CSA+....Any word on DoD certification and what category it will fall under

LSageeLSagee Member Posts: 48 ■■■□□□□□□□
I have been scouring the internet for some info on this. I know we are still waiting for the CSA+ to be blessed off on for the DoD to put it in the 8140 framework.

Besides a current approval timeline, I have not been able to find anything on where it is going to fall under on the framework. I am military and am trying to apply for a position in a different occupational field. Certs add great "weight" to my application packet and I have CASP so that covers IAT III, IAM II, and IASAE II. Finishing my degree in Feb. isn't going to hurt either. (I cannot wait for this wild ride to come to an end so I can get my weekends back!)

I would like to add another cert to the mix to strengthen my packet since I am at a bit more of a disadvantage than others as my current job is not IT related. I am wondering if anyone knows if the CSA+ is slated to fall under any of the CSSP areas like the CEH and if so, will it cover all the areas CEH does? I am paying out of pocket for my certs so I am not about to drop $950 down for the privilege of sitting for the CEH.

Comments

  • palmett0palmett0 Member Posts: 19 ■□□□□□□□□□
    On the Comptia site here: https://certification.comptia.org/it-career-news/post/view/2017/03/27/comptia-csa-your-questions-answered

    it says they are hoping to hear back from the DoD in the Spring.
    The CSA+ is very Blue Team oriented in my opinion. I would speculate it will fall into the CSSP boxes along with those the CEH is in. I do not believe Comptia has a cert satisfying any of those requirements and this is probably their way of trying to get in on that. Again; this is just total speculation on my part. I already have the CEH and am planning on taking the CSA+ very soon.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Did I miss something? Why do you have Security+ AND CASP but you work in something not IT? Are you in IA? CISSP is the gold standard for 8570...do you have a computing environment certification?
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    It looks like he has them in order to add weight to his retraining package.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • LSageeLSagee Member Posts: 48 ■■■□□□□□□□
    TechGuru....I am trying to reclass into the cyber field. Since my main job is non-IT, I am working my butt off to have a competitive packet as others who are applying for the field I am trying to get into are in IT. I am finding that just having the CASP and a soon to be BS in Cyber Security is far beyond what most people have so I feel pretty good about my chances but the military has a way of making just about anything a secondary consideration. I do not have an environment cert. I am finishing a class in Linux though that pretty much covers Linux+ so I have been debating whether to try for Linux+ (and get the ITIL cert) or do CSA+. I studied for 2-3 weeks for CASP while doing my job and school and though it was hard and frustrating, it was not extremely overwhelming since it was within the scope of my degree. Looking at the CSA+ rubric, I am familiar with most of the topics from my previous classes so I don't see much study time needed, maybe a week or two. I just don't want to spend money on the CSA+ if it won't be on the DoD checklist as I will be working on my capstone around the time I would take the cert test. Linux+ on the other hand seems like I will need to invest considerably more time to complete and I am not sure of the ROI on that in the military.

    palmett0....I saw that too. From what I got out of it, it seems like spring meant spring of this year which has past. There was also talk of maybe an answer on its validation in 1-5 months. I am more interested in where it will fall in the framework. I too think it should fall under CSSP somewhere, but as you pointed out it is very blue team and with CompTIA puking out the CPT+ I wonder how it is all going to tie together. It makes me think that the CSA+ will not cover as many areas as the CEH. If the CSA+ covers just one area under CSSP as opposed to say, 3 or 4 of the 4, I think I will find myself reallocating my time and $ elsewhere. I have a few months before I submit my packet so I am trying to plan out my future for the short term.
  • palmett0palmett0 Member Posts: 19 ■□□□□□□□□□
    LSagee wrote: »
    TechGuru....I am trying to reclass into the cyber field. Since my main job is non-IT, I am working my butt off to have a competitive packet as others who are applying for the field I am trying to get into are in IT. I am finding that just having the CASP and a soon to be BS in Cyber Security is far beyond what most people have so I feel pretty good about my chances but the military has a way of making just about anything a secondary consideration. I do not have an environment cert. I am finishing a class in Linux though that pretty much covers Linux+ so I have been debating whether to try for Linux+ (and get the ITIL cert) or do CSA+. I studied for 2-3 weeks for CASP while doing my job and school and though it was hard and frustrating, it was not extremely overwhelming since it was within the scope of my degree. Looking at the CSA+ rubric, I am familiar with most of the topics from my previous classes so I don't see much study time needed, maybe a week or two. I just don't want to spend money on the CSA+ if it won't be on the DoD checklist as I will be working on my capstone around the time I would take the cert test. Linux+ on the other hand seems like I will need to invest considerably more time to complete and I am not sure of the ROI on that in the military.

