Do I need CASP?

Hi guys following in the mighty footsteps of 'averageguy' I have tried to reboot my career, I feel i have a lot of skills around being a PM but wanted to go from declining sector to a growing one (info Sec) so I have done:

ISC2: SSCP and CISSP - all done and endorsed
Cisco cyber Ops: and may do Pro early next year
Comptia: CySA+
ISACA: CISM but need to get it signed off, will do CISA and CRISC
IAPP: CIPP/E and am thinking about CPT and CPM but far from convinced
Azure/AWS: Have a Admin and Security certs in both

Is it worth me doing CASP? what do you think it might add? ...am tempted but think it might just look like a badge collection process

Any views?

thanks

Find more posts tagged with

Comments

JDMurray

What's your purpose for getting all of these certs? To acquire knowledge to be a better Information Security professional, or to get more letters on your resume to increase your chances of getting a first-round interview?

To be a better pro, you can read and study any certification material without taking the cert exam, so do spend some time reading up on the objectives of CASP+ and it will help you fill in some holes in your InfoSec knowledge. If you are looking to make your resume more attractive to hiring managers, do some searching on the major job boards and check how many job postings mention "CASP" and that will indicate its importance to your resume and interview desirability. How important any certification is to your getting hired is entirely determined by the people who make the hiring decisions, and you find out what they want by looking at their job postings.

yoba222

No. Too many certs. If you add twice as many certs as you have, instead of looking twice as appealing, you'll look like a paper tiger. I think you're right about at the limit as-is, at least until you're doing infosec.

test4500

JD - Yes i have done the course ...and feel i know the material but purpose is entirely to get me interviews, I think with CISSP I have proven I know the material but its just not getting me interviews at the moment.

Yoba - Yes thats the concern looking like a paper tiger ....I suspect lots of people are looking like that at the moment!

thanks

kaiju

There is no need for CASP if you already have CISSP and CISM.

yoba222

To clarify, I'm not discouraging getting the CASP+ for the experience and learning growth it brings. I've been tempted to go after this one for a couple of years now and might still do it for that reason. Though I'll likely get the CISSP first, and then only put that one on the resume. Getting to the point now where I'm leaving off irrelevant certs/ associates degrees because there's too many.

You already have a really decent cert pedigree going on.

SteveLavoie

I feel you have a lot of certification for someone not working already in the field of infosec. I know you do them for transitionning but it look like you are collectionning them. In that regard, CASP+ is Comptia equivalent for CISSP. There is not much value go get it.

DiffieHellman173

Hiring managers want to see real world experience on your resume. If it were me I would be in the business of collecting that. Certifications are great additions to backup what you have done and show you have motivation to stay current in the field. But again experience in the field > all. I took CASP and learned a great deal of knowledge however, the main goal was because DOD requires it for higher levels of IAT/IAM appointments.

test4500

Yes i get your point about experience ....but I can only play the cards I have!

DiffieHellman173

test4500 said:

Yes i get your point about experience ....but I can only play the cards I have ...

What about entry level IT Service Desk job? This would help get the feet wet and with all of those certs and motivation I'm sure you would move up very quick. Just my 2 cents.

SteveLavoie

What is your current experience and job? Are you in IT and looking to shift toward infosec ?

test4500

Hi I am pretty experienced in IT and Project Management so help desk not for me right now (...but if things get worse.....) i think the main value add I offer is in delivery of programs ...or the productionising of work that is frequently done ad hoc.

E Double U

test4500 said:

Is it worth me doing CASP? what do you think it might add? ...am tempted but think it might just look like a badge collection process

If you are considering a certification without knowing what it might add then I definitely think you are a badge collector. Nothing wrong with that in itself because at this point in my career I believe I am also collecting certs as a hobby besides the ones that are required by my employer. But when someone with CISSP and CISM that is considering other ISACA credentials asks others about the worth of CASP it seems odd to me.

I wonder how your actual experience matches up against the credentials that you currently hold. You mentioned CISSP is not getting you interviews so you might not actually have the experience desired for the roles you are applying for. More certifications will not fix that. There is a possibility that you do have the knowledge/skills, but just a poor resume perhaps.

I vote no on CASP unless you are targeting a position that requires it. If you notice that CASP is regularly mentioned in job postings for your area then knock yourself out, but if (ISC)2 and ISACA credentials are not getting you the responses that you want then I am doubtful about CompTIA.

