Cybersecurity attacks at the enterprise level have become more prevalent than ever, and the increasing sophistication of such attacks makes it a top priority for employers to attract individuals who are trained and certified in advanced IT security. CompTIA’s CompTIA Advanced Security Practitioner (CASP) certification meets the demand for high-level IT security skills.
According to many security experts, CASP is a great intermediate step between CompTIA’s Security+ and (ISC)²’s Certified Information Systems Security Professional (CISSP) certification. CASP, although not yet as well recognized as CISSP, does offer solid knowledge and training to prepare candidates for high-level positions in IT security.
CASP is also accredited by both ISO and ANSI, meeting the requirements for Level 3 (IAT-3) workers in information technology for the U.S. Department of Defense (DOD). CASP certification is vendor neutral, and credentialed individuals are skilled in working with a variety of hardware and software, irrespective of the brand, to make them security-savvy and enterprise ready.
As an advanced certification, CASP requires significant IT experience and knowledge. CompTIA recommends that candidates possess their Security+ certification and have at least 10 years of experience working in IT administration, with at least five of those years working with hands-on technical security.
CASP does have global recognition and this, along with its vendor neutral aspects, makes it a great certification choice for candidates planning to move onto the CISSP later in their careers.
Any individual can sit for the CASP exam — there are no prerequisites — but you had better be certain you are prepared. Hence the strong recommendation from CompTIA about Security+ and experience. If you clear the exam, then you are certified to have the knowledge and expertise to configure and troubleshoot security-related problems at the enterprise level.
The exam code for CASP is CAS-002. As per CompTIA’s website, the CASP exam covers “enterprise security, risk management and incident response, research and analysis, integration of computing, communications and business disciplines as well as the technical integration of enterprise components.”
While there is no set percentage for each area that is covered on the exam, it is heavy on enterprise security, risk management and incident response. The exam itself consists of a maximum of 90 multiple-choice and performance-based questions (PBQs).
The PBQs are specifically designed to test a candidate’s ability to problem solve in a simulated environment. Candidates may be asked to complete any number tasks including configuring a router in command line, using encryption tools via command line, implementing rules for a firewall and ACL on live simulated networks and devices, configuring Network storage services, securing VOIP servers, working with digital signatures and a host of other possibilities. (To attempt a sample PBQ, click here.)
If there is one drawback to the exam, it is that there is no scaled score. You either pass or fail. If you fail, and are curious to learn how well you performed, well, unfortunately there’s no way to find out. The exam duration is also a bit arduous at 165 minutes.
Presently the exam is offered only in English and the cost is $414 (U.S.) Fortunately, as with most CompTIA exams, there is a lower price for India of $388 (U.S.), or approximately ₹26,170. Vouchers can be purchased directly from the CompTIA Marketplace.
CASP certification is valid for three years from the date of clearing the exam, after which it will need to be renewed. Once again CompTIA lives up to their motto of “Advancing the Global IT Industry,” by allowing CASP holders to renew the certification by earning continuing education credits (CEUs) by participating in sponsored training and seminars and various other activities.
If a credentialed individual earns 75 CEUs within the three-year validation period, then the certification is automatically renewed for another three years. The CEU method of maintaining the CASP is an excellent way to keep yourself current on the latest developments in the certification.
Clearing the CASP is not a walk in the park. It involves serious study and commitment. One method of preparation is self-study. This enables you to prepare at your own pace and convenience. There are a large number of authorized training partners that offer approved prep materials including books, videos, e-learning and practice tests. CompTIA even helps you select suggested materials for each certification exam.
Some candidates prefer a closer relationship with an instructor to help them prepare. CompTIA has a network of authorized training partners offering in classroom instruction. Many organizations also provide online training and/or class-based training if you prefer. Regardless of the preparation method you choose I recommend that you utilize only CompTIA authorized training materials.
Also, be aware that practical experience is a big portion of the CASP exam. It is important that you have the adequate hands-on experience necessary to clear the PBQ sections. Simply reading about how to identify a security risk within a device, find the source of the attack and deploy the correct solution is entirely different from having taken those steps in real life, or in a simulated environment.
According to industry reports the CASP is gaining popularity faster than any other certification. One of the reasons is the salary — CASP-certified security analysts can expect to earn more than $91,000 (U.S.)
CASP-certified professionals can expect to find plenty of opportunities as security specialists, data and cybersecurity analysts, network security engineers, information security managers, and information architects.
Cybersecurity at all levels of an organization is the need of the day. Currently, there are substantially more security job openings than trained and certified individuals to fill them. If you’ve been working in the security field and have the experience, CASP could be the right validation stamp for your resume. It will enable you to demand higher salaries and find choice opportunities in cybersecurity.