+ Reply to Thread
Results 1 to 9 of 9
  1. Member
    Join Date
    Sep 2016
    Posts
    82

    Certifications
    CCNA Security, CCNA R&S
    #1

    Default A few questions on CISSP, CASP and CRISC

    my main focus of studying has been on network security, as it closely relates to my job. I'm looking to get my CISSP in early 2017, as long as I can keep my current studying pace.

    Few questions though, is CASP a good cert to go along with CISSP or is it overkill? If both are good, should I do one before the other?

    I've heard government jobs require Comptia certs. Based on where I live, I don't think I'll be applying for those types of jobs.

    My final question is about CRISC. I'm not so sure what I do now would qualify for this exam but that aside, is this a worthwhile certification? I'm not so much asking about the exam itself, but more of the job role, career choice wise?

    Thanks!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Nov 2011
    Posts
    810
    #2
    Do the CISSP before the CASP. CRISC isn't going to help you in this regard for your current role.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,281

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #3
    CRISC is excellent if your headed down the CRO (Chief Risk Officer) role or something similarly esoteric. Otherwise its a bit of an unknown to most people.

    Not that its a bad exam by any means but has a very small targeted audience for now. Oh wait, I can tell you its really pretty basic mathematically speaking as risk is always calculated as today, not modeled or projecting into the future. So from an actual business standpoint I don't find the methodology to be particularly flexible or useful but introductory.

    Add threat modeling and longer term risk management and it would be seriously useful. Add some 'R' and 'S' programming and all the better.

    - b/eads
    Reply With Quote Quote  

  5. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,827

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA
    #4
    Quote Originally Posted by beads View Post
    CRISC is excellent if your headed down the CRO (Chief Risk Officer) role or something similarly esoteric. Otherwise its a bit of an unknown to most people.

    Not that its a bad exam by any means but has a very small targeted audience for now. Oh wait, I can tell you its really pretty basic mathematically speaking as risk is always calculated as today, not modeled or projecting into the future. So from an actual business standpoint I don't find the methodology to be particularly flexible or useful but introductory.

    Add threat modeling and longer term risk management and it would be seriously useful. Add some 'R' and 'S' programming and all the better.

    - b/eads
    Going to be taking CRISC next summer, appreciate the insight!
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  6. Member
    Join Date
    Sep 2016
    Posts
    82

    Certifications
    CCNA Security, CCNA R&S
    #5
    thanks everyone. Maybe I'll put the CRISC on the back burner. I see a lot of risk analyst positions, so that's what made me think of it
    Reply With Quote Quote  

  7. I drink and I know things Ertaz's Avatar
    Join Date
    Jan 2006
    Posts
    658

    Certifications
    CISSP, CASP, CSA+, GPEN, CCNA Cyber Ops, Security+, MCP
    #6
    Quote Originally Posted by mnashe View Post
    thanks everyone. Maybe I'll put the CRISC on the back burner. I see a lot of risk analyst positions, so that's what made me think of it

    I did the CISSP in the spring and the CASP in the summer. I agree with the earlier poster about doing the CISSP first. In my opinion the CASP is a much more technical test.
    Reply With Quote Quote  

  8. Member
    Join Date
    Sep 2016
    Posts
    82

    Certifications
    CCNA Security, CCNA R&S
    #7
    Quote Originally Posted by Ertaz View Post
    I did the CISSP in the spring and the CASP in the summer. I agree with the earlier poster about doing the CISSP first. In my opinion the CASP is a much more technical test.
    Thanks. This is how I was planning on doing it. Just wanted to make sure that would be the advised order.
    Reply With Quote Quote  

  9. Member
    Join Date
    Aug 2016
    Location
    Arizona (not a native)
    Posts
    91

    Certifications
    CISSP, CASP, C|EH v8, C|NDA, Sec+, MCSE-NT4, A+
    #8
    Sat CASP in July 2016 because I needed it or CISSP for my current job. The 6 hour exam time for CISSP scared me away from it. I hated to waste all the study effort from CASP, so I sat CISSP in October 2016. Passed 'em both. (Not endorsed yet so cannot add CISSP to profile.) The Sybex CISSP book is almost detailed enough to pass for a CASP book. CASP is much more straightforward than CISSP.

    CISSP will drill you on the concepts and CASP will drill you on the details.

    It's a lot harder to find CASP training and materials than it is to find CISSP materials. CISSP fulfills the entire continuing ed requirement for CASP. CASP meets the experience waiver requirement for CISSP (1 year off the 5 year total). It can be useful to take CASP first and CISSP second.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jul 2016
    Location
    Virginia
    Posts
    160

    Certifications
    A+, Network+
    #9
    Quote Originally Posted by trueshrewkmc View Post
    so I sat CISSP in October 2016. Passed 'em both. (Not endorsed yet so cannot add CISSP to profile.)
    so how does the whole endorsement thing work for the cissp?
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks