's IT infrastructure by effectively identifying and addressing security vulnerabilities.

Certification Detail

MCSI certifications are highly respected and sought-after credentials in the industry. Earning an MCSI certification is a testament to your knowledge and skillset, and demonstrates your commitment to excellence. The content is cutting-edge, uniquely-designed, and hands-on. Our exercises teach in-demand skills that are immediately applicable in the field.

The certifications are valid indefinitely and do not require any renewal fees. The training is accessible without any time limits.


Training Modules

This course provides you with multiple training modules, each of which is designed to teach you practical skills that can help you solve important cyber problems. Each module offers exercises that will help you build your skills and capabilities.

  • MVAA-001: Lab setup - 5 exercises
  • MVAA-101: Automated Scanning for Vulnerabilities - 3 exercises
  • MVAA-102: Windows Vulnerability Enumeration - 5 exercises
  • MVAA-103: Vulnerability Assessment and Exploitation on Linux - 8 exercises
  • MVAA-104: Network Reconnaissance - 5 exercises
  • MVAA-105: Detecting vulnerabilities Using NMAP - 15 exercises
  • MVAA-106: Using Metasploit - 13 exercises
  • MVAA-107: Memory Corruption Vulnerabilities - 7 exercises
  • MVAA-201: Understanding Web Application Vulnerabilities - 26 exercises
  • MVAA-202: Command Execution Vulnerabilities in Web Applications - 6 exercises
  • MVAA-203: Code Injection Vulnerabilities in Web Applications - 4 exercises
  • MVAA-204: Advanced SQL Injection Vulnerabilities in Web Applications - 4 exercises
  • MVAA-205: Bypass Improper Protections in Web Applications - 3 exercises
  • MVAA-301: Phishing and Spear-Phishing: Researching the target - 16 exercises
  • MVAA-302: Phishing and Spear-Phishing: Setting up the Infrastructure - 12 exercises
  • MVAA-303: Phishing and Spear-Phishing: Payload Generation - 9 exercises
  • MVAA-304: Phishing and Spear-Phishing: Payload Delivery - 6 exercises
  • MVAA-305: Phishing and Spear-Phishing: Setting up the Campaign - 8 exercises
  • MVAA-401: Documentation and Procedures - 5 exercises
  • MVAA-402: Developing Custom Tools - 5 exercises


Cyber professionals must be ready for everything. The typical security training strategy, which focuses on individual skills and tools, is insufficient. You must be able to operate as part of a team, see the big picture, and respond swiftly and effectively to unforeseen circumstances. That's why, as part of our training, we use replays of whole cyber missions. Our scenarios help you prepare for the demands of the job and give you confidence in your ability to work professionally.

  • MVAA-SC-01: Secure Code Reviews - 4 exercises
  • MVAA-SC-02: Penetration Testing Challenges - 4 exercises
  • MVAA-SC-03: Operation Mission Impossible - 9 exercises
  • MVAA-SC-04: Operation Industrial Delta - 10 exercises

Enroll now with lifetime access for $1295


MCSI Industry Certifications are important for you to earn because they signify that you have the skills required to work in a cybersecurity. Certificates of Completion are also important to earn because they signify that you have completed an exercise. Earning Certificates of Completion and Industry Certifications demonstrates that you are willing to put in the extra work to be successful.




Obtain CPE points by solving exercises


Achieve multiple certifications


Receive help from instructors online

This certification is aligned with the DoD Cyber Workforce Framework (DoD 8140), ensuring you receive training that meets the standards and competencies required for cybersecurity roles within the Department of Defense. This alignment guarantees that you gain relevant, up-to-date skills and knowledge tailored to the specific needs of the DoD cyber workforce, effectively preparing you to support and secure defense operations.

