Is the CASP+ Worth It?
The need for qualified cybersecurity personnel is well-documented and only increasing. Although this requirement is present at all levels, it is certainly highlighted at the most advanced levels of security architecture and engineering. Because of the increased specialization inherent within security architect & engineer positions, there are four top-level cybersecurity certifications to be aware of:
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- CompTIA Advanced Security Practitioner (CASP+)
The CISSP is inarguably the most well-recognized and highly valued (at least in terms of average salary) security certification in the world. IT professionals who hold a CISSP are generally more focused on management than acting as a technician, and the exam makeup reflects this.
The CCSP puts its focus precisely where its title says: cloud security. This is the premier specialization certification for anyone who wants to exclusively, or even primarily, focus on security within a cloud environment.
The CSSLP is similar to the CCSP in its specialized nature, but the CSSLP targets software architects and engineers. It is a valuable certification, but outside of the narrowly focused software field, this isn't typically a cert you'll see many professionals pursuing.
What is the CASP+?
Then there’s the CASP+, a vendor- and technology-neutral certification that focuses on hands-on technical work at the highest levels. While many security pros eventually move into a management track, just as many prefer to keep "turning wrenches" throughout their career. If that's you, then the CASP+ is the ideal certification.
What Does the CASP+ test?
CompTIA's CASP+ validates advanced-level competency in risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security. The content is divided into five targeted domains:
- Enterprise security domain expanded to include operations and architecture concepts, techniques, and requirements.
- Analyzing risk through interpreting trend data and anticipating cyberdefense needs to meet business goals.
- Security control topics to include mobile and small-form-factor devices, as well as software vulnerability.
- Integrating cloud and virtualization technologies into a secure enterprise architecture.
- Implementing cryptographic techniques, such as blockchain, cryptocurrency, and mobile device encryption.
Passing the CASP+ exam validates that you have the knowledge and skills necessary to conceptualize, engineer, integrate, and implement a complex security architecture at an enterprise level. This architecture can involve multiple technologies, operating systems, and platforms.
How Much Does the CASP+ Cost?
The exam voucher can be purchased in several ways. If you're confident that you'll pass on the first try and all you need is to sit for the exam without any preparation, it will cost you $466. However, if you're interested in a backup voucher and practice labs, your exam cost could rise to $849.
You should also take note of the continuing education requirement to maintain your CASP+ certification. Over three years, you must acquire a minimum of 75 continuing education units, or CEUs, which will incur a continuing cost. There are several ways to accumulate these, but the most common include earning high-end non-CompTIA certifications or attending various courses and training events. The goal here is to embrace the dynamic nature of a top-tier cybersecurity professional. In this role, you are "the" guy and must maintain a continuing awareness of security trends and emerging threats.
The CASP+ exam consists of 80 to 90 questions that are both multiple-choice and performance-based. You’ll have 165 minutes to complete the test, and results are given on a pass/fail basis only—you will not receive a grade.
What Experience Do You Need for the CASP+?
CompTIA does not list any specific certifications as prerequisites to sit for the CASP+, although you will certainly have earned a few by this point in your career. The certifying organization highly recommends that you have a minimum of 10 years of experience within an IT administration role, with at least five of those consisting of technical cybersecurity experience in a hands-on capacity.
Who Should Take the CASP+?
While the CASP+ is a great option for any career cybersecurity professional who enjoys a technician role, it is ideally suited for positions at the peak of security performance.
CASP+ for Security Architects
System architects and network architects often specialize in the design role without engaging in much hands-on programming, implementation, and troubleshooting on a daily basis. Security, of course, is an entirely different animal. CompTIA designed the CASP+ certification with several specific positions in mind, including a security architect.
While you can certainly design effective security architecture without being a technician, jobs that list the CASP+ certification as a requirement or preferred accreditation typically need a well-rounded professional. Earning the CASP+ validates that you have the full-spectrum skill set required.
CASP+ for Security Engineers
IT engineers often find themselves in the unique position of having the deepest working knowledge of how a system or network is actually designed to work. They take the plans an architect draws up and give them life, then ensure they're in working order for administrators to oversee from day to day. However, security engineers are usually required to expand their skill applications both above and below this generic description.
As a CASP+ certification holder, you'll be able to demonstrate to employers that you're fully capable of designing a secure system just as an architect would. Employers will also know that you can get down in the weeds to troubleshoot lower-level issues like an administrator can, understanding what those seemingly minor problems could mean for the larger architecture. There is arguably no more perfectly suited role for a CASP+ certification than a security engineer.
CASP+ for Application Security Engineers
In our increasingly integrated world, mobile devices and fixed assets interact continuously and are expected to assimilate seamlessly. However, app security is a very different animal from traditional system and network security, requiring a targeted focus and unique skill set.
A CASP+ certification doesn't lock you down to traditional networks, servers, and PCs. CompTIA specifically designed the CASP+ to certify top-level talent in numerous domains, including app security. Having a CASP+ on your resume as an application security engineer signifies that you can merge multiple tech resources into a unified system that’s well protected from both internal and external threats.
Is the CASP+ Worth It?
The short answer is yes. If you’re a cybersecurity professional who wants to be instantly identified for your knowledge and technical prowess, having a CASP+ certification will undoubtedly communicate that.
If you’re considering sitting for this cert, you’re likely very far along in your career and might be weighing some critical choices about your future. These could include whether to continue in a broad technical role, specialize in a particular technology (e.g., the cloud or software security), or pursue a managerial track. Depending on those factors, the CISSP, CCSP, or CSSLP might be the perfect certification.
Regardless, having a CASP+ will only add depth to each career choice, making it the ideal accreditation to pursue if you’re at a career crossroads.
Using the CASP+ to learn skills
CompTIA specifically advertises that you'll learn these skills while preparing to sit for the CASP+ exam:
- Risk Management. Analyze security risks and frameworks that come along with specific industry threats and organizational requirements and execute risk mitigation strategies.
- Enterprise Security Architecture. Integrate network and security components and implement security controls for host, mobile and small form factor devices.
- Enterprise Security Operations. Implement incident response and recovery procedures and conduct security assessments using appropriate tools.
- Technical Integration of Enterprise Security. Integrate hosts, storage, networks, and applications into a secure enterprise architecture using on-premise, cloud, and virtualization technologies.
- Research, Development, and Collaboration. Apply research methods to determine industry trends and their impact to the enterprise.
Using the CASP+ to validate skills
It is likely a bit of a misstatement to say that you'll learn the above skills during CASP+ exam prep. After ten years of working in IT and five as a security professional, you should have a great deal of knowledge and experience in each of the above areas. While studying for the exam will undoubtedly refresh your memory, tie together certain concepts, and involve some new knowledge in various areas, the real value of the CASP+ isn’t in the skills you’ll learn but rather the skills that you’ll validate.
There's a reason that CASP+ is a top-of-the-line terminal certification in its specialty, and earning one will garner immediate respect — and very likely, a noticeable increase in the salary you can command.