CSA+....Any word on DoD certification and what category it will fall under

On the Comptia site here: https://certification.comptia.org/it-career-news/post/view/2017/03/27/comptia-csa-your-questions-answered

it says they are hoping to hear back from the DoD in the Spring.
The CSA+ is very Blue Team oriented in my opinion. I would speculate it will fall into the CSSP boxes along with those the CEH is in. I do not believe Comptia has a cert satisfying any of those requirements and this is probably their way of trying to get in on that. Again; this is just total speculation on my part. I already have the CEH and am planning on taking the CSA+ very soon.

TechGuru80

Did I miss something? Why do you have Security+ AND CASP but you work in something not IT? Are you in IA? CISSP is the gold standard for 8570...do you have a computing environment certification?

It looks like he has them in order to add weight to his retraining package.

TechGuru....I am trying to reclass into the cyber field. Since my main job is non-IT, I am working my butt off to have a competitive packet as others who are applying for the field I am trying to get into are in IT. I am finding that just having the CASP and a soon to be BS in Cyber Security is far beyond what most people have so I feel pretty good about my chances but the military has a way of making just about anything a secondary consideration. I do not have an environment cert. I am finishing a class in Linux though that pretty much covers Linux+ so I have been debating whether to try for Linux+ (and get the ITIL cert) or do CSA+. I studied for 2-3 weeks for CASP while doing my job and school and though it was hard and frustrating, it was not extremely overwhelming since it was within the scope of my degree. Looking at the CSA+ rubric, I am familiar with most of the topics from my previous classes so I don't see much study time needed, maybe a week or two. I just don't want to spend money on the CSA+ if it won't be on the DoD checklist as I will be working on my capstone around the time I would take the cert test. Linux+ on the other hand seems like I will need to invest considerably more time to complete and I am not sure of the ROI on that in the military.

palmett0....I saw that too. From what I got out of it, it seems like spring meant spring of this year which has past. There was also talk of maybe an answer on its validation in 1-5 months. I am more interested in where it will fall in the framework. I too think it should fall under CSSP somewhere, but as you pointed out it is very blue team and with CompTIA puking out the CPT+ I wonder how it is all going to tie together. It makes me think that the CSA+ will not cover as many areas as the CEH. If the CSA+ covers just one area under CSSP as opposed to say, 3 or 4 of the 4, I think I will find myself reallocating my time and $ elsewhere. I have a few months before I submit my packet so I am trying to plan out my future for the short term.

LSagee wrote: »

TechGuru....I am trying to reclass into the cyber field. Since my main job is non-IT, I am working my butt off to have a competitive packet as others who are applying for the field I am trying to get into are in IT. I am finding that just having the CASP and a soon to be BS in Cyber Security is far beyond what most people have so I feel pretty good about my chances but the military has a way of making just about anything a secondary consideration. I do not have an environment cert. I am finishing a class in Linux though that pretty much covers Linux+ so I have been debating whether to try for Linux+ (and get the ITIL cert) or do CSA+. I studied for 2-3 weeks for CASP while doing my job and school and though it was hard and frustrating, it was not extremely overwhelming since it was within the scope of my degree. Looking at the CSA+ rubric, I am familiar with most of the topics from my previous classes so I don't see much study time needed, maybe a week or two. I just don't want to spend money on the CSA+ if it won't be on the DoD checklist as I will be working on my capstone around the time I would take the cert test. Linux+ on the other hand seems like I will need to invest considerably more time to complete and I am not sure of the ROI on that in the military.

palmett0....I saw that too. From what I got out of it, it seems like spring meant spring of this year which has past. There was also talk of maybe an answer on its validation in 1-5 months. I am more interested in where it will fall in the framework. I too think it should fall under CSSP somewhere, but as you pointed out it is very blue team and with CompTIA puking out the CPT+ I wonder how it is all going to tie together. It makes me think that the CSA+ will not cover as many areas as the CEH. If the CSA+ covers just one area under CSSP as opposed to say, 3 or 4 of the 4, I think I will find myself reallocating my time and $ elsewhere. I have a few months before I submit my packet so I am trying to plan out my future for the short term.

I agree with you on the cost vs potential benefit.
I may be wrong but back when I took the CEH, EC Council wanted candidates to have a certain number of years (2 I think) in IT security experience and asked for a manager's letter of reference written on official company letterhead to vouch you were a valid candidate to take the exam. Just something to think about. Your degree program may satisfy that requirement.

Best of luck! Having the CASP should help you out for IAT3 posts. That and/or CISSP are both on my to-do list; but I don't feel ready for them yet.

If you take the CEH through an approved training organization EC-Council will wave the two year requirement.

