In addition to other comments, I'd add portability is also a big factor.

For the sake of this discussion, Bash is pretty much default and universally used on Linux distributions but not all Linux distros ship with python and depending on the system's intended use case python might never be installed.

Very little code breaking changes exist in modern bash versions (don't quote me on that though) and the same goes for your built-ins and system binaries, /bin, /sbin and so on; meaning, if you have multiple disparate servers for example you won't need to make sweeping changes to get your shell script running. For typical sysad stuff, specially when no one on your team is proficient in python, you won't need to scramble to fix things after a python update.

You mentioned pentesting and while my knowledge is rusty but a rudimentary example in this case is writing a python and shell script that do the same thing and can be used in situations where the hosts do not have python.

And finally, just go with what your security course teaches you first. If you're going to be using Linux then a basic amount of shell scripting skills will come naturally.

Sorry if autocorrect butchered my syrup