    palmett0....I saw that too. From what I got out of it, it seems like spring meant spring of this year which has past. There was also talk of maybe an answer on its validation in 1-5 months. I am more interested in where it will fall in the framework. I too think it should fall under CSSP somewhere, but as you pointed out it is very blue team and with CompTIA puking out the CPT+ I wonder how it is all going to tie together. It makes me think that the CSA+ will not cover as many areas as the CEH. If the CSA+ covers just one area under CSSP as opposed to say, 3 or 4 of the 4, I think I will find myself reallocating my time and $ elsewhere. I have a few months before I submit my packet so I am trying to plan out my future for the short term.

    I agree with you on the cost vs potential benefit.
    I may be wrong but back when I took the CEH, EC Council wanted candidates to have a certain number of years (2 I think) in IT security experience and asked for a manager's letter of reference written on official company letterhead to vouch you were a valid candidate to take the exam. Just something to think about. Your degree program may satisfy that requirement.

    Best of luck! Having the CASP should help you out for IAT3 posts. That and/or CISSP are both on my to-do list; but I don't feel ready for them yet.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    If you take the CEH through an approved training organization EC-Council will wave the two year requirement.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    When would your reclass happen? I would assume Security+ would be common but I agree your CASP has to put you ahead. If you did a CE, I probably wouldn’t do Linux I would do Windows or Cisco as you are more likely to run into one of those than Linux.

    Also for CEH, you couldn’t qualify for the exam only route as you don’t have the experience...it requires two years to self study. You would have to take a course so it would actually be more expensive.

    There is another option you could try. SANS offers a work study program..makes course $1,100 plus any travel. You would have to be able to attend in person though so that might not be feasible...I just bring it up because the material is fantastic and would make you standout as I’m sure nobody changing probably has one from GIAC.
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    Those certs make you a good candidate for 25B, IT Specialist. The Cyber defender and the Cyber Ops look at more than just certification. My old supervisor, who had the certs and came from the 25B field failed. I believe there is rank, performance and a few other things. Why not just get the C|EH?
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    I could see it popping up in the 50's. No idea when it would happen though, but those look to be the ones that relate to what CSA+ covers.
  • LSageeLSagee Member Posts: 48 ■■■□□□□□□□
    Concerning CEH, my understanding is Skillport (which is free for mil) meets the requirements for approved training so that part is covered. The price is the sticking point. I would love to get some SANS under my belt but again, the price is the sticking point, $650ish was rough enough to stomach, but $900+ is just ridiculous for CEH and my unit is not authorized to fund it. Contrary to popular opinion, I don’t have a ton of money to throw around with my enlisted pay. I submit my packet mid next year, if approved I will be able to reclass. I believe you are right about Linux, I am probably going to skip it as the DoD is mainly a Windows environment. I’ll let them pay for Linux when I get to that bridge and they need me to cross it.

    xxxkaliboyxxx.... I understand that certs are not the end all be all, that is why I am finishing my degree and also getting some OJT right now in IT/IA to make a strong packet.

    I appreciate everyone chiming in on this.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    The DISA site has the latest listing of approved certifications. It now includes the CSA+.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
    stryder144 wrote: »
    The DISA site has the latest listing of approved certifications. It now includes the CSA+.

