General Thoughts About CASP...

2»

Comments

  • StillStreamStillStream Member Posts: 28 ■□□□□□□□□□
    Failed it. FML.
  • ThePawofRizzoThePawofRizzo Member Posts: 389 ■■■■□□□□□□
    Failed it. FML.

    Nuts. Don't let it get you down. Brush up on your studies and attack it again!!
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Yes, you have a very good chance of passing it on the second try. Just study up on what you felt were your weakest areas and don't wait too long before taking it again. Sign up for it now to encourage yourself to study.
  • bjpeterbjpeter Member Posts: 198 ■■■□□□□□□□
    trojin wrote: »
    Good luck. It's not so hard :)

    You are right. In my opinion, lots of the questions asked for common sense answers.
    2021 Goals (2): SSCP, eCPPT
    Achieved (27): Certified Associate in Python Programming, Microsoft Certified: Azure Fundamentals, PenTest+, Project+, CySA+, Flutter Certified Application Developer, OCP Java EE 7 Application Developer, CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP+, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
  • StillStreamStillStream Member Posts: 28 ■□□□□□□□□□
    JDMurray wrote: »
    Yes, you have a very good chance of passing it on the second try. Just study up on what you felt were your weakest areas and don't wait too long before taking it again. Sign up for it now to encourage yourself to study.

    I didn't feel that the exam was that hard honestly. I work in Information Assurance and my exposure to the situations/questions asked in the exam were a bit over my head because I deal with policy more than anything else. I don't configure VPN's or anything similar. :\ The simulation questions wrecked me bad. The drag and drop ones weren't too bad. I wasn't really upset that I failed, just very disappointed; unlike last year when I failed the CISSP I was a train wreck.

    I literally don't know where I want to go from here certification wise. I want to get into Pen Testing but most places want you to have experience and I don't have it. CASP is more of a hands-on type of cert and that's where the issue lies; my experience is quite minimal in that regard. Just feeling really perplexed at this point.
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Pen testing requires hands-on technical experience too. To penetrate boxes you really need to know how the software and firmware running on hardware works. This is why good pen testers (Red Team) are also software developers. CASP is more of a security operations cert for the Blue Team people. It's good for pentesters to have Blue Team experience and know how host and network defenses work too. I think CASP is more beneficial to pentesters than, say, CISSP/CISA/CISM.
  • StillStreamStillStream Member Posts: 28 ■□□□□□□□□□
    I think that's where my issues lies. Security Operations? I have some exp in it but not enough to pass the CASP exam. Man, this sucks. I looked at my score report and nearly EVERY exam objective was listed that I scored poorly on. I felt like a ******* moron. Still do.
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    I think that's where my issues lies. Security Operations? I have some exp in it but not enough to pass the CASP exam. Man, this sucks. I looked at my score report and nearly EVERY exam objective was listed that I scored poorly on. I felt like a ******* moron. Still do.

    Have you thought about the ISACA CSX-P?
  • trojintrojin Member Posts: 275 ■■■■□□□□□□
    Sorry to hear that. CASP is way more technical than CISSP and w/o experience is hard to pass. I thought you are aware about experience requirements.
    I'm just doing my job, nothing personal, sorry

    xx+ certs...and I'm not counting anymore


  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    Remedymp wrote: »
    Have you thought about the ISACA CSX-P?

    What ever happened to the CSX-E (expert) certification they were showing on their site last year?
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • asiru77asiru77 Member Posts: 65 ■■□□□□□□□□
    in my opinion CASP is pure technical , no or minimal GRC
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    I think that's where my issues lies. Security Operations? I have some exp in it but not enough to pass the CASP exam. Man, this sucks. I looked at my score report and nearly EVERY exam objective was listed that I scored poorly on. I felt like a ******* moron. Still do.

    Dude, the test is hard. As I've said in may threads, it's tougher than the CISSP. Don't feel bad man. Get right back on that horse.
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    stryder144 wrote: »
    What ever happened to the CSX-E (expert) certification they were showing on their site last year?


    From what I know, they're putting their resources behind CSX-P from a marketing and test takers perspective. Too many certs, not enough people to sit them.

    I want to say CISSP is pretty massive road block for them.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    Remedymp wrote: »
    From what I know, they're putting their resources behind CSX-P from a marketing and test takers perspective. Too many certs, not enough people to sit them.

    I want to say CISSP is pretty massive road block for them.

    It would be a good idea, from my perspective, to position their certifications in such a fashion that it creates an easily understood ISACA certification road map. Meaning, CSX-F > CSX-P > CISA > CSX-E > CISM. Then, they would need to market it in such a fashion that hiring managers will see the value of that road map. Until then, it will be the oddity in the bunch, a curiosity to many managers.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    stryder144 wrote: »
    It would be a good idea, from my perspective, to position their certifications in such a fashion that it creates an easily understood ISACA certification road map. Meaning, CSX-F > CSX-P > CISA > CSX-E > CISM. Then, they would need to market it in such a fashion that hiring managers will see the value of that road map. Until then, it will be the oddity in the bunch, a curiosity to many managers.

    CISA is more GRC than it is Cyber Sec base.

    My biggest to complaint to ISACA at the last conference was that everything they have to offer is expensive! Even as a member, it's expensive!

    It would be great if they could create their own Masters degree program based on Information Assurance that includes their certs and training in a way that makes more use of the Membership. I believe SANS has something like this already.
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Remedymp wrote: »
    My biggest to complaint to ISACA at the last conference was that everything they have to offer is expensive! Even as a member, it's expensive!
    That's because ISACA expects businesses to buy their goods and services and not individuals. Because "you get what you pay for," it's gotta be expensive to be good!
Sign In or Register to comment.