Is the SecurityX (Formerly CASP+) Worth It?

The need for qualified cybersecurity personnel is only increasing. Although this requirement is present at all levels, it is certainly highlighted at the most advanced levels of security architecture and engineering. Because of the increased specialization inherent within security architect & engineer positions, there are four top-level cybersecurity certifications to be aware of:

• Certified Information Systems Security Professional (CISSP)

• Certified Cloud Security Professional (CCSP)

• Certified Secure Software Lifecycle Professional (CSSLP)

• CompTIA SecurityX

The CISSP is widely regarded as the well-recognized and highly valued (at least in terms of average salary) security certification in the world. IT professionals who hold a CISSP are generally more focused on management than acting as a technician, and the exam makeup reflects this.

The CCSP puts its focus precisely where its title says: cloud security. This is the premier specialization certification for anyone who wants to exclusively, or even primarily, focus on security within a cloud environment.

The CSSLP is similar to the CCSP in its specialized nature, but the CSSLP targets software architects and engineers. It is a valuable certification, but outside of the narrowly focused software field, this isn't typically a cert you'll see many professionals pursuing.

But there's also CompTIA's rebranded SecurityX that replaces the CASP+. Here's what you need to know. 

What is CompTIA SecurityX (Previously CASP+)?

The CompTIA SecurityX is a vendor- and technology-neutral certification that focuses on hands-on technical work at the highest levels. While many security pros eventually move into a management track, just as many prefer to keep "turning wrenches" throughout their career. If that's you, then the SecurityX is the ideal certification.

What Does the SecurityX Test?

CompTIA's SecurityX test (CAS-005) validates advanced-level competency in security design, engineering, and operations. The updated exam objectives are divided into four primary domains:

• Governance, Risk, and Compliance (20%): Security program documentation, risk management (quantitative and qualitative), third-party risk, threat modeling (MITRE ATT&CK, STRIDE, CAPEC), compliance frameworks (NIST, ISO, PCI DSS), configuration management, and GRC automation tools.

• Security Architecture (27%): Designing secure enterprise and cloud environments, including CASB, CI/CD pipelines, container and serverless security, zero trust concepts, SASE/SD-WAN, segmentation and microsegmentation, and secure cloud data strategies.

• Security Engineering (31%): Automation and scripting (PowerShell, Bash, Python), infrastructure as code, SOAR workflows, advanced cryptography (PQC, homomorphic encryption, forward secrecy), cryptographic implementation, vulnerability management, and secure system integration.

• Security Operations (22%): SIEM analysis, threat hunting, intelligence sharing (STIX, TAXII), malware analysis, incident response, attack surface management, root cause analysis, and mitigation strategies.

Passing the SecurityX exam validates that you have the knowledge and skills necessary to conceptualize, engineer, integrate, and implement a complex security architecture at an enterprise level. This architecture can involve multiple technologies, operating systems, and platforms.

How Much Does the SecurityX Cost?

The exam voucher can be purchased in several ways. If you're confident that you'll pass on the first try and all you need is to sit for the exam without any preparation, it will cost you $529. However, if you're interested in a backup voucher and practice labs, your exam cost could rise to $578.

Beyond the initial exam fee, you’ll also need to maintain your certification through CompTIA’s Continuing Education (CE) program. SecurityX requires 75 continuing education units (CEUs) within a three-year renewal cycle, along with an annual maintenance fee (currently $50 per year).

Fortunately, CompTIA provides multiple ways to earn those CEUs. You can:

• Complete approved training courses or higher education classes

• Attend security conferences or webinars

• Earn qualifying industry certifications

• Publish security-related content or teach training sessions

• Document relevant security work experience

SecurityX sits at the top of CompTIA’s security pathway, so renewal is typically handled through CEUs

The SecurityX exam consists of 80 to 90 questions, both multiple-choice and performance-based. You’ll have 165 minutes to complete the test, and results are given on a pass/fail basis only—you will not receive a grade.

What Experience Do You Need for the SecurityX?

CompTIA does not list any specific certifications as prerequisites to sit for the SecurityX, although you will certainly have earned a few by this point in your career. The certifying organization highly recommends a minimum of 10 years of experience in an IT administration role, with at least 5 years of technical cybersecurity experience in a hands-on capacity.

Security+ vs. SecurityX: What’s the Difference?

If you're considering the SecurityX, you might have also heard about the Security+, so it bears discussing the differences between the two.  

