General Thoughts About CASP...

StillStream

Failed it. FML.

ThePawofRizzo

StillStream wrote: »

Failed it. FML.

Nuts. Don't let it get you down. Brush up on your studies and attack it again!!

JDMurray

Yes, you have a very good chance of passing it on the second try. Just study up on what you felt were your weakest areas and don't wait too long before taking it again. Sign up for it now to encourage yourself to study.

bjpeter

trojin wrote: »

Good luck. It's not so hard

You are right. In my opinion, lots of the questions asked for common sense answers.

StillStream

JDMurray wrote: »

Yes, you have a very good chance of passing it on the second try. Just study up on what you felt were your weakest areas and don't wait too long before taking it again. Sign up for it now to encourage yourself to study.

I didn't feel that the exam was that hard honestly. I work in Information Assurance and my exposure to the situations/questions asked in the exam were a bit over my head because I deal with policy more than anything else. I don't configure VPN's or anything similar. The simulation questions wrecked me bad. The drag and drop ones weren't too bad. I wasn't really upset that I failed, just very disappointed; unlike last year when I failed the CISSP I was a train wreck.

I literally don't know where I want to go from here certification wise. I want to get into Pen Testing but most places want you to have experience and I don't have it. CASP is more of a hands-on type of cert and that's where the issue lies; my experience is quite minimal in that regard. Just feeling really perplexed at this point.

JDMurray

Pen testing requires hands-on technical experience too. To penetrate boxes you really need to know how the software and firmware running on hardware works. This is why good pen testers (Red Team) are also software developers. CASP is more of a security operations cert for the Blue Team people. It's good for pentesters to have Blue Team experience and know how host and network defenses work too. I think CASP is more beneficial to pentesters than, say, CISSP/CISA/CISM.

StillStream

I think that's where my issues lies. Security Operations? I have some exp in it but not enough to pass the CASP exam. Man, this sucks. I looked at my score report and nearly EVERY exam objective was listed that I scored poorly on. I felt like a ******* moron. Still do.

Remedymp

StillStream wrote: »

I think that's where my issues lies. Security Operations? I have some exp in it but not enough to pass the CASP exam. Man, this sucks. I looked at my score report and nearly EVERY exam objective was listed that I scored poorly on. I felt like a ******* moron. Still do.

Have you thought about the ISACA CSX-P?

trojin

Sorry to hear that. CASP is way more technical than CISSP and w/o experience is hard to pass. I thought you are aware about experience requirements.

stryder144

Remedymp wrote: »

Have you thought about the ISACA CSX-P?

What ever happened to the CSX-E (expert) certification they were showing on their site last year?

asiru77

in my opinion CASP is pure technical , no or minimal GRC

Ertaz

StillStream wrote: »

I think that's where my issues lies. Security Operations? I have some exp in it but not enough to pass the CASP exam. Man, this sucks. I looked at my score report and nearly EVERY exam objective was listed that I scored poorly on. I felt like a ******* moron. Still do.

Dude, the test is hard. As I've said in may threads, it's tougher than the CISSP. Don't feel bad man. Get right back on that horse.

Remedymp

stryder144 wrote: »

What ever happened to the CSX-E (expert) certification they were showing on their site last year?

From what I know, they're putting their resources behind CSX-P from a marketing and test takers perspective. Too many certs, not enough people to sit them.

I want to say CISSP is pretty massive road block for them.

stryder144

Remedymp wrote: »

From what I know, they're putting their resources behind CSX-P from a marketing and test takers perspective. Too many certs, not enough people to sit them.

I want to say CISSP is pretty massive road block for them.

It would be a good idea, from my perspective, to position their certifications in such a fashion that it creates an easily understood ISACA certification road map. Meaning, CSX-F > CSX-P > CISA > CSX-E > CISM. Then, they would need to market it in such a fashion that hiring managers will see the value of that road map. Until then, it will be the oddity in the bunch, a curiosity to many managers.

Remedymp

stryder144 wrote: »

It would be a good idea, from my perspective, to position their certifications in such a fashion that it creates an easily understood ISACA certification road map. Meaning, CSX-F > CSX-P > CISA > CSX-E > CISM. Then, they would need to market it in such a fashion that hiring managers will see the value of that road map. Until then, it will be the oddity in the bunch, a curiosity to many managers.

CISA is more GRC than it is Cyber Sec base.

My biggest to complaint to ISACA at the last conference was that everything they have to offer is expensive! Even as a member, it's expensive!

It would be great if they could create their own Masters degree program based on Information Assurance that includes their certs and training in a way that makes more use of the Membership. I believe SANS has something like this already.

JDMurray

Remedymp wrote: »

My biggest to complaint to ISACA at the last conference was that everything they have to offer is expensive! Even as a member, it's expensive!

That's because ISACA expects businesses to buy their goods and services and not individuals. Because "you get what you pay for," it's gotta be expensive to be good!