CASP vs ECSA vs CISA?
I have a chance for work to pay for a bootcamp for security cert. The ones that fit schedule/price the best are CASP or ECSA or CISA?
I realize this is vague questioning, but which has the most skill benefit? The cert ROI isn't really relevant since I'm not paying for it, and I dont see me changing jobs anytime soon. I'm looking for the one that will teach me the most that can be applicable to my Security Analyst role, which is pretty much all facets of Security for the company.
I'm leaning towards CASP or ECSA, even though I think CISA is the more respected cert, but I dont know what kind of hands on skills I will learn from it
I realize this is vague questioning, but which has the most skill benefit? The cert ROI isn't really relevant since I'm not paying for it, and I dont see me changing jobs anytime soon. I'm looking for the one that will teach me the most that can be applicable to my Security Analyst role, which is pretty much all facets of Security for the company.
I'm leaning towards CASP or ECSA, even though I think CISA is the more respected cert, but I dont know what kind of hands on skills I will learn from it
Currently Working On
CWTS, then WireShark
CWTS, then WireShark
Comments
-
danny069 Member Posts: 1,025 ■■■■□□□□□□I would go for the CISA if I were you. It comes up in job searches more often and probably more expensive training.I am a Jack of all trades, Master of None
-
Mike-Mike Member Posts: 1,860Well I agree to an extent, but I think you missed my point...
I like my company - location, job, pay, all things are pretty great
I'm not paying for it, so the expense doesn't really matter, unless I just want to juice my company for as much as possible. But I dont, any money saved there will just go to more training for me later, or something I need, equipment, etc.... And I have only been here a few months, and this is my first official Security gig, so I'm more interested in security skills than getting my resume noticed. I already get way more recruiter calls than I want as is, 15 years technical experience, AS, BS, MS, 22 certs... my phone rings all the time... in fact someone called while I typed this...
point being, my pay is pretty good, I like my job and I just want to buckle down and get real skills, basically get as close as an expert as I can over the next few years here at this company. And there will be more money for training later.
Unless I'm mistaken, I do not think the CISA is very technical right? After doing some quick googling, I think CASP is more overall Security and ECSA is more Pentesting. So I might be leaning CASP.
but I don't have any of these certs, so I could be incorrectCurrently Working On
CWTS, then WireShark -
Mike7 Member Posts: 1,114 ■■■■■□□□□□IMO, CISA is auditing with technical knowledge while ECSA seems more focused on how to write pen test reports.
You can try EC-Council Certified Security Analyst Assessment | EC-Council to get a feel of ECSA knowledge required.
The CISA assessment is at http://www.isaca.org/certification/cisa-certified-information-systems-auditor/prepare-for-the-exam/pages/cisa-self-assessment.aspx
CASP may not be as well recognized; however it is being positioned for hands-on security practitioners and as an intermediate cert between Security+ and CISSP. You are right in that CASP is more overall security, and most of the domains overlaps with those in CISSP. In fact, I took both CASP and CISSP exams within weeks of each other. Main difference is the graphical and command line simulation questions in CASP, and more infosec management focus in CISSP.
If you are looking for hands-on knowledge and possibly taking CISSP (if you have not) in future, I say go for CASP.
Still undecided? Check out http://www.techexams.net/blogs/jdmurray/77-comptia-casp-exam-experience.html -
danny069 Member Posts: 1,025 ■■■■□□□□□□Yeah CISA is geared towards 'management' nothing technical. CASP (in wide mile deep) is an in depth version of Security+ (inch deep mile wide), if you wanted technical out of the three, it would be ECSA.I am a Jack of all trades, Master of None
-
Mike7 Member Posts: 1,114 ■■■■■□□□□□Besides, ECSA, there is also E|NSA (Network Security Administrator).