    Praise the lord! icon_cheers.gif GCIH now level 3? icon_scratch.gif
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • LSageeLSagee Member Posts: 48 ■■■□□□□□□□
    Good find! That sealed the deal for me. I just bought my voucher and am going to test out on the earliest date possible I can get once I get my voucher number. I know some people have their qualms about CompTIA but in terms of DoD recognition, paying $203 for a CSA+ voucher vs $950 for a CEH voucher (plus possible additional expenses)...its a no brainer.

    Still deciding on which book to study. Safaribooks has all of them.
  • palmett0palmett0 Member Posts: 19 ■□□□□□□□□□
    LSagee wrote: »
    Good find! That sealed the deal for me. I just bought my voucher and am going to test out on the earliest date possible I can get once I get my voucher number. I know some people have their qualms about CompTIA but in terms of DoD recognition, paying $203 for a CSA+ voucher vs $950 for a CEH voucher (plus possible additional expenses)...its a no brainer.

    Still deciding on which book to study. Safaribooks has all of them.

    I read the All in One. It is an ok source but I feel as if it could have gone into more detail on some topics. I am considering getting another book to go through before taking the exam. I too purchased a voucher. Thanks for the link stryder144!
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    LSagee wrote: »
    Good find! That sealed the deal for me. I just bought my voucher and am going to test out on the earliest date possible I can get once I get my voucher number. I know some people have their qualms about CompTIA but in terms of DoD recognition, paying $203 for a CSA+ voucher vs $950 for a CEH voucher (plus possible additional expenses)...its a no brainer.

    Still deciding on which book to study. Safaribooks has all of them.

    Hey man, I'm with you on that one. If your unit isn't paying and I wouldn't suggest using your GI bill for the CEH, go for the CSA+. That's awesome for the CSA+, since I have my own issues with EC-Council that I don't need to voice here.

    TBH LSagee, no one gives a *$*# about CompTIA or C|EH outside of DoD. It's all about CISSP, Sans and actual knowledge in the private sector. That was my biggest shocked when I went 100 percent private. What you mean you don't care my star on my airborne wings! LOL.

    I believe ITPRO.TV has a CSA+, get a free trial and watch the 20 hour video.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • LSageeLSagee Member Posts: 48 ■■■□□□□□□□
    Hi everyone.

    I thumbed through a few books on Safaribooks this weekend and brushed up on some attacks, logs, and relevant applications. CASP was still pretty fresh in my mind so I think I put in a total of 5 hours of study. Honestly, I was burnt out from the CASP so I just didn’t have the will power to commit to meaningful study.

    Long story short, I passed CSA+ this morning! Total test time was about 75 min. If you have passed the CASP, this test is not terribly difficult. Almost all the questions are straightforward and are not tricky if you use the process of elimination. I will say I was not impressed with the PBQs though. One in particular had me going WTF I am I looking at?!

    My CompTia security trifecta is complete! Finished in 11 months with 6 month break for a total of 5 months of actual study. Now I am going to take a break from certs for a little bit. I just don’t have enough mojo in my tank to do both cert study and college.

    Final thought, if you have passed CASP and can read logs, and know basic utilities like nmap you will do fine on the CSA+.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    Congrats! Awesome job!
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • palmett0palmett0 Member Posts: 19 ■□□□□□□□□□
    Congrats!
    I realize you leaned on your knowledge from the previous exam prep, but in your opinion did you find any of the CSA+ books on Safari more useful than the others?
  • LSageeLSagee Member Posts: 48 ■■■□□□□□□□
    Sorry I can't really say. I just jumped around the 3 books on Safari, mainly looking at the review questions. I didn't spend enough time in them to even give an assessment of first impressions.
  • EsmilloEsmillo Member Posts: 9 ■■□□□□□□□□
    CSA has been approved a[FONT=&quot]nd is now in the following categories:[/FONT]
    [FONT=&quot]IAT Level II, CSSP Analyst, CSSP Infrastructure Support, and CSSP Incident Responder, CSSP Auditor[/FONT]
  • airzeroairzero Member Posts: 126
    Esmillo wrote: »
    CSA has been approved a[FONT=&amp]nd is now in the following categories:[/FONT]
    [FONT=&amp]IAT Level II, CSSP Analyst, CSSP Infrastructure Support, and CSSP Incident Responder, CSSP Auditor[/FONT]

