Need to obtain my CASP this year, but have no experience

I am about to graduate with a degree in computer science and have secured a job. The only problem is that I need to get my CASP by October to work for them because its required by DOD. This is something that I just found out (6 months after I accepted the job). My course work pretty much was centered around discrete math, algorithms, database systems, and programming. I have little to no experience in security and I was just wondering what I should do to to prepare for it. Should I study and take network+ and security+ first, or should I just get a book and watch various videos about the CASP and try to take it? Any help would be greatly appreciated!

Find more posts tagged with

Comments

danny069

The CASP is a pretty tough exam. That being said, you should study for the Security+ first because that will give you the basics, then after that, start preparing for the CASP.

firemike314

Contractor work I take it? You should go for SEC+ like stated above then attack CASP. I think its the logical step. However; it might be time to grind! Get it!

OctalDump

As a recently minted CASP, I'll give my tuppence: you need at least some networking and server OS knowledge, along with a smattering of business knowledge, IT governance, development and service lifecycle stuff and project management. This is far easier to get through work experience, since a lot you will 'just acquire' almost by osmosis.

It's a bit of a broad certification in that respect. It covers technical issues - like firewall configuration, recognising attacks from logs - as well as Risk Analysis, phases of secure development lifecycle, governance and regulation. It seems to be aimed at the middle manager who has everything piled on them.

The 10 years experience quoted by CompTIA is probably pushing it. I have 10 years in IT generally, but maybe 5 years total of that had a large Info Sec component. Before CASP, I also had 3 subjects at Masters level on Info Sec topics, Security+, CEH, and CCNA Security on top of a reasonable infrastructure background.

I think Security+ and Network+ are good places to start. There's a couple of official study guides for CASP which are reasonable, but not great. The other book I'd recommend is "Information Security The Complete Reference, 2nd Edition" which covers a lot of the same ground, but with a bit more rigour.

If you look at it from the perspective of your Comp Sci degree, I'd say it's like another 6 months of school.

TheFORCE

Like OctalDump mention CASP requires experience to qualify. Below is from the Comptia website. How is your employer making you take this exam i don't understand it, even if you pass it you wont qualify for the designation. Sec+ on the other hand requires less experience. You should bring that up to your employer's attention.

CompTIA Advanced Security Practitioner (CASP) meets the growing demand for advanced IT security in the enterprise. Recommended for IT professionals with at least 5 years of experience, CASP certifies critical thinking and judgment across a broad spectrum of security disciplines and requires candidates to implement clear solutions in complex environments.

Mike7

TheFORCE wrote: »

Like OctalDump mention CASP requires experience to qualify

Can understand by looking at the 8570 chart at https://www.isc2.org/dod-8570-cap-certification.aspx
CISSP, CASP and CISA/CISM are in the same job function.

There is no endorsement process for CASP unlike CISSP, CISA or CISM; you are certified upon passing the exam.

OctalDump is probably referring to hands-on experience.

TheFORCE

Mike7 wrote: »

Can understand by looking at the 8570 chart at https://www.isc2.org/dod-8570-cap-certification.aspx
CISSP, CASP and CISA/CISM are in the same job function.

There is no endorsement process for CASP unlike CISSP, CISA or CISM; you are certified upon passing the exam.

OctalDump is probably referring to hands-on experience.

Right but again, the endorsement was not the issue, its the years of experience that he does not have that will make him qualify for it becomes the issue. ISC2 has an "Associate of ISC2" for those who don't meet the years of experience, does Comptia have something similiar? If so, then that does change things.

Mike7

TheFORCE wrote: »

Right but again, the endorsement was not the issue, its the years of experience that he does not have that will make him qualify for it becomes the issue. ISC2 has an "Associate of ISC2" for those who don't meet the years of experience, does Comptia have something similiar? If so, then that does change things.

Nope. No "Associate of CompTIA".
He only has to pass the exam. I passed my exam on 15th April and received the CASP certification confirmation email a day later. When I registered for the exam, I do not recall being asked about the years of experience either.

His company needs him to be certified for DOD work. Out of the few options, only SANS and CASP do not have experience requirements. SANS exams are just expensive, so that leaves CASP.

OctalDump

TheFORCE wrote: »

Like OctalDump mention CASP requires experience to qualify. Below is from the Comptia website. How is your employer making you take this exam i don't understand it, even if you pass it you wont qualify for the designation. Sec+ on the other hand requires less experience. You should bring that up to your employer's attention.

Yeah, it's just the 'recommended' experience that CompTIA says, it's no means a requirement. If you are so inclined, you could walk in off the street, pass the exam and become CASP certified with NO IT experience.

Recommended Experience
10 years experience in IT administration, including at least 5 years of hands-on technical security experience

Not sure if I am misremembering or if the changed it, but I thought it was 10 years in Info Sec. 5 years makes a bit more sense, since it would cover all those people doing AD and group policy and firewall rules and whatnot, which feels a bit more like who the exam is aimed at. Not exactly Info Sec 'masters', just more advanced professionals, transitioning to more management role.

adrenaline19

You'll really need a step by step approach if you intend to get this cert.
Net+
Sec+
Should be first on your list. Comptia exams are tricky. You need to get the basics out of the way. Don't just take one exam thinking you can nail it. You gotta build up to it. You could possible take the first two in a month if you were locked in a library and had the right materials. Comptia is a huge fan of shitty testing as a way to weed out the plebs.

captaininsanoi

Thank all of you guys for your feedback! I'll take an incremental approach and review materials for the network+ and security+ exams (not necessarily take them). I start work there in august, so I've got some time this summer to study. Once again, thank all of you.