CASP vs ECSA vs CISA?

Mike-MikeMike-Mike Posts: 1,860Member
I have a chance for work to pay for a bootcamp for security cert. The ones that fit schedule/price the best are CASP or ECSA or CISA?


I realize this is vague questioning, but which has the most skill benefit? The cert ROI isn't really relevant since I'm not paying for it, and I dont see me changing jobs anytime soon. I'm looking for the one that will teach me the most that can be applicable to my Security Analyst role, which is pretty much all facets of Security for the company.


I'm leaning towards CASP or ECSA, even though I think CISA is the more respected cert, but I dont know what kind of hands on skills I will learn from it
Currently Working On

CWTS, then WireShark

Comments

  • danny069danny069 Posts: 1,025Member ■■■■□□□□□□
    I would go for the CISA if I were you. It comes up in job searches more often and probably more expensive training.
    I am a Jack of all trades, Master of None
  • Mike-MikeMike-Mike Posts: 1,860Member
    Well I agree to an extent, but I think you missed my point...

    I like my company - location, job, pay, all things are pretty great

    I'm not paying for it, so the expense doesn't really matter, unless I just want to juice my company for as much as possible. But I dont, any money saved there will just go to more training for me later, or something I need, equipment, etc.... And I have only been here a few months, and this is my first official Security gig, so I'm more interested in security skills than getting my resume noticed. I already get way more recruiter calls than I want as is, 15 years technical experience, AS, BS, MS, 22 certs... my phone rings all the time... in fact someone called while I typed this...

    point being, my pay is pretty good, I like my job and I just want to buckle down and get real skills, basically get as close as an expert as I can over the next few years here at this company. And there will be more money for training later.

    Unless I'm mistaken, I do not think the CISA is very technical right? After doing some quick googling, I think CASP is more overall Security and ECSA is more Pentesting. So I might be leaning CASP.

    but I don't have any of these certs, so I could be incorrect
    Currently Working On

    CWTS, then WireShark
  • Mike7Mike7 Posts: 1,062Member ■■■■□□□□□□
    IMO, CISA is auditing with technical knowledge while ECSA seems more focused on how to write pen test reports.
    You can try EC-Council Certified Security Analyst Assessment | EC-Council to get a feel of ECSA knowledge required.
    The CISA assessment is at http://www.isaca.org/certification/cisa-certified-information-systems-auditor/prepare-for-the-exam/pages/cisa-self-assessment.aspx


    CASP may not be as well recognized; however it is being positioned for hands-on security practitioners and as an intermediate cert between Security+ and CISSP. You are right in that CASP is more overall security, and most of the domains overlaps with those in CISSP. In fact, I took both CASP and CISSP exams within weeks of each other. Main difference is the graphical and command line simulation questions in CASP, and more infosec management focus in CISSP.

    If you are looking for hands-on knowledge and possibly taking CISSP (if you have not) in future, I say go for CASP.
    Still undecided? Check out http://www.techexams.net/blogs/jdmurray/77-comptia-casp-exam-experience.html
  • danny069danny069 Posts: 1,025Member ■■■■□□□□□□
    Yeah CISA is geared towards 'management' nothing technical. CASP (in wide mile deep) is an in depth version of Security+ (inch deep mile wide), if you wanted technical out of the three, it would be ECSA.
    I am a Jack of all trades, Master of None
  • Mike7Mike7 Posts: 1,062Member ■■■■□□□□□□
    Besides, ECSA, there is also E|NSA (Network Security Administrator).

    The material covered (as per EC-Council Network Security Administrator Exam Information) seems to be for someone who is in charge of securing infrastructure and network.
  • jfitzgjfitzg Posts: 102Member
    Why do people keep bringing up Ec-Council? They are a joke, a bad joke at that! There tests are pathetically easy, require no real world skills, and the company is so poorly ran is almost laughable. And this is coming from someone with two Ec-Council certs! Heck, what kind of SECURITY company reuses passwords AFTER they have been compromised? Ec-Council! On the topic at hand, CISA is about IT auditing, though it is very popular. Id recommend the CASP.

