CASP in June?

Finished the CISSP at the End of March. Waiting on endorsement review now. I have 20 years of experience doing Unix/Windows/Cisco Firewall (Prior certs in HPUX, Alcatel switching, Cisco Certified Security Professional) in a manufacturing and telecom environment. I've tossed around about which cert to pursue next. I plan to do the CASP while I'm waiting for my GPEN class to start. I suppose this is a trophy cert, since I don't really need it for my job. I want to have it as a hedge as I believe it does showcase tangible practitioner/assessor skills. I'm doing the Cybrary videos now. Waiting on the Pearson CASP book to come back in stock.

My thoughts are:

Only having ~80 questions is pretty appealing.
Comptia's questioning on SEC+ seemed very straight forward, so while the depth is greatly increased for CASP, the questions will be direct.
The amount of overlap with what I've already studied with the CISSP seems to be significant.

For those of you that have both:

What were your motivations for getting both?
What are your thoughts on how the content of two exams (CASP, CISSP) differ?
Have you ever been asked about your CASP cert in a job interview?

Find more posts tagged with

Comments

I can tell you that the CASP holds some weight in the DoD world due to the 8570 (8140 blah blah) requirements. Other than that I have never actually seen it posted in a job listing. I can tell you that it would probably be more for personal knowledge as I hear it is highly technical. My boss took it and passed on his second attempt. There are a few lab-type scenarios and most of the questions are more technical than the CISSP but there is some overlap, mainly in theoretical concepts. Taking the CISSP before will definitely have a positive impact on your studies.

bpenn wrote: »

I can tell you that the CASP holds some weight in the DoD world due to the 8570 (8140 blah blah) requirements. Other than that I have never actually seen it posted in a job listing. I can tell you that it would probably be more for personal knowledge as I hear it is highly technical. My boss took it and passed on his second attempt. There are a few lab-type scenarios and most of the questions are more technical than the CISSP but there is some overlap, mainly in theoretical concepts. Taking the CISSP before will definitely have a positive impact on your studies.

I am going to order the book Pearson book Friday. I'm just excited to be back in a professional development mode in my career. I will schedule the test after that.

The book was on backorder and is shipping today. I ordered the bundle, so I've had a copy of the Ebook since last week. I took the first practice exam and I definitely need to bone up. There is no "answer from a manger's perspective" slant on these. you either know it or you don't. I'm going to work through all the labs so I can be prepared.

So I'm about halfway done with the book. I can't believe the limited selection of practice tests for this exam. Transcender only offers 175 questions. The measure up questions are looking like a much more likely purchase.

I think that the CISSP might fill some of the gaps in the CASP books. I used both the Wiley/Sybex and the Pearson, and found both to be not great. The other book which I read which covers the same ground, but better, is Information Security: The Complete Reference, Second Edition.

The other thing which probably made a difference for me is that I had recently sat CCNA Security and CEH, which both cover some of the more practical aspects. I had also resat Security+ about 5 months previous.

OctalDump wrote: »

I think that the CISSP might fill some of the gaps in the CASP books. I used both the Wiley/Sybex and the Pearson, and found both to be not great. The other book which I read which covers the same ground, but better, is Information Security: The Complete Reference, Second Edition.

The other thing which probably made a difference for me is that I had recently sat CCNA Security and CEH, which both cover some of the more practical aspects. I had also resat Security+ about 5 months previous.

Thank you for the book recommendation. I am going to fiddle with the md5sum command a little and practice the ACLs on my cisco router as prep. Any other suggestions for lab work?

I'd say go for the GPEN, and while your at it throw in the GSEC too. The update for the CCSP book should be out within the next few weeks (if you are leaning towards cloud certs).

Doing the Sec+ and CASP would be a waste of time at this point, unless you wanted to get into something specific job wise.

kiki162 wrote: »

I'd say go for the GPEN, and while your at it throw in the GSEC too. The update for the CCSP book should be out within the next few weeks (if you are leaning towards cloud certs).

Doing the Sec+ and CASP would be a waste of time at this point, unless you wanted to get into something specific job wise.

I figure I'm most of the way there now. I am going to finish CASP. GPEN will be along in the next few months whenever they say go on the funding. Then I could do the cloud stuff. After the CISSP everything is just resume padding and CPEs.

Ertaz wrote: »

Thank you for the book recommendation. I am going to fiddle with the md5sum command a little and practice the ACLs on my cisco router as prep. Any other suggestions for lab work?

Honestly, I didn't do any specific lab work to prepare, just a few years of working with these techs and these kinds of problems. It does run the whole gamut, across technologies and up and down. Mostly it is relatively simple technical questions, but they might interrelate so that you might need a bit of command line with some knowledge of web security and antivirus or something. There's questions that might ask about configuring this device, and also about where you might place a device or devices in an architecture.

Haven't been hitting the books as hard as I should over the past few days due to family commitments. I just did the FedVTE practice test and made an 80 something on it without reviewing any of the courseware. I think I could probably pass the exam today, but I'm going to study exhaustively till June.

I plan to sit for mine next week. Been lazily covering the material over the last 1.5-2 months. Good luck to you OP.

thewiz8807 wrote: »

I plan to sit for mine next week. Been lazily covering the material over the last 1.5-2 months. Good luck to you OP.

