Should I go for CASP

First off, I kinda understand the reasoning for CASP. It is mainly geared for DOD. I am in the guard but I also work full time in IT with a bit of infosec in the civilian world. I have A+, Sec+, CCNA R&S, and C|EH. My current employer really likes the fact that I go above and beyond on self study and going for certs. I almost have my supervisor talked into paying for a week long bootcamp for CASP. Is this something I should go for? I have been studying for this cert on and off for about six months. I have the CompTIA book and have been watching the Skillport videos. I figure this will be a good one to go after before tackle OSCP and then later CISSP.

Thoughts? My only out of pocket expense will be travel about an hour and a half each day to the bootcamp for a week.

Find more posts tagged with

Comments

TechGuru80

Sounds like a pretty low cost to me...why not. Just be warned though...CASP will not prepare you for OSCP though so if you want to go the pentest route....I would convince them to pay for GPEN with SANS training instead.

swamprat

If work is willing to apy for it, definitely do it.

I don't think any IT professional can ever go wrong learning more security. Every breach, hack, etc you read about in the news has some component of someone failing at security. Improving your security skills and knowledge can only be good (particularly if someone else is paying for it).

OctalDump

CASP is sort of Security Engineering, tending towards senior or team lead level. It's fairly broad, and requires fairly broad knowledge. They suggest 10 years of IT experience, to give an idea of the kind of knowledge you need to have. You can do it with much less than that, as long as you have the breadth. It's more practical focus than CISSP, in that they expect that you to know things like configuring and engineering.

It covers some ground that you would have gone over in CCNA, Sec+ and CEH. It does have a bit more on firewalls, proxies, IPS etc

Outside of DoD, I'm not sure it has a lot of visibility. The upside is that unlike CASP or SSCP, it doesn't require experience. The actual content is good in some ways because of that breadth and focus on the practical. If it matches where you are roughly in your career, it's probably worthwhile.

There's some overlap with CISSP. It's probably not great in itself for OSCP, but they both have a similar expectation of a broad background of knowledge. A better prep for OSCP is the Junior Pentest cert from eLearnSecurity.

OSCP and CASP are fairly different areas of InfoSec. CASP is more security engineering (network defence, enterprise security, security operations and implementation etc) and OSCP is pen testing (red team). So if you do have a definite path in mind, there might be better options than the CASP (or OSCP).

If you've read the book, and feel fairly comfortable, then a bootcamp might be a good way to polish up and get ready for the exam. I'd book the exam for as close to the bootcamp as you can. You tend to forget things from bootcamps fairly quickly.

p@r0tuXus

OctalDump wrote: »

CASP is sort of Security Engineering, tending towards senior or team lead level. It's fairly broad, and requires fairly broad knowledge. They suggest 10 years of IT experience, to give an idea of the kind of knowledge you need to have. You can do it with much less than that, as long as you have the breadth. It's more practical focus than CISSP, in that they expect that you to know things like configuring and engineering.

It covers some ground that you would have gone over in CCNA, Sec+ and CEH. It does have a bit more on firewalls, proxies, IPS etc

Outside of DoD, I'm not sure it has a lot of visibility. The upside is that unlike CASP or SSCP, it doesn't require experience. The actual content is good in some ways because of that breadth and focus on the practical. If it matches where you are roughly in your career, it's probably worthwhile.

There's some overlap with CISSP. It's probably not great in itself for OSCP, but they both have a similar expectation of a broad background of knowledge. A better prep for OSCP is the Junior Pentest cert from eLearnSecurity.

OSCP and CASP are fairly different areas of InfoSec. CASP is more security engineering (network defence, enterprise security, security operations and implementation etc) and OSCP is pen testing (red team). So if you do have a definite path in mind, there might be better options than the CASP (or OSCP).

If you've read the book, and feel fairly comfortable, then a bootcamp might be a good way to polish up and get ready for the exam. I'd book the exam for as close to the bootcamp as you can. You tend to forget things from bootcamps fairly quickly.

All excellent advice, once again, from the OD!

I haven't taken a bootcamp, but friends who have - have mentioned the amount of cramming they had to do and suggest staying close to the bootcamp site. A 3 hour daily commute both ways would cut down on study time and make you tired, maybe even late. I'd consider pitching a cheap hotel with continental breakfast to the boss. He all ready knows you're serious, time for him to commit and show he is too. Also, if you've spent all of this time studying and you're all ready in the armed forces (one way or another), then I'd say go for it. My understanding is (poor, albeit) that the CASP qualifies for requirements the DoD has that are on level with the CISSP, even if those who've taken both tests don't necessarily equate the two on the same level. When it comes to the work you could do for a contractor that works with/for DoD, you could be setting yourself up for alot of open doors. That's my .02.

anon1

Honestly I took the CASP test this morning and I am seriously doubting it's relevance. 85% of it was database/data center security questions. I thought it would be more in depth but cover all facets of security like an advanced Sec+. This couldn't be any further from the truth. If you don't work at a data center the cert isn't very relevant in my opinion. I actually think Sec+ is more relevant to the industry and covers more security disciplines. My next cert is going to be CEH. Sec+ is the number 1 sought cert by employers followed by CEH at number 2. If you have to pay for things out of your own pocket don't even bother with CASP imho.