    So Who Hacked EC-Council Three Times This Week? ? InfoSec News
  • danny069danny069 Posts: 1,025Member ■■■■□□□□□□
    CISA would be my first choice, then CASP, then ECSA.
    I am a Jack of all trades, Master of None
  • Mike-MikeMike-Mike Posts: 1,860Member
    Mike7 wrote: »
    Besides, ECSA, there is also E|NSA (Network Security Administrator).

    .

    That does look more like what I'm interested in, but that's not available from the training provider
    Currently Working On

    CWTS, then WireShark
  • Mike-MikeMike-Mike Posts: 1,860Member
    jfitzg wrote: »
    Why do people keep bringing up Ec-Council? They are a joke, a bad joke at that! There tests are pathetically easy, require no real world skills, and the company is so poorly ran is almost laughable. And this is coming from someone with two Ec-Council certs!


    I also have the CEH and CHFI, and I thought they were terrible. However Pentesting is on the horizon for me at my role, probably mid-2016. So I figured it might be useful, and there were limited options available from the training company we are using.

    So i'm still leaning CASP at this point.

    Mike7 - good call, I will try the practice tests and see if that helps me make up my mind. I need to make a decision today
    Currently Working On

    CWTS, then WireShark
  • Mike-MikeMike-Mike Posts: 1,860Member
    Mike7 wrote: »
    You can try EC-Council Certified Security Analyst Assessment | EC-Council to get a feel of ECSA knowledge required.
    l


    That was very deceptive. It was 50 questions, the first 10 to 15 were all terrible. Asking names of laws and acts, and standard terminology. But the last 3/4s or so was pretty good. Asking specifics about Snort, Nessus, and Metasploit.

    hmmmmmmmmmmmm
    Currently Working On

    CWTS, then WireShark
  • Mike-MikeMike-Mike Posts: 1,860Member
    Mike7 wrote: »
    .
    The CISA assessment is at CISA Self-Assessment Exam

    CISA is what I thought it was, not for me at the moment. Maybe in a year or two, but that's not really where my interest is, seems like something I would get to make me more marketable, or if I plan on branching out to other areas

    Currently I want to be as technical as possible
    Currently Working On

    CWTS, then WireShark
  • Mike-MikeMike-Mike Posts: 1,860Member
    Based on this for CASP - CASP Sample Questions - Get Certified Get Ahead

    it seems to be what I'm looking for
    Currently Working On

    CWTS, then WireShark
  • Mike-MikeMike-Mike Posts: 1,860Member
    Currently Working On

    CWTS, then WireShark
  • Mike-MikeMike-Mike Posts: 1,860Member
    Seems like CASP is the winner, with ECSA as a close 2nd. They are on different dates, so I think i will request CASP, and if there is a conflict with those dates, go with ECSA
    Currently Working On

    CWTS, then WireShark
  • danny069danny069 Posts: 1,025Member ■■■■□□□□□□
    Good luck on the CASP Mike! I'm taking that next after my CEH.
    I am a Jack of all trades, Master of None
  • Mike-MikeMike-Mike Posts: 1,860Member
    Thanks I sent the request for approval, with ECSA as the backup. I'll update when I get confirmation


    Another bonus with CASP is that I can use Skillport and CBTnuggets prior to the bootcamp so I'm not going in blind
    Currently Working On

    CWTS, then WireShark
  • Mike7Mike7 Posts: 1,062Member ■■■■□□□□□□
    @Mike-Mike. Great! You have made an informed decision.
    I look forward to your CASP review. :)
  • playerx2006playerx2006 Posts: 3Registered Users ■□□□□□□□□□
    ESCA v9 is where it's at. Ec-Council completely revamped their certs. Now to pass the ECSA, you have to perform a pentest and submit it.

    So now in order it's ECSA>CASP>CISA.

    CISA is auditing stuff and pretty boring, ECSA is pentesting and security analyst stuff and pretty fun, CASP is a little of both, though more on the Information Assurance side.
Sign In or Register to comment.