Thanks man! Best wishes to you as well. Please let me know what you think of the exam.

I took and passed the CASP in April and it was challenging for me considering I only have a little over 3 years of IT experience(6 months of which or doing InfoSec as a contractor for the DoD/Navy). I will tell you this, you could lucky and get an easier version of the test or could get very unlucky and get a much harder version of the test which one of my co-workers was so unlucky to get(he failed). The FedVTE course is VERY good, much better than the cybrary course( which doesn't really go into any depth on any subject other than cryptography). I used those two sites, the pearson book, practice tests and knowledge from a couple of my co-workers who have passed the CASP as my study materials. Good luck to you on the test! Try not to have a heart attack during the post-exam survey that you have to fill out before viewing your results LOL

McxRisley wrote: »

I took and passed the CASP in April and it was challenging for me considering I only have a little over 3 years of IT experience(6 months of which or doing InfoSec as a contractor for the DoD/Navy). I will tell you this, you could lucky and get an easier version of the test or could get very unlucky and get a much harder version of the test which one of my co-workers was so unlucky to get(he failed). The FedVTE course is VERY good, much better than the cybrary course( which doesn't really go into any depth on any subject other than cryptography). I used those two sites, the pearson book, practice tests and knowledge from a couple of my co-workers who have passed the CASP as my study materials. Good luck to you on the test! Try not to have a heart attack during the post-exam survey that you have to fill out before viewing your results LOL

Hey congrats on your pass. I just finished the Cybrary course on Friday. I am on FedVTE now. I'm kind of excited to take an exam where there are ewer than 250 questions.

The content in the Pearson book is good, but the practice exam quality is pretty poor. There are quite a few inaccuracies. Is that the only practice exam source you used, and if so, what did you think of it?

Just an FYI one of the sims in the CASP exam is broken. The sim will kick you out on each portion that you need to fill in. But it does save it as you go thru.....

husenfatal wrote: »

Just an FYI one of the sims in the CASP exam is broken. The sim will kick you out on each portion that you need to fill in. But it does save it as you go thru.....

Good to know. The only thing that really concerns me is the sims. Seems like they could be from anywhere.

Ugh. If it's not one thing, it's another. I'd say I'm close to ready now for the test and work doesn't want to pay for the voucher now because of budget cutbacks. SMH. I guess I will buy the voucher myself, take the test, and eat the cost. I will still spring for the one that comes with the two Transcender practice exams. CISSP/CASP/SEC+ won't be a bad year for certs.

So, finished the book. In review mode now. Doing %90 between the Transcender and Person test banks. Any other Practice exams you guys recommend?

I used the book practice exams and the one from FedVTE. The best thing you can do is fully understand the protocols/controls and their differences. An example would be the difference between SAML and RADIUS and also what type of environments they are typically used in.

McxRisley wrote: »

I used the book practice exams and the one from FedVTE. The best thing you can do is fully understand the protocols/controls and their differences. An example would be the difference between SAML and RADIUS and also what type of environments they are typically used in.

Thanks man! I am in the home stretch now.

Ertaz wrote: »

So, finished the book. In review mode now. Doing %90 between the Transcender and Person test banks. Any other Practice exams you guys recommend?

I am reading the book again. I was going to take the test this Friday, but with all the Crap going on to close out the quarter at work I'm going to put it off a couple of weeks. The good news is there is no reschedule fee.

Well,

I passed. This exam is tough. For me, I consider it tougher than the CISSP was. Don't get me wrong there were some easy questions on there, but the majority required a decent amount of thought. All I know is that it's officially whiskey Friday.

Ertaz wrote: »

Well,

I passed. This exam is tough. For me, I consider it tougher than the CISSP was. Don't get me wrong there were some easy questions on there, but the majority required a decent amount of thought. All I know is that it's officially whiskey Friday.

Congrats! What resources did you finally end up using total? cybary, and FedVTE, and the Pearson book (which I believe I have). Anything else? Any other thoughts or words of wisdom? lol. I plan to take this exam in about 30-60 days. How much time did you spend studying? Roughly?

techwizard wrote: »

Congrats! What resources did you finally end up using total? cybary, and FedVTE, and the Pearson book (which I believe I have). Anything else? Any other thoughts or words of wisdom? lol. I plan to take this exam in about 30-60 days. How much time did you spend studying? Roughly?

I used the Pearson book and FEDVTE/CYBRARY. I had the practice exams from the book and Transcender. Both of these felt like algebra compared to the calculus of the actual exam. There really needs to be a better set of test questions that mimic the actual depth included on the exam. I was really weak on auth technologies, but the exam questions usually gave you a few absurd answers, and two that could be candidates. If I had it to do over again I would make a chart of the auth technologies, their key features, and typical usage. I read through the book as a straight shot once. Probably spent 2 hours a night over the last week.

Congratz man! I told you to that you needed to fully understand the protocols and controls... why you no listen?!?! lol jk

McxRisley wrote: »

Congratz man! I told you to that you needed to fully understand the protocols and controls... why you no listen?!?! lol jk

I studied, but when you don't work with federated identities or Oauth on the regular it's kind of a bear to soak in. It's over now though! I appreciate the insight you provided.

Quick Links