Just my $0.02

test4500

......some interesting points

- 'considering a certification without knowing what it might add' ....some points to consider, its often hard to determine the value of something until you have it, one of my challenges throughout my career to colleagues who 'claim' to have vast knowledge is ....where is the independent third party verification (certification) ....how is CASP respected in the infosec community, how many CASPS are there ....I think there are 150K CISM's, 130K CISSPs but how many CASP's? I cannot find this number

Also ISACA and ICS2 both offer additional certs .....but some times one wins out .....IAPP for Data Privacy for example, I really don't see ISACA's Data Privacy cert getting traction, ICS2 CCSP (am running through material now) has 7K certified and really is a well structured overview of cloud security, but how many Azure or AWS certs are there ....I have never seen CCSP asked for and done think either recruiters or hiring managers know what it is (less than 800 certified in UK).

'I wonder how your actual experience matches up against the credentials that you currently hold' ......without being defensive, I think pretty good .....(but matter of opinion I suppose) ......i have no idea how you would get through CISSP otherwise ...its just too broad in scope, is the market too tough right now? is my resume rubbish ...hmmmm.....am thinking hard on this one!

'I am doubtful about CompTIA' ...me too!....and I think that's my problem ...i like the materials, i like what comptia is trying to do ....but am not sure they are getting traction in the market, for me skill wise it's low hanging fruit to get CASP ....but the cost/value concerns me

thanks for your comments

E Double U

The amount of holders of a particular certification doesn't really matter to me so I do not understand the motivation to know the number. How respected a cert is can vary depending on region, industry, and hiring managers personal biases. Are you making a correlation between what is respected with what is in demand? Several people on this forum do not respect CEH, but that does not stop it from being listed in job postings. I know successful professionals that place no value on certs at all while some others hold them very high. It is all subjective and should not be one's driving factor. If a consensus is what you are searching for I do not believe you will find it.

All vendors offer multiple certs and which one "wins out" when applying for a job depends on what the requirements for a job are. CCSP is just meant to be a vendor agnostic holistic view of cloud security to test understanding of concepts while Azure and AWS certs focus on hands on aspects of their solutions. I look at some certifications as complimentary to each other instead of one or the other. I have two Azure certifications that are relevant to my current environment and went for CCSP to get the bird's eye view that goes beyond the trenches. Whether recruiters know about the (ISC)2 cloud offering is not my concern.

I think one could get through any exam with enough studying and gain an experience-based certification by "modifying" his/her resume. Not that I am accusing you of that, but I made my initial comment about the experience because of you mentioning that CISSP is not getting you the attention that you seek. Maybe my point wasn't clear, but I was trying to suggest that if one has CISSP-level experience along with the credential then I do not see why that person would pursue CASP for getting over the hump. I could be wrong, but I do not see that pushing one over the edge.

SteveLavoie

E Double U said:

because of you mentioning that CISSP is not getting you the attention that you seek. Maybe my point wasn't clear, but I was trying to suggest that if one has CISSP-level experience along with the credential then I do not see why that person would pursue CASP for getting over the hump. I could be wrong, but I do not see that pushing one over the edge.

I second what E Double U said.. If CISSP cert does not get you the attention of interviewer.. getting other certs like CASP will not help at all.

charismaticx

I’m honestly surprised that the CISSP didn’t garner much interest. However, you also have a slew of other eye catching credentials. In my opinion you don’t really need CASP unless the cert really catches your eye. When I took the exam a couple years ago, I kept hearing how challenging it was. The exam wasn’t entirely difficult, but having experience in the field really helps.

I hold both CISM and CASP and I currently don’t have much interest in earning the CISSP. I’m at the point where I’m trying to specialize on my craft and not worry about eye candy.

test4500

Yes! I am surprised as well - I really liked CISSP, the courses/books/websites, learnt so much - and the fact there are only 7k CISSPs in the UK, I really felt it would make a difference! i keep reading of a shortage of infosec people but cannot see the job adverts to support that!

I think the lower level Comptia certs are great and liked the CySA+ a lot, CASP just felt like a good thing to do next. Like you having looked through the course and some videos it looks like something I can do without too much extra effort.

I would love to specialise ....Data Privacy/Cloud security etc....but getting set up in an infoSec job is proving a monumental challenge right now!

yoba222

Perhaps going the other direction and omitting some credentials from your CV might provide better response. If I were applying to be a cashier at McDonalds and I had a PhD, I'd probably leave the PhD off the application altogether.

Buckeye222

I completely disagree with what these other guys are saying. The CISSP & CISM are both management certs. The CASP is the perspective of an engineer and actually implementing the controls thought of from a management mindset. I'd get the CASP and you'd be ready to have a good grasp of both the engineering side and the management side. You don't want to get hired for your CISSP and have no idea how to implement something or why you would choose one thing over another for that particular company. I'm studying the CASP right now and it's no joke, it will definitely give you another mindset when implementing solutions.

Danielm7

test4500 said:

Hi I am pretty experienced in IT and Project Management so help desk not for me right now (...but if things get worse.....) i think the main value add I offer is in delivery of programs ...or the productionising of work that is frequently done ad hoc.

Can you define the actual experience a little more? If you're swimming in certs and not getting any traction then it's your resume or your actual experience.

++ what everyone else said too about collecting too many certs, I've been guilty of it too and sometimes just do it because the option is available through work, but you're just stockpiling at this point and there doesn't seem to be any real ROI.

If you want to know about demand, search job listings, the number of certified individuals mean nothing if hiring managers aren't asking for it. I'm sure when you search you'll see the CISSP overwhelmingly high, and I'd be surprised if you see a huge demand for the CASP in comparison.

spiderjericho

I’m still on active duty military, and just maintain my current alphabet soup of qualifications to aid in my transition. I DO have experience in my core competencies of network engineering and cyber security management.

I just got an email from ISACA for my membership fees and certification renewals. On top of that, I’ve EC Council, CompTIA and ISC2. That’s a lot of time and money for fees and continuing education credits. I’m not sure if it’s worth the ROI. It would probably be better to focus on my core competencies.

But I don’t see anything wrong with professional curiosity, self improvement, etc. I think that’s why I like the continuing education credit model (though due to non standardized vendor testing it doesn’t have the penetration and fairness a la ISC2 or ISACA).

But I think that is different from your career pursuits. I’m curious on why you’re not “popping” on alphabet soup searches. But without experience, they’ll probably low ball you. Depends.

test4500

yoba222 said:

Perhaps going the other direction and omitting some credentials from your CV might provide better response. If I were applying to be a cashier at McDonalds and I had a PhD, I'd probably leave the PhD off the application altogether.

Hi yes ...its a balancing act for sure ....look good enough but don't oversell - I have a few copies of my cv which enhance certain skills and underplay others.
thanks for reply

test4500

Buckeye222 said:

I completely disagree with what these other guys are saying. The CISSP & CISM are both management certs. The CASP is the perspective of an engineer and actually implementing the controls thought of from a management mindset. I'd get the CASP and you'd be ready to have a good grasp of both the engineering side and the management side. You don't want to get hired for your CISSP and have no idea how to implement something or why you would choose one thing over another for that particular company. I'm studying the CASP right now and it's no joke, it will definitely give you another mindset when implementing solutions.

Hi yes I get your point ....I have gone through all the CASP materials and its just about the cost and value of the exam - Like you say getting hired for your certificate is not a good thing and because of that I tend to read extensively around my topics ....but I can honestly say that i meet many many more people who thing they know more than the actually do ...than those who undersell themselves

test4500

Danielm7 said:

test4500 said:

Hi I am pretty experienced in IT and Project Management so help desk not for me right now (...but if things get worse.....) i think the main value add I offer is in delivery of programs ...or the productionising of work that is frequently done ad hoc.

Can you define the actual experience a little more? If you're swimming in certs and not getting any traction then it's your resume or your actual experience.

++ what everyone else said too about collecting too many certs, I've been guilty of it too and sometimes just do it because the option is available through work, but you're just stockpiling at this point and there doesn't seem to be any real ROI.

If you want to know about demand, search job listings, the number of certified individuals mean nothing if hiring managers aren't asking for it. I'm sure when you search you'll see the CISSP overwhelmingly high, and I'd be surprised if you see a huge demand for the CASP in comparison.

Hi good points ...short answers:
1) Am a PM solid tech background worked for M$ partner for 3 years, MCP since 2003 ...cloud certified with some limited experience ...good exposure to infosec teams and processes, think I could do at least as well as anyone else.
2) Agreed ..its not a collection thing for me as am happy to review a course without doing cert (eg....i reviewed Sec+ but it was all stuff I already knew, so instead of doing exam headed onto CySA+ and did that as was a challenge) there has to be a 'potential' ROI or I just won't do it (hence I have never done IAPP CIPT and CPM exams - there is no demand for them and no ROI

3) Yes reviewing what is being asked for is key ....but a lot of people just don't seem to grasp the level of disaster taking place right now ....ignoring the stories I am hearing and looking at the data London CISSP demand over a 3 month period 2018 - 643 || 2019 - 346 ||2020 - 233 ...so only @35% of the jobs available 2 years ago and many have to be SC ..in uk that's something you have not something you get! .......for PM's 2018 - 1210, 2019 - 770 ...and last six months 2020 - 152 .....less than 20%!!!!!

CASP btw is zero this year ...so not asked for ....but was thinking it might make a difference all the same

test4500

spiderjericho said:

I’m still on active duty military, and just maintain my current alphabet soup of qualifications to aid in my transition. I DO have experience in my core competencies of network engineering and cyber security management.

I just got an email from ISACA for my membership fees and certification renewals. On top of that, I’ve EC Council, CompTIA and ISC2. That’s a lot of time and money for fees and continuing education credits. I’m not sure if it’s worth the ROI. It would probably be better to focus on my core competencies.

But I don’t see anything wrong with professional curiosity, self improvement, etc. I think that’s why I like the continuing education credit model (though due to non standardized vendor testing it doesn’t have the penetration and fairness a la ISC2 or ISACA).

But I think that is different from your career pursuits. I’m curious on why you’re not “popping” on alphabet soup searches. But without experience, they’ll probably low ball you. Depends.

Hi yes maintaining is expensive ....I am not going to maintain my CySA+ but will for ISACA (yep got that email too $180 wasn't it!) and ISC .....am thinking hard about IAPP. I will carry on doing stuff as genuinely interested so its not exactly a task.

I really hoped the CISSP would be popping but its not ....and have no idea why ....the limited feedback on my CV from recruiters has been very good so its hard to ID and issue. My guess is demand is just sooooo low right now for new staff! The few times talked to agencies we are all happy with the numbers and I am 'flexible' on them right now. There key comment that really stuck was 'its good you are in a niche' I guess that's really bad news for all the generic PM's right now. ...also don't wont to labour the point but a recruiter at a large bank (HSBC) told me they were 12 recruiters ...but are about to become 3 ...so demand to recruit must have collapsed!

Have opted to do the CCSP this Friday as very few have it....so that with the CISSP 'might' be useful ...but also it helps tie my CISSP to my Azure Az500 cloud security exam and the AWS Security I will do later this year

E Double U

Buckeye222 said:

I completely disagree with what these other guys are saying. The CISSP & CISM are both management certs. The CASP is the perspective of an engineer and actually implementing the controls thought of from a management mindset. I'd get the CASP and you'd be ready to have a good grasp of both the engineering side and the management side. You don't want to get hired for your CISSP and have no idea how to implement something or why you would choose one thing over another for that particular company. I'm studying the CASP right now and it's no joke, it will definitely give you another mindset when implementing solutions.

It appears to me that test4500 is looking into the CASP because the other credentials he holds is not getting him the responses he is looking for. If he applies for an engineering role, I think they would hire a CISSP or CISM with the actual experience over someone with CASP who's resume does not reflect the experience they want for the role. He mentioned in this thread that CASP is low hanging fruit and is trying to compare the amount of CASP versus CISSP/CISM holders in what I feel is an attempt to get a certification that many people do not have as opposed to trying to acquire that knowledge for actual engineering. He is also going to do CCSP because "very few have it". With those things being said plus him stating that he would love to specialize in Data Privacy/Cloud security then again I see CASP as a waste of time for him since his goal appears to be getting over a recruitment hump.

I have no experience with CASP so I cannot say that it wouldn't add to someone knowledge/skills, but when someone wants it as a resume filter then it only makes sense if the credential is in heavy demand in the geographic region one is applying for jobs. I have never seen CASP requested at the level of jobs that I apply for, but always CISSP and CISM. If I don't get invited for the interview, I think it has more to do with lack of experience or resume format instead of feeling the need to pad the CV with another credential.

test4500

E Double U you make some good points, I have read though the CASP course (online and AIO), its stuff I get it, so a two week effort is doable, question is should I give CompiTia $300 and what do I get in return?

Exclusivity vs no one cares about it.....CCSP vs CASP ...not many have CCSP and it does look useful now (and maybe more so in future) vs very mixed views on CASP, and I draw the comparison here with the ISACA Data Privacy exam (CDPSE) and IAPP. I think IAPP wins but do notice ISACA promoting it well and the skills it represents.

You have CCSP what do you think of it?

The recruitment hump is a big deal right now and I see a cert as a way of neatly summarising a hundred works into just four letters!! Recruiters seem to like my CV and the way I talk to it but its a flat market!

I agree with your conclusion apart from the CV stuff - right now there are millions of CV's out there, even good ones are getting overlooked.

E Double U

@test4500

Should you give CompTIA $300? I wouldn't, but if you just have money to burn or an employer paying for it then knock yourself out.

What do you get in return? A piece of paper. You can gain the knowledge without taking the exam.

What do I think of CCSP? I did it because I work in a multi-cloud vendor environment and wanted to learn more. Not to mention I prefer vendor-agnostic certifications and my employer paid for it. It has not been a life-changer for me, but I did not expect it to be.