CASP vs ECSA vs CISA?

I have a chance for work to pay for a bootcamp for security cert. The ones that fit schedule/price the best are CASP or ECSA or CISA?

I realize this is vague questioning, but which has the most skill benefit? The cert ROI isn't really relevant since I'm not paying for it, and I dont see me changing jobs anytime soon. I'm looking for the one that will teach me the most that can be applicable to my Security Analyst role, which is pretty much all facets of Security for the company.

I'm leaning towards CASP or ECSA, even though I think CISA is the more respected cert, but I dont know what kind of hands on skills I will learn from it

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

danny069

I would go for the CISA if I were you. It comes up in job searches more often and probably more expensive training.

Mike-Mike

Well I agree to an extent, but I think you missed my point...

I like my company - location, job, pay, all things are pretty great

I'm not paying for it, so the expense doesn't really matter, unless I just want to juice my company for as much as possible. But I dont, any money saved there will just go to more training for me later, or something I need, equipment, etc.... And I have only been here a few months, and this is my first official Security gig, so I'm more interested in security skills than getting my resume noticed. I already get way more recruiter calls than I want as is, 15 years technical experience, AS, BS, MS, 22 certs... my phone rings all the time... in fact someone called while I typed this...

point being, my pay is pretty good, I like my job and I just want to buckle down and get real skills, basically get as close as an expert as I can over the next few years here at this company. And there will be more money for training later.

Unless I'm mistaken, I do not think the CISA is very technical right? After doing some quick googling, I think CASP is more overall Security and ECSA is more Pentesting. So I might be leaning CASP.

but I don't have any of these certs, so I could be incorrect

Mike7

IMO, CISA is auditing with technical knowledge while ECSA seems more focused on how to write pen test reports.
You can try EC-Council Certified Security Analyst Assessment | EC-Council to get a feel of ECSA knowledge required.
The CISA assessment is at http://www.isaca.org/certification/cisa-certified-information-systems-auditor/prepare-for-the-exam/pages/cisa-self-assessment.aspx

CASP may not be as well recognized; however it is being positioned for hands-on security practitioners and as an intermediate cert between Security+ and CISSP. You are right in that CASP is more overall security, and most of the domains overlaps with those in CISSP. In fact, I took both CASP and CISSP exams within weeks of each other. Main difference is the graphical and command line simulation questions in CASP, and more infosec management focus in CISSP.

If you are looking for hands-on knowledge and possibly taking CISSP (if you have not) in future, I say go for CASP.
Still undecided? Check out http://www.techexams.net/blogs/jdmurray/77-comptia-casp-exam-experience.html

danny069

Yeah CISA is geared towards 'management' nothing technical. CASP (in wide mile deep) is an in depth version of Security+ (inch deep mile wide), if you wanted technical out of the three, it would be ECSA.

Mike7

Besides, ECSA, there is also E|NSA (Network Security Administrator).

The material covered (as per EC-Council Network Security Administrator Exam Information) seems to be for someone who is in charge of securing infrastructure and network.

jfitzg

Why do people keep bringing up Ec-Council? They are a joke, a bad joke at that! There tests are pathetically easy, require no real world skills, and the company is so poorly ran is almost laughable. And this is coming from someone with two Ec-Council certs! Heck, what kind of SECURITY company reuses passwords AFTER they have been compromised? Ec-Council! On the topic at hand, CISA is about IT auditing, though it is very popular. Id recommend the CASP.

So Who Hacked EC-Council Three Times This Week? ? InfoSec News

danny069

CISA would be my first choice, then CASP, then ECSA.

Mike-Mike

Mike7 wrote: »

Besides, ECSA, there is also E|NSA (Network Security Administrator).

.

That does look more like what I'm interested in, but that's not available from the training provider

Mike-Mike

jfitzg wrote: »

Why do people keep bringing up Ec-Council? They are a joke, a bad joke at that! There tests are pathetically easy, require no real world skills, and the company is so poorly ran is almost laughable. And this is coming from someone with two Ec-Council certs!

I also have the CEH and CHFI, and I thought they were terrible. However Pentesting is on the horizon for me at my role, probably mid-2016. So I figured it might be useful, and there were limited options available from the training company we are using.

So i'm still leaning CASP at this point.

Mike7 - good call, I will try the practice tests and see if that helps me make up my mind. I need to make a decision today

Mike-Mike

Mike7 wrote: »

You can try EC-Council Certified Security Analyst Assessment | EC-Council to get a feel of ECSA knowledge required.
l

That was very deceptive. It was 50 questions, the first 10 to 15 were all terrible. Asking names of laws and acts, and standard terminology. But the last 3/4s or so was pretty good. Asking specifics about Snort, Nessus, and Metasploit.

hmmmmmmmmmmmm

Mike-Mike

Mike7 wrote: »

.
The CISA assessment is at CISA Self-Assessment Exam

CISA is what I thought it was, not for me at the moment. Maybe in a year or two, but that's not really where my interest is, seems like something I would get to make me more marketable, or if I plan on branching out to other areas

Currently I want to be as technical as possible

Mike-Mike

Based on this for CASP - CASP Sample Questions - Get Certified Get Ahead

it seems to be what I'm looking for

Mike-Mike

Also took some questions here CompTIA Advanced Security Practitioner Certification

Mike-Mike

Seems like CASP is the winner, with ECSA as a close 2nd. They are on different dates, so I think i will request CASP, and if there is a conflict with those dates, go with ECSA

danny069

Good luck on the CASP Mike! I'm taking that next after my CEH.

Mike-Mike

Thanks I sent the request for approval, with ECSA as the backup. I'll update when I get confirmation

Another bonus with CASP is that I can use Skillport and CBTnuggets prior to the bootcamp so I'm not going in blind

Mike7

@Mike-Mike. Great! You have made an informed decision.
I look forward to your CASP review.

playerx2006

ESCA v9 is where it's at. Ec-Council completely revamped their certs. Now to pass the ECSA, you have to perform a pentest and submit it.

So now in order it's ECSA>CASP>CISA.

CISA is auditing stuff and pretty boring, ECSA is pentesting and security analyst stuff and pretty fun, CASP is a little of both, though more on the Information Assurance side.