Certificate Level Curriculum Completion Requirement Scenarios Completion Requirement
MCSI Vulnerability Assessment Analyst (Basic) Level 1 50% 0%
MCSI Vulnerability Assessment Analyst (Intermediate) Level 2 75% 50%
MCSI Vulnerability Assessment Analyst (Advanced) Level 3 95% 100%

Sample Exercises

Below are three (3) exercises from the 100+ exercises available in MCDFA - Certified Cyber Defence Forensics Analyst:

Perform DNS Scans Using Fierce


Exploit An Unrestricted File Upload Vulnerability


Read /Etc/Passwd Using A SQL Injection Vulnerability


Our Instructors

Student exercises are reviewed and graded by multiple instructors. This one-of-a-kind approach allows you to get highly personalized input from a number of successful professionals.

MCSI's teachers bring real-world experience and knowledge to the classroom, ensuring that students have the skills they need to excel in the field of information security. Due to their extensive experience in penetration testing, vulnerability assessment, reverse engineering, incident response, digital forensics, and exploit development, students will understand the most up-to-date defensive and offensive cybersecurity strategies and procedures.

Our instructors are passionate about information security and are always looking to further their own knowledge. Students who attend an MCSI course can be confident that they are learning from some of the best in the business. They can adapt their teaching approaches to match the demands of any student, regardless of their degree of expertise.

The MCSI team strives to provide the most comprehensive and up-to-date cybersecurity training available. Whether you are a seasoned security professional or new to the field, MCSI has a course that will meet your needs.

Receive personalized feedback from cybersecurity experts:

  • Overcome challenges and hurdles preventing you from advancing your skills
  • Receive guidance on how to focus your training efforts and avoid wasting time
  • Learn how to meet the industry's quality standards and produce high-quality work
  • When you're stuck, go to a support forum or ask inquiries to the instructors right on the platform

Help and Support

24/7 Discord Community

If you're looking for additional support during your studies, consider joining our Discord server. Our community of fellow students and instructors is always available to provide help and answer any questions you may have.

Personalized Support

Your submissions will be reviewed by MCSI instructors, who will provide you with personalized feedback. This input is critical since it can assist you in identifying the areas where you need to enhance your skills. The instructor's feedback will also tell you how well you did an exercise and what you can do to improve your performance even further.

Click here to see an example of personalized feedback.

Our personalized support will take your skills to the next level. Read what a student says about it:

Quick Questions

If you have any questions or need clarification on any of the exercises, MCSI offers a Quick Questions section on each exercise where you can ask for help. This is a great resource to use if you need assistance. This feature is only available for paid courses.

Actively Maintained Course

This course is actively maintained to ensure that it is current and error-free. We want to ensure that you have the best possible experience while taking this course, which includes having access to accurate and current information. This course is also tested for flaws on a regular basis, so you can be sure you're getting a high-quality product.

This course is constantly updated with the support of trustworthy industry peers to ensure that students are acquiring the most up-to-date information and skills. This dedication to staying ahead of the curve is what distinguishes this course as one of the greatest in the market.


Training Laptop Requirement

This course can be completed on a standard training laptop. To ensure you have the necessary hardware to complete the course, your machine should meet the following specifications:

  • 64-bit Intel i5/i7 2.0+ GHz processor or equivalent
  • 8GB of RAM
  • Ability to run at least (1) virtual machine using Virtual Box, or an equivalent virtualization software
  • Windows 10 or later, macOS 10 or later, or Linux
  • Local administrator privileges
Do you support older operating systems?

Yes. Many of the exercises can be completed on older OS versions. A few of our students are successfully using older equipment to learn cyber security.

Proficiency in the English language

You must have the ability to comfortably read and understand IT documentation written in English. Ideally, they have an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for this course without having undertaken an English test.

Lab Environment

This course teaches you how to setup and configure your own cybersecurity lab.

There are numerous advantages to creating your own cybersecurity lab rather than paying for one. The cost savings are perhaps the most evident benefit. When compared to the expense of licensing a pre-built lab, creating your own lab can save you thousands of dollars. You also have the option of customizing the lab environment to meet your specific requirements. You can, for example, select the hardware and software that will be used in your lab.

