Michael Whitehouse

The CompTIA CASP or 'Certified Advanced Security Practitioner' recently went live as of Sept 15th 2011 for test taking in the USA, the exam has not quite made it across the pond at the time of writing but CompTIA have promised a release of December 2011 or January 2012 without giving any specific dates.

So what is the CASP?

CompTIA have a long standing reputation in the industry with their + series of qualifications (A+, Network+ Security+, act) as being on the lowest tier of IT qualifications. Some would go as far to say as they are not worth the paper they are printed on. The style of these certifications is not so much real world application of knowledge but the memorisation of lists of information if you break it down into its raw form. My personal feelings about these CompTIA base certifications is that they do have a value within the industry. With so many people turning to IT as a viable career option they provide a starting point for this change, filling in the foundations of knowledge requires to progress onto more advanced qualifications.

The CASP is a drastic change to the difficulty level of the certifications offered by CompTIA. Some people have marked this examination as an advanced Security+ more in line with the CISSP certification provided by ISC2. This is a huge task for CompTIA to pull off a successful rollout of this certification and hold the value of it against security giants that are already known in the industry like the SANS institute or ISC2. If we take a look at some of the exam objectives we can see how in depth they are trying to go with this security certification.

The table below lists the domain areas measured by this examination and the approximate extent to which they are represented in the examination:

1.0  Enterprise Security 40%

2.0  Risk Mgmt, Policy/Procedure and Legal 24%

3.0  Research & Analysis 14%

4.0  Integration of Computing, Communications,  and Business Disciplines22%

Total 100%

A detailed overview is provided from CompTIA in the following PDF http://www.comptia.org/Libraries/Exam_Objectives/casp_objectives.sflb.ashx

From a quick review of the PDF provided by CompTIA we can see this is not a Security+ 2.0 but related directly to the exam objectives of the CISSP Certification. There is much more pressure on not only the technical domains of IT security but also a push into good IT security management. The CISSP certification has a reputation of being hard to obtain and keep up to date, it holds a great value in the industry for this reason. (a 250question written examination is a gruelling task for anyone to take no matter how much experience you have of test taking) So this begs the question.

Can the CASP compete against other more well known security certifications?

Only time will tell, but from the outset I would wagers no, for a couple of reasons. Firstly, CompTIAs reputation for low end certifications will bring down the perceived value of the CASP in the eyes of not only IT professionals but also the HR departments that keyword match CV's for job roles. Secondly, the exam needs to be tougher and maybe even a different format admittedly I was not involved in the beta programme and living in the UK do not yet have the ability to take the test yet. In saying that, on paper a 70questions VUE computer bases examination Vs a 250questions paper based exam would perceive less value in regards to difficulty. In this industry when IT professionals weigh up their respective certifications the difficulty of an examination is always brought into question. The harder and more gruelling an examination the more buzz is going to be generated for that certification.

Preparing for the exam

At the moment there are no books related to the CASP examination for purchase, you can pre-order the Sybex manual via http://www.amazon.co.uk/CompTIA-Advanced-Security-Practitioner-Study/dp/1118083199/ref=sr_1_1?ie=UTF8&qid=1324040211&sr=8-1 CompTIA recommend 10 years experience in IT and 5 years in IT security before you consider taking the examination, I feel this should be taken with a pinch of salt.