    Where did you see this information?

    edit: nevermind found it here https://www.comptia.org/about-us/newsroom/press-releases/2017/10/17/comptia-csa-certification-approved-for-dod-information-assurance-workforce-improvement-program
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    airzero wrote: »

    Yeah, the CSA+ is the new best bang for your buck in the DoD sector, good stuff.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • connormconnorm Member Posts: 11 ■□□□□□□□□□
    Looks like DISA finally updated the baseline on their site. Glad there is finally a competitor to the CEH.

    https://iase.disa.mil/iawip/Pages/iabaseline.aspx
    Degree: B.S. Computer Information Systems
    Currently Working On: CCNA
    2018 Certs: CAP, C|EH
    Future Certs: PenTest+,
    CySA+
    , CCNA Security
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    You people all realize that the pay in government-sector jobs is much worse than the pay for the equivalent private-sector jobs? Private and commercial industries are really hurting for InfoSec people right now. Why do the same work for less money? For the retirement benefits?
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    This is just my personal opinion so take it with a grain of salt.

    DoD skill level wise is far below the baseline in the industry. Any Joe Smole off the street with a clearance and a certification for the job can get it. Most won't be able to compete in the private sector to be honest.

    Most DoD jobs when I interviewed, I interviewed for an instructor job at DLI in Monterey, Cali, you would think their technical interview would be top notch, nope! It was a joke. Needless to say, they selected me. I ended up going private. Most good companies are good at spotting bs in technical interviews. DoD, not so much.

    Another example is the biggest dirtbag I have ever met, got a job at fort Campbell GS9, I assume clearance, disability preference, blah, blah. Once you are in, it will take an act of God, literally to get fired.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • LSageeLSagee Member Posts: 48 ■■■□□□□□□□
    JDMurray - I am active duty military and half way to my 20. I am trying to make a MOS change to the IT field for my last 10. That is why I earned the certs I have for the infosec field. When I'm done I plan to shift to the private sector while collecting a nice pension.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    This is just my personal opinion so take it with a grain of salt.DoD skill level wise is far below the baseline in the industry. Any Joe Smole off the street with a clearance and a certification for the job can get it. Most won't be able to compete in the private sector to be honest.Most DoD jobs when I interviewed, I interviewed for an instructor job at DLI in Monterey, Cali, you would think their technical interview would be top notch, nope! It was a joke. Needless to say, they selected me. I ended up going private. Most good companies are good at spotting bs in technical interviews. DoD, not so much.Another example is the biggest dirtbag I have ever met, got a job at fort Campbell GS9, I assume clearance, disability preference, blah, blah. Once you are in, it will take an act of God, literally to get fired.

    This matches my DoD experiences with as well. They were more interested in placing a warm body with a clearance and the right certs in a chair to meet their contract obligations rather than being the best. I went private and doubt I'd go back.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • spiderjerichospiderjericho Registered Users, Member Posts: 890 ■■■■■□□□□□
    yoba222 wrote: »
    This matches my DoD experiences with as well. They were more interested in placing a warm body with a clearance and the right certs in a chair to meet their contract obligations rather than being the best. I went private and doubt I'd go back.

    To be perfectly candid. It’s always a numbers game. Quantity over quality. I could probably go on several rants but will opt not to.

    OP, what MOS are you switching to? 25D? 17 whatever?
  • LSageeLSagee Member Posts: 48 ■■■□□□□□□□
    I am trying to go 17whatever. Keeping my fingers crossed for later this year.
Sign In or Register to comment.