The material covered (as per EC-Council Network Security Administrator Exam Information) seems to be for someone who is in charge of securing infrastructure and network. -
jfitzg Member Posts: 102 ■■■□□□□□□□Why do people keep bringing up Ec-Council? They are a joke, a bad joke at that! There tests are pathetically easy, require no real world skills, and the company is so poorly ran is almost laughable. And this is coming from someone with two Ec-Council certs! Heck, what kind of SECURITY company reuses passwords AFTER they have been compromised? Ec-Council! On the topic at hand, CISA is about IT auditing, though it is very popular. Id recommend the CASP.
So Who Hacked EC-Council Three Times This Week? ? InfoSec News -
danny069 Member Posts: 1,025 ■■■■□□□□□□CISA would be my first choice, then CASP, then ECSA.I am a Jack of all trades, Master of None
-
Mike-Mike Member Posts: 1,860
That does look more like what I'm interested in, but that's not available from the training providerCurrently Working On
CWTS, then WireShark -
Mike-Mike Member Posts: 1,860Why do people keep bringing up Ec-Council? They are a joke, a bad joke at that! There tests are pathetically easy, require no real world skills, and the company is so poorly ran is almost laughable. And this is coming from someone with two Ec-Council certs!
I also have the CEH and CHFI, and I thought they were terrible. However Pentesting is on the horizon for me at my role, probably mid-2016. So I figured it might be useful, and there were limited options available from the training company we are using.
So i'm still leaning CASP at this point.
Mike7 - good call, I will try the practice tests and see if that helps me make up my mind. I need to make a decision todayCurrently Working On
CWTS, then WireShark -
Mike-Mike Member Posts: 1,860You can try EC-Council Certified Security Analyst Assessment | EC-Council to get a feel of ECSA knowledge required.
l
That was very deceptive. It was 50 questions, the first 10 to 15 were all terrible. Asking names of laws and acts, and standard terminology. But the last 3/4s or so was pretty good. Asking specifics about Snort, Nessus, and Metasploit.
hmmmmmmmmmmmmCurrently Working On
CWTS, then WireShark -
Mike-Mike Member Posts: 1,860
CISA is what I thought it was, not for me at the moment. Maybe in a year or two, but that's not really where my interest is, seems like something I would get to make me more marketable, or if I plan on branching out to other areas
Currently I want to be as technical as possibleCurrently Working On
CWTS, then WireShark -
Mike-Mike Member Posts: 1,860Based on this for CASP - CASP Sample Questions - Get Certified Get Ahead
it seems to be what I'm looking forCurrently Working On
CWTS, then WireShark -
Mike-Mike Member Posts: 1,860Also took some questions here CompTIA Advanced Security Practitioner CertificationCurrently Working On
CWTS, then WireShark -
Mike-Mike Member Posts: 1,860Seems like CASP is the winner, with ECSA as a close 2nd. They are on different dates, so I think i will request CASP, and if there is a conflict with those dates, go with ECSACurrently Working On
CWTS, then WireShark -
danny069 Member Posts: 1,025 ■■■■□□□□□□Good luck on the CASP Mike! I'm taking that next after my CEH.I am a Jack of all trades, Master of None
-
Mike-Mike Member Posts: 1,860Thanks I sent the request for approval, with ECSA as the backup. I'll update when I get confirmation
Another bonus with CASP is that I can use Skillport and CBTnuggets prior to the bootcamp so I'm not going in blindCurrently Working On
CWTS, then WireShark -
Mike7 Member Posts: 1,114 ■■■■■□□□□□@Mike-Mike. Great! You have made an informed decision.
I look forward to your CASP review. -
playerx2006 Registered Users Posts: 3 ■□□□□□□□□□ESCA v9 is where it's at. Ec-Council completely revamped their certs. Now to pass the ECSA, you have to perform a pentest and submit it.
So now in order it's ECSA>CASP>CISA.
CISA is auditing stuff and pretty boring, ECSA is pentesting and security analyst stuff and pretty fun, CASP is a little of both, though more on the Information Assurance side.