A few questions on CISSP, CASP and CRISC

mnashe

my main focus of studying has been on network security, as it closely relates to my job. I'm looking to get my CISSP in early 2017, as long as I can keep my current studying pace.

Few questions though, is CASP a good cert to go along with CISSP or is it overkill? If both are good, should I do one before the other?

I've heard government jobs require Comptia certs. Based on where I live, I don't think I'll be applying for those types of jobs.

My final question is about CRISC. I'm not so sure what I do now would qualify for this exam but that aside, is this a worthwhile certification? I'm not so much asking about the exam itself, but more of the job role, career choice wise?

Thanks!

Remedymp

Do the CISSP before the CASP. CRISC isn't going to help you in this regard for your current role.

beads

CRISC is excellent if your headed down the CRO (Chief Risk Officer) role or something similarly esoteric. Otherwise its a bit of an unknown to most people.

Not that its a bad exam by any means but has a very small targeted audience for now. Oh wait, I can tell you its really pretty basic mathematically speaking as risk is always calculated as today, not modeled or projecting into the future. So from an actual business standpoint I don't find the methodology to be particularly flexible or useful but introductory.

Add threat modeling and longer term risk management and it would be seriously useful. Add some 'R' and 'S' programming and all the better.

- b/eads

the_Grinch

beads wrote: »

CRISC is excellent if your headed down the CRO (Chief Risk Officer) role or something similarly esoteric. Otherwise its a bit of an unknown to most people.

Not that its a bad exam by any means but has a very small targeted audience for now. Oh wait, I can tell you its really pretty basic mathematically speaking as risk is always calculated as today, not modeled or projecting into the future. So from an actual business standpoint I don't find the methodology to be particularly flexible or useful but introductory.

Add threat modeling and longer term risk management and it would be seriously useful. Add some 'R' and 'S' programming and all the better.

- b/eads

Going to be taking CRISC next summer, appreciate the insight!

mnashe

thanks everyone. Maybe I'll put the CRISC on the back burner. I see a lot of risk analyst positions, so that's what made me think of it

Ertaz

mnashe wrote: »

thanks everyone. Maybe I'll put the CRISC on the back burner. I see a lot of risk analyst positions, so that's what made me think of it

I did the CISSP in the spring and the CASP in the summer. I agree with the earlier poster about doing the CISSP first. In my opinion the CASP is a much more technical test.

mnashe

Ertaz wrote: »

I did the CISSP in the spring and the CASP in the summer. I agree with the earlier poster about doing the CISSP first. In my opinion the CASP is a much more technical test.

Thanks. This is how I was planning on doing it. Just wanted to make sure that would be the advised order.

trueshrewkmc

Sat CASP in July 2016 because I needed it or CISSP for my current job. The 6 hour exam time for CISSP scared me away from it. I hated to waste all the study effort from CASP, so I sat CISSP in October 2016. Passed 'em both. (Not endorsed yet so cannot add CISSP to profile.) The Sybex CISSP book is almost detailed enough to pass for a CASP book. CASP is much more straightforward than CISSP.

CISSP will drill you on the concepts and CASP will drill you on the details.

It's a lot harder to find CASP training and materials than it is to find CISSP materials. CISSP fulfills the entire continuing ed requirement for CASP. CASP meets the experience waiver requirement for CISSP (1 year off the 5 year total). It can be useful to take CASP first and CISSP second.

MJK9550

trueshrewkmc wrote: »

so I sat CISSP in October 2016. Passed 'em both. (Not endorsed yet so cannot add CISSP to profile.)

so how does the whole endorsement thing work for the cissp?