Security+ is a foundational certification. It validates that you understand core security concepts like risk management, network security, identity and access management, cryptography basics, and incident response. It’s ideal for early-career professionals, SOC analysts, and IT pros transitioning into security. Think of it as proving you know how security works across an environment.

SecurityX, on the other hand, is advanced and hands-on. It’s designed for senior security engineers and architects who design, implement, and integrate complex enterprise security solutions. The exam emphasizes security architecture, automation, advanced cryptography, cloud security, and enterprise-level risk management.

If you’re starting out, Security+ is the logical first step. If you’re already leading security initiatives, SecurityX validates that advanced expertise.

Who Should Take the SecurityX?

While the SecurityX is a great option for any career cybersecurity professional who enjoys a technician role, it is ideally suited for positions at the peak of security performance.

SecurityX for Security Architects

System and network architects often specialize in design without engaging in much hands-on programming, implementation, or troubleshooting on a daily basis. Security, of course, is an entirely different animal. CompTIA designed the SecurityX certification with several specific positions in mind, including a security architect.

While you can certainly design effective security architecture without being a technician, jobs that list the SecurityX certification as a requirement or preferred accreditation typically need a well-rounded professional. Earning the SecurityX validates that you have the full-spectrum skill set required.

SecurityX for Security Engineers

IT engineers often find themselves in a unique position to have the deepest working knowledge of how a system or network is actually designed to work. They take the plans an architect draws up and give them life, then ensure they're in working order for administrators to oversee from day to day. However, security engineers are usually required to expand their skill applications both above and below this generic description.

As a SecurityX certification holder, you'll be able to demonstrate to employers that you're fully capable of designing a secure system just as an architect would. Employers will also know that you can get down in the weeds to troubleshoot lower-level issues like an administrator can, understanding what those seemingly minor problems could mean for the larger architecture. There is arguably no more perfectly suited role for a SecurityX certification than a security engineer.

SecurityX for Application Security Engineers

In our increasingly integrated world, mobile devices and fixed assets interact continuously and are expected to assimilate seamlessly. However, app security is a very different animal from traditional system and network security, requiring a targeted focus and unique skill set.

A SecurityX certification doesn't lock you down to traditional networks, servers, and PCs. CompTIA specifically designed the SecurityX to certify top-level talent in numerous domains, including app security. Having a SecurityX on your resume as an application security engineer signifies that you can merge multiple tech resources into a unified system that’s well protected from both internal and external threats.

Is the SecurityX Worth It?

The short answer is yes. If you’re a cybersecurity professional who wants to be instantly identified for your knowledge and technical prowess, having a SecurityX certification will undoubtedly communicate that.

If you’re considering sitting for this cert, you’re likely very far along in your career and might be weighing some critical choices about your future. These could include whether to continue in a broad technical role, specialize in a particular technology (e.g., the cloud or software security), or pursue a managerial track. Depending on those factors, the CISSP, CCSP, or CSSLP might be the perfect certification.

Regardless, having a SecurityX will only add depth to each career choice, making it the ideal accreditation to pursue if you’re at a career crossroads.

Using the SecurityX to Learn Skills

CompTIA specifically advertises that you'll learn these skills while preparing to sit for the SecurityX exam:

• Governance, Risk, and Compliance: Analyze risk using quantitative and qualitative methods, apply threat modeling frameworks, align programs with NIST and ISO standards, and manage third-party and compliance risk.

• Security Architecture: Design secure hybrid and cloud environments using zero trust principles, segmentation, CASB, CI/CD security controls, and modern network models like SASE.

• Security Engineering: Automate security workflows with scripting and infrastructure as code, implement advanced cryptography, manage vulnerabilities, and securely integrate complex systems.

• Security Operations: Perform SIEM analysis, threat hunting, incident response, malware investigation, and intelligence sharing using standards like STIX and TAXII.

Using the SecurityX to Validate Skills

It is likely a bit of a misstatement to say that you'll learn the above skills during SecurityX exam prep. After ten years of working in IT and five as a security professional, you should have a great deal of knowledge and experience in each of the above areas. While studying for the exam will undoubtedly refresh your memory, tie together certain concepts, and involve some new knowledge in various areas, the real value of the SecurityX isn’t in the skills you’ll learn but rather the skills that you’ll validate.

Start Studying Today 

There's a reason that SecurityX is a top-of-the-line terminal certification in its specialty, and earning one will garner immediate respect—and very likely, a noticeable increase in the salary you can command. Start learning today with CBT Nuggets!