TechGuru80

When would your reclass happen? I would assume Security+ would be common but I agree your CASP has to put you ahead. If you did a CE, I probably wouldn’t do Linux I would do Windows or Cisco as you are more likely to run into one of those than Linux.

Also for CEH, you couldn’t qualify for the exam only route as you don’t have the experience...it requires two years to self study. You would have to take a course so it would actually be more expensive.

There is another option you could try. SANS offers a work study program..makes course $1,100 plus any travel. You would have to be able to attend in person though so that might not be feasible...I just bring it up because the material is fantastic and would make you standout as I’m sure nobody changing probably has one from GIAC.

Those certs make you a good candidate for 25B, IT Specialist. The Cyber defender and the Cyber Ops look at more than just certification. My old supervisor, who had the certs and came from the 25B field failed. I believe there is rank, performance and a few other things. Why not just get the C|EH?

EnderWiggin

I could see it popping up in the 50's. No idea when it would happen though, but those look to be the ones that relate to what CSA+ covers.

Concerning CEH, my understanding is Skillport (which is free for mil) meets the requirements for approved training so that part is covered. The price is the sticking point. I would love to get some SANS under my belt but again, the price is the sticking point, $650ish was rough enough to stomach, but $900+ is just ridiculous for CEH and my unit is not authorized to fund it. Contrary to popular opinion, I don’t have a ton of money to throw around with my enlisted pay. I submit my packet mid next year, if approved I will be able to reclass. I believe you are right about Linux, I am probably going to skip it as the DoD is mainly a Windows environment. I’ll let them pay for Linux when I get to that bridge and they need me to cross it.

xxxkaliboyxxx.... I understand that certs are not the end all be all, that is why I am finishing my degree and also getting some OJT right now in IT/IA to make a strong packet.

I appreciate everyone chiming in on this.

The DISA site has the latest listing of approved certifications. It now includes the CSA+.

mikey88

stryder144 wrote: »

The DISA site has the latest listing of approved certifications. It now includes the CSA+.

Praise the lord!

GCIH now level 3?

Good find! That sealed the deal for me. I just bought my voucher and am going to test out on the earliest date possible I can get once I get my voucher number. I know some people have their qualms about CompTIA but in terms of DoD recognition, paying $203 for a CSA+ voucher vs $950 for a CEH voucher (plus possible additional expenses)...its a no brainer.

Still deciding on which book to study. Safaribooks has all of them.

LSagee wrote: »

Good find! That sealed the deal for me. I just bought my voucher and am going to test out on the earliest date possible I can get once I get my voucher number. I know some people have their qualms about CompTIA but in terms of DoD recognition, paying $203 for a CSA+ voucher vs $950 for a CEH voucher (plus possible additional expenses)...its a no brainer.

Still deciding on which book to study. Safaribooks has all of them.

I read the All in One. It is an ok source but I feel as if it could have gone into more detail on some topics. I am considering getting another book to go through before taking the exam. I too purchased a voucher. Thanks for the link stryder144!

LSagee wrote: »

Good find! That sealed the deal for me. I just bought my voucher and am going to test out on the earliest date possible I can get once I get my voucher number. I know some people have their qualms about CompTIA but in terms of DoD recognition, paying $203 for a CSA+ voucher vs $950 for a CEH voucher (plus possible additional expenses)...its a no brainer.

Still deciding on which book to study. Safaribooks has all of them.

Hey man, I'm with you on that one. If your unit isn't paying and I wouldn't suggest using your GI bill for the CEH, go for the CSA+. That's awesome for the CSA+, since I have my own issues with EC-Council that I don't need to voice here.

TBH LSagee, no one gives a *$*# about CompTIA or C|EH outside of DoD. It's all about CISSP, Sans and actual knowledge in the private sector. That was my biggest shocked when I went 100 percent private. What you mean you don't care my star on my airborne wings! LOL.

I believe ITPRO.TV has a CSA+, get a free trial and watch the 20 hour video.

Hi everyone.

I thumbed through a few books on Safaribooks this weekend and brushed up on some attacks, logs, and relevant applications. CASP was still pretty fresh in my mind so I think I put in a total of 5 hours of study. Honestly, I was burnt out from the CASP so I just didn’t have the will power to commit to meaningful study.

Long story short, I passed CSA+ this morning! Total test time was about 75 min. If you have passed the CASP, this test is not terribly difficult. Almost all the questions are straightforward and are not tricky if you use the process of elimination. I will say I was not impressed with the PBQs though. One in particular had me going WTF I am I looking at?!

My CompTia security trifecta is complete! Finished in 11 months with 6 month break for a total of 5 months of actual study. Now I am going to take a break from certs for a little bit. I just don’t have enough mojo in my tank to do both cert study and college.

Final thought, if you have passed CASP and can read logs, and