Another advantage of setting up your own cybersecurity lab is that it allows you to learn new skills. Building a lab from the ground up necessitates knowledge of networking, system administration, and other technical subjects. This experience is invaluable in your career as a cybersecurity professional.

We frequently see students who can complete a task in a pre-built lab but cannot complete the same task at work. This is because these labs are meant to lessen work complexity, thereby creating an illusion of personal capabilities. It's also worth noting that you'll be expected to set up your own lab to test tools and techniques in the workplace. Employers may give you the resources to set up virtual computers and networks, but it will be up to you to manage the lab environment and maintain your tools.

Finally, you should know that pre-built labs are not commonly licensed by top cybersecurity professionals. They've realized that setting up a lab is simple, efficient, adaptable, cost-effective, and that it sparks creativity. It also nullifies risk of performing unauthorized actions against systems provisioned by a third-party.

Aptitude Test (Optional)

This is an intermediate course. It includes exercises for novices but assumes that they have competent IT skills and a strong understanding of cybersecurity concepts.

Aptitude Test:

If you're not sure if you'll be able to fully enjoy this course, then contact us via email to organize a free aptitude test. This test will determine whether you meet the course's basic baseline criteria. If you've never studied with us before, it will also introduce you to the MCSI Method™.

Why MCSI's Vulnerability Assessment Analyst Certification is World Class

why MCSI

Comprehensive Vulnerability Assessment Training

The MVAA certification equips participants with rigorous training in vulnerability identification, assessment methodologies, and mitigation strategies, preparing them for real-world cybersecurity challenges.

why MCSI

Specialized Focus on Security Assessments

MVAA-certified analysts gain in-depth knowledge of penetration testing, compliance auditing, and security assessments across web applications, software, hosts, and networks, enabling them to conduct thorough evaluations and vulnerability assessments.

why MCSI

Proficiency in Report Drafting and Communication

The MVAA certification emphasizes the development of industry-standard reports that effectively communicate findings, recommendations, and remediation strategies to stakeholders, ensuring clarity and actionable insights from vulnerability assessments.

Enrollment and Fees


Terms and Conditions

  • No discounts
  • No refunds
  • No transfers
  • No renewal fees
  • No hidden fees
  • No time limits
  • Exercises must be completed on MCSI's Online Learning Platform
  • You'll also be charged GST if you live in Australia

Cooling-Off Policy

Received a full refund if you changed your mind about a purchase within 24 hours. No questions asked. Read the full details here.

Don't Buy This Course

Don't buy this course if you think learning cyber security is simple, that it will only take a few hours, that remembering a few concepts from videos and books would be enough, or, that you should be provided with walkthroughs and solutions to practical problems instead of thinking critically for yourself.

Our competitors are misleading you by claiming that their video courses and open-book theoretical certificates will teach you everything you need to know about cyber security. We recommend that you stay away from our courses until you've realized that cybersecurity requires hundreds of hours of training against difficult challenges under the watchful eye of experts encouraging you to improve your weaknesses. Only then will you understand the value of this course and the benefits that the MCSI Method™ can bring to your career. We only want satisfied customers.

When purchasing a course, you acknowledge that you understand and agree with our 100% practical MCSI Method™: no solutions, no walkthroughs, and you're expected to use critical thinking and research to solve the exercises. If you're not sure how this work, try our free version before buying.

How does MCSI Compare?

If you are looking for a certification that will give you an edge in the job market, look no further than MCSI certifications. Thanks to our innovative approach, cybersecurity training is more affordable and effective than traditional methods.

Our pricing is more affordable than our competitors because we have reinvented how cyber training is done online. Our innovative Online Learning Platform is highly effective at teaching cyber security. The platform provides a more engaging and interactive learning experience than traditional methods, which helps students learn and retain skills better. Try the free version and see for yourself.

