DoD classifies CSA+ = CEH equivalently

WessenS · July 2018

Question,

For two years I’ve been holding off on CEH and it is mainly due to costs.
Today, CEH now costs $1,050 (voucher + registration).

I noticed recently that DoD classified CSA+ and CEH on the same requirement levels of approved baseline certifications. My question is, since CSA+ is now classified on the same level of CEH which CSA+ only costs $340? Shouldn’t that be a no brainer for focus in order to meet the DoD requirements? Should I now shift gears towards CSA+? I guess I’d also like to know if job requirements updated with including CSA+ and not just CEH.

Last time i was in the job market, CEH was everywhere. Hopefully HR now includes CsA+?
but here’s a dumb thing. I have CASP ce. So on comptia’s scale I surpassed CSA+ already.
I guess I am getting CEH cause it was on a lot of job requirements and I want to solidify my resume. But now CSA+ came out.

Thoughts??

Thanks in advance Gents.

LordQarlyn · July 2018

While it may be expedient to get the CSA+ for DoD certification requirements, I agree that CEH is more in demand by employers across many sectors. I was facing a similar decision a few years back. CASP is considered equivalent to the CISSP for 8570 IAM III purposes so I had considered going CASP then CISSP, but then decided getting CASP would be a waste for me, it has less market value than the CISSP so if I was going to get the CISSP, just jump ahead and get the CISSP.

In my observations, CompTIA certs have the most value for employment purposes for government jobs and government contractor jobs, outside of A+, which I have seen a lot in jobs posted in the private sector. That doesn't mean they are bad certs, that doesn't mean they are a waste of time. While I do type in the certification in job boards to compare hits, that is not my only criteria in deciding which certs to pursue. Done right, obtaining certs adds knowledge to you, and even practical experience, and that alone can make your more marketable even if the cert is not in high demand. A personal example often I cite, getting the Net+ cert helped me answer interview questions that got me my first IT job. The manager didn't care at all about the Net+, but he was impressed how much I knew about networks, which was because of all the preparation I did to pass the Net+ exam.

DatabaseHead · July 2018

I'm no security guru, but I typed in CEH and C|EH into Indeed and the median salary came out to 86,000, in the midwest US.

TechGuru80 · July 2018

What type of job do you want? CSA+ is a blue team, SOC analyst type certification...CEH is a red team, pentesting certification. Generally blue team needs to know in depth about both, but red team needs to know how to evade blue team, which always isn’t as in depth.

CSA+ isn’t going to be as known by HR departments...CEH has been around forever. As you said, you already have CASP, so CSA+ is a step down so I’m not sure that makes sense...it would be like having a CISSP and going for SSCP to “open more doors.”

L0rdN1k0n · July 2018

IMO I thought it was this below?????

Pentest+/CEH is Red team.
CASP/CISSP is Management.
CSA+ is lonesome in Blue team.

TechGuru80 · July 2018

L0rdN1k0n wrote: »

IMO I thought it was this below?????

Pentest+/CEH is Red team.
CASP/CISSP is Management.
CSA+ is lonesome in Blue team.

CASP is more of a technical lead for blue team since they having risk management topics, but the majority of the objectives are still blue team in nature and basically a middle point.....CSA+ > CASP > CISSP.

For Pentest+, I would assume it isn't worth it until 1. it's released (July 31), and 2. more people have taken the exam.

L0rdN1k0n · July 2018

TechGuru80 wrote: »

CASP is more of a technical lead for blue team since they having risk management topics, but the majority of the objectives are still blue team in nature and basically a middle point.....CSA+ > CASP > CISSP.

For Pentest+, I would assume it isn't worth it until 1. it's released (July 31), and 2. more people have taken the exam.

I'm glad you cleared this up for me. Because I've been networking with some people at big companies, getting paid over six figures easily. And they all gave me the same advice as for getting practical certifications (eCPPT/OSCP).
Over your cookie cutter fill in the blank A, B, C, or D certifications with the exception for CISSP,CISM and others on the same level.

kaiju · July 2018

LordQarlyn wrote: »

While it may be expedient to get the CSA+ for DoD certification requirements, I agree that CEH is more in demand by employers across many sectors. I was facing a similar decision a few years back. CASP is considered equivalent to the CISSP for 8570 IAM III purposes so I had considered going CASP then CISSP, but then decided getting CASP would be a waste for me, it has less market value than the CISSP so if I was going to get the CISSP, just jump ahead and get the CISSP.

CASP is only equivalent at IAM II and IAT III because it does not meet the requirements for IAM III like CISSP, CISM and GSLC.

There many different categories under DoD 8570. CySA falls into many of those categories but also is the minimum for entry level positions. It really comes down to the position. CySA will get you the entry level position while most hiring managers will want the higher level cert (C|EH, GCIH, CISA) for the mid/sr level positions for that particular 8570 category.

LordQarlyn · July 2018

kaiju wrote: »

CASP is only equivalent at IAM II and IAT III because it does not meet the requirements for IAM III like CISSP, CISM and GSLC.

There many different categories under DoD 8570. CySA falls into many of those categories but also is the minimum for entry level positions. It really comes down to the position. CySA will get you the entry level position while most hiring managers will want the higher level cert (C|EH, GCIH, CISA) for the mid/sr level positions for that particular 8570 category.

You're right, I went to the DISA website and saw that. Maybe my eyes got blurred and thought the job reqs were referring to IAM III but were actually referring IAT III. Happened to me before many times.

kaiju · July 2018

No problem. I have written a couple guidelines that match jobs to DoD 8570 for work so I guess I have a quite bit of experience with it.

jeremywatts2005 · July 2018

What is really odd is the CySA+ matches up on almost every area as the GCIH except for one which is IAT Level III. Which they have the CASP on it. Kind of strange but the CySA+ and CASP together meet a lot of the 8570 requirements. I know some gov folks who were ticked when GCIH was placed in so many of the same categories as the GCIH let alone CEH. Those two certs are expensive as the CySA is not so much.

PCTechLinc · July 2018

Geez... I was going to let my CEH expire. With the cost of the exam doubling since I took it, I might be better off paying the annual fees just to keep it going...

kaiju · July 2018

jeremywatts2005 wrote: »

What is really odd is the CySA+ matches up on almost every area as the GCIH except for one which is IAT Level III. Which they have the CASP on it. Kind of strange but the CySA+ and CASP together meet a lot of the 8570 requirements. I know some gov folks who were ticked when GCIH was placed in so many of the same categories as the GCIH let alone CEH. Those two certs are expensive as the CySA is not so much.

I think I mentioned this before but CySA will be sufficient for the the entry-level (junior) or mid positions but C|EH, GCIH, CISA and the other higher level certs would be required for the senior level positions.
Breakdown:
IT Specialist Jr - Sec+ or CySA,ITIL foundation, MCP/CCENT, 1 year of experience, - $16~$19/hr
IT Specialist Mid - CySA (but CASP preferred), ITIL expert , MCSA/CCNA 2~5 years experience $24~$29/HR
IT Specialist Sr - C|EH/GCIH/CISA/CISM/CASP/CISSP, ITIL Master, MCSE/CCNP, 10 years of experience $40~/HR

DoD classifies CSA+ = CEH equivalently

Comments