+ Reply to Thread
Results 1 to 11 of 11
  1. Junior Member Registered Member
    Join Date
    Mar 2016
    Posts
    2
    #1

    Default Need to obtain my CASP this year, but have no experience

    I am about to graduate with a degree in computer science and have secured a job. The only problem is that I need to get my CASP by October to work for them because its required by DOD. This is something that I just found out (6 months after I accepted the job). My course work pretty much was centered around discrete math, algorithms, database systems, and programming. I have little to no experience in security and I was just wondering what I should do to to prepare for it. Should I study and take network+ and security+ first, or should I just get a book and watch various videos about the CASP and try to take it? Any help would be greatly appreciated!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member danny069's Avatar
    Join Date
    Nov 2012
    Location
    NYC
    Posts
    999

    Certifications
    A+, Security+, ACMT, CASP, CEH, CCNA R&S, A.S. & B.S. Cyber Security Systems/Digital Forensics, M.S. Cyber Security
    #2
    The CASP is a pretty tough exam. That being said, you should study for the Security+ first because that will give you the basics, then after that, start preparing for the CASP.
    I am a Jack of all trades, Master of None
    Reply With Quote Quote  

  4. Member
    Join Date
    Feb 2016
    Location
    Maryland
    Posts
    62

    Certifications
    MSISO expected July 2017, B.S Information Systems Security, A.A.S, A.A, CASP, C|EHv9, Security +, Netwok +,A +
    #3
    Contractor work I take it? You should go for SEC+ like stated above then attack CASP. I think its the logical step. However; it might be time to grind! Get it!
    Last edited by firemike314; 03-05-2016 at 04:17 AM.
    Reply With Quote Quote  

  5. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,680

    Certifications
    RHCSA, Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practioner, VCP-DCV, Storage+, CCNA R+S, CCNA Sec, Security+, CEH, CASP
    #4
    As a recently minted CASP, I'll give my tuppence: you need at least some networking and server OS knowledge, along with a smattering of business knowledge, IT governance, development and service lifecycle stuff and project management. This is far easier to get through work experience, since a lot you will 'just acquire' almost by osmosis.

    It's a bit of a broad certification in that respect. It covers technical issues - like firewall configuration, recognising attacks from logs - as well as Risk Analysis, phases of secure development lifecycle, governance and regulation. It seems to be aimed at the middle manager who has everything piled on them.

    The 10 years experience quoted by CompTIA is probably pushing it. I have 10 years in IT generally, but maybe 5 years total of that had a large Info Sec component. Before CASP, I also had 3 subjects at Masters level on Info Sec topics, Security+, CEH, and CCNA Security on top of a reasonable infrastructure background.

    I think Security+ and Network+ are good places to start. There's a couple of official study guides for CASP which are reasonable, but not great. The other book I'd recommend is "Information Security The Complete Reference, 2nd Edition" which covers a lot of the same ground, but with a bit more rigour.

    If you look at it from the perspective of your Comp Sci degree, I'd say it's like another 6 months of school.
    2017 Goals - MCSA 2008, CISSP, CCNP:R+S, Agile PM
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #5
    Like OctalDump mention CASP requires experience to qualify. Below is from the Comptia website. How is your employer making you take this exam i don't understand it, even if you pass it you wont qualify for the designation. Sec+ on the other hand requires less experience. You should bring that up to your employer's attention.

    CompTIA Advanced Security Practitioner (CASP) meets the growing demand for advanced IT security in the enterprise. Recommended for IT professionals with at least 5 years of experience, CASP certifies critical thinking and judgment across a broad spectrum of security disciplines and requires candidates to implement clear solutions in complex environments.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    943

    Certifications
    C****, C***, C**
    #6
    Quote Originally Posted by TheFORCE View Post
    Like OctalDump mention CASP requires experience to qualify
    Can understand by looking at the 8570 chart at https://www.isc2.org/dod-8570-cap-certification.aspx
    CISSP, CASP and CISA/CISM are in the same job function.

    There is no endorsement process for CASP unlike CISSP, CISA or CISM; you are certified upon passing the exam.

    OctalDump is probably referring to hands-on experience.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #7
    Quote Originally Posted by Mike7 View Post
    Can understand by looking at the 8570 chart at https://www.isc2.org/dod-8570-cap-certification.aspx
    CISSP, CASP and CISA/CISM are in the same job function.

    There is no endorsement process for CASP unlike CISSP, CISA or CISM; you are certified upon passing the exam.

    OctalDump is probably referring to hands-on experience.
    Right but again, the endorsement was not the issue, its the years of experience that he does not have that will make him qualify for it becomes the issue. ISC2 has an "Associate of ISC2" for those who don't meet the years of experience, does Comptia have something similiar? If so, then that does change things.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    943

    Certifications
    C****, C***, C**
    #8
    Quote Originally Posted by TheFORCE View Post
    Right but again, the endorsement was not the issue, its the years of experience that he does not have that will make him qualify for it becomes the issue. ISC2 has an "Associate of ISC2" for those who don't meet the years of experience, does Comptia have something similiar? If so, then that does change things.
    Nope. No "Associate of CompTIA".
    He only has to pass the exam. I passed my exam on 15th April and received the CASP certification confirmation email a day later. When I registered for the exam, I do not recall being asked about the years of experience either.

    His company needs him to be certified for DOD work. Out of the few options, only SANS and CASP do not have experience requirements. SANS exams are just expensive, so that leaves CASP.
    Reply With Quote Quote  

  10. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,680

    Certifications
    RHCSA, Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practioner, VCP-DCV, Storage+, CCNA R+S, CCNA Sec, Security+, CEH, CASP
    #9
    Quote Originally Posted by TheFORCE View Post
    Like OctalDump mention CASP requires experience to qualify. Below is from the Comptia website. How is your employer making you take this exam i don't understand it, even if you pass it you wont qualify for the designation. Sec+ on the other hand requires less experience. You should bring that up to your employer's attention.
    Yeah, it's just the 'recommended' experience that CompTIA says, it's no means a requirement. If you are so inclined, you could walk in off the street, pass the exam and become CASP certified with NO IT experience.

    Recommended Experience 10 years experience in IT administration, including at least 5 years of hands-on technical security experience
    Not sure if I am misremembering or if the changed it, but I thought it was 10 years in Info Sec. 5 years makes a bit more sense, since it would cover all those people doing AD and group policy and firewall rules and whatnot, which feels a bit more like who the exam is aimed at. Not exactly Info Sec 'masters', just more advanced professionals, transitioning to more management role.
    Last edited by OctalDump; 03-05-2016 at 11:25 AM.
    2017 Goals - MCSA 2008, CISSP, CCNP:R+S, Agile PM
    Reply With Quote Quote  

  11. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #10
    You'll really need a step by step approach if you intend to get this cert.
    Net+
    Sec+
    Should be first on your list. Comptia exams are tricky. You need to get the basics out of the way. Don't just take one exam thinking you can nail it. You gotta build up to it. You could possible take the first two in a month if you were locked in a library and had the right materials. Comptia is a huge fan of shitty testing as a way to weed out the plebs.
    Reply With Quote Quote  

  12. Junior Member Registered Member
    Join Date
    Mar 2016
    Posts
    2
    #11
    Thank all of you guys for your feedback! I'll take an incremental approach and review materials for the network+ and security+ exams (not necessarily take them). I start work there in august, so I've got some time this summer to study. Once again, thank all of you.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks