CASP+ vs ISSAP/ISSEP

yoba222

I wouldn't mind growing security engineering and/or architecture knowledge. I usually deal with Offensive Security type tasks, but I'm occasionally put on a project as the "security expert" and those tend to include commenting on architecture designs, evaluating security configuration of servers, and a bunch of other things slightly over my head, but hey, impostor syndrome was meant to be embraced, right?

 CASP+ is appealing to me and I'm not too concerned at this point about cert credential recognition (though CISSP is always nice to have). It's mainly more about having a  convenient goal at the end of a learning journey. I suspect I might get more out of the CASP+ than the CISSP today, since you know, for management and all. Even ISC2 themselves correlate CISSP to management and then CASP+ more to engineering/architecture.

"..The CASP+ certification is suited to professionals who want to be immersed in technology as a practitioner, while the CISSP is suited for those who want to be in management or move into management. .."     source: https://www.isc2.org/Articles/CISSP-versus-the-CASP-Certification

But wait, what about ISSAP/ISSEP? That sounds like it might fill in the voids addressed in the CASP+ that may not be addressed in the vanilla CISSP. Longer learning journey definitely, but pursuing I guess what would be either two or three CISSPs, is this a bad idea for some reason? I haven't researched either of these two specialties, and I wonder if I'm dreaming to consider it at all.

I do remember that first year getting into IT, was so exited about the prospects of first getting that A+, then Network+, and then, why not all the CompTIA tracks? Then a CCNA, then a CCNP, then of course a CCIE or two ... oh yeah let's do CCAr . . . lol am I doing that here?

beads

The ISSEP is aimed straight at covering the US Government engineering requirements and is fairly popular with that audience. Add CAP and you pretty much have a long term audit career with the US Government. The ISSAP is aimed primarily toward the more difficult questions on the CISSP. Encryption was big on my exam but that was so many years ago I'd have to see what else may or may not still be on the exam. My exam was encryption, BCP/DRM, physical and three others back in the mid-2000s. Basically a business security exam, heavy on the technology. Good idea, never took off and only appropriate for bragging rights in the field as most people never heard of it.

CASP was intended to be a more hands on security exam that comes up occasionally, I have no need today because I have a body of work to rely on instead of certifications. Never ran across this exam in the field or anyone who holds it. Any experience with the exam? I am all ears or eyeballs as the case may be.

Again, I am not ant-cert but, outgrown them over time. I am always on track to meet client needs and certs and training are certainly apart of that learning regimine.

Good luck with the cert experience!

- b/eads

yoba222

Thanks for the insight. From what I understand, CASP+ is favored by many contractors for the US DoD that have a security clearance and desire a promotion, because passing it would grant them the same qualification level as would the CISSP (IAT Level-3). They say that the questions are much more straightforward and passing it can be easier for those that have struggled and failed passing  the CISSP because of the style of ISC2's question wording. This anecdote is about 5 years old though and maybe things have changed since then. CompTIA isn't exactly renown for having straightforward wording either.

It does sound like those two CISSP specialties are unique "solutions" intended to solve problems I probably don't need solving.