Enroll now with lifetime access for $1295

Bloom's Taxonomy

Bloom's Taxonomy is a system for categorizing distinct stages of intellectual growth. It is used in education to assist students comprehend and learn material more effectively. MCSI teaches students how to apply, analyze, evaluate, and create at the highest levels of the taxonomy. The majority of our competitors are simply concerned with getting you to remember concepts.

The intellectual developments outlined in Bloom's Taxonomy are directly tied to your capacity to advance in your cyber security career. Employers look for people who can solve challenges that are worth paying for. With us, you'll learn practical skills that are in demand and applicable to a wide range of cyber occupations.

Industry Recognized Skills

MCSI credentials are well-respected around the world, and organisations searching for people with real cyber security abilities seek them out. Obtaining an MCSI certification verifies your understanding of critical cyber security topics as well as your ability to provide real-world results.

The ability of MCSI's training programme to give students with real-world, hands-on experience is unrivalled. Students must conduct their own research and develop their own answers in order to complete our practical exercises, which are meant to give them the skills they need to be successful in the field.

With MCSI, you will build a comprehensive cybersecurity portfolio of your skills as you complete exercises. This portfolio is a powerful tool for displaying your cybersecurity knowledge and abilities. A portfolio, as opposed to typical resumes and paper-based credentials, presents a more thorough summary of your skills and accomplishments.

Students Feedback

Here's what students say about the MCSI Method™ and our Online Learning Platform:

Student Testimonials

Frequently Asked Questions

What is the MCSI Method™?

Common Questions

  • Are solutions included in certifications and bundles?
    • No. Our method of teaching cyber security consists of challenging you with real-world problem statements that you're expected to research and solve by doing your own research. This is how you'll be expected to work in the field. When you fail an exercise, we provide you with constructive feedback to improve and try again.
  • Do bundles, training content, or certificates ever expire? Am I expected to buy again in the future?
    • Upon purchase, bundles and certificates are permanently unlocked with no recurring or ongoing fees.
  • Do I need to buy the training and the certification separately?
    • No. The price provided covers both. You only pay once.
  • Do you offer any special offers and discounts?
    • We understand that many of our customers may be looking for discounts, and we would love to be able to offer them. However, we do not provide discounts because we believe that our prices are fair and reasonable. We work hard to keep our prices low, and we feel that discounts would be unfair to our other customers. We hope you understand.
  • If I can't solve the exercise where do I go for help?
  • Who reviews and marks exercises?
    • Trained cyber security instructors that work for Mossé Cyber Security Institute.
    • MCSI instructors are highly qualified and experienced professionals who are able to teach a variety of topics related to information security. They have the ability to tailor their teaching methods to meet the needs of each student, regardless of their experience level. In addition, they are always up-to-date on the latest trends and developments in information security, which enables them to provide students with the most relevant and current information.
  • We can't pay via credit card. Can you raise an invoice for wire payment instead?
    • Yes. Send us the list of bundles and certifications you want to purchase at [email protected]
  • Can I access a trial/demo the certification programmes prior to enrolling?
    • We provide a free curriculum with 100+ hours practical exercises you can try.
    • The Free Curriculum teaches Security Tools, Penetration Testing, Red Teaming, Threat Hunting, Cyber Defence, GRC and Windows Internals.
    • Try the Free Curriculum
  • Do you provide Continuing Professional Education (CPE) credits?
    • Yes. Every single exercise offers CPE credits. The number of credits earned depends on the difficulty of the exercise completed. Below are the CPE Credits achieve for an exercise in each difficulty:
    • Novice exercises = 1 CPE credits
    • Advanced Beginner exercises = 2 CPE credits
    • Competent exercises = 5 CPE credits
  • Do I need to complete an exam to receive MCSI Certification?
    • No. MCSI Certifications are completed by solving practical cybersecurity exercises.
  • Do I need to purchase cybersecurity tools or subscriptions?
    • No. Only free or trial versions are used in our exercises. You do not require making any purchases.

More Kind Words from Students

Enroll now with lifetime access for $1295


We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to learn hands-on cyber security skills online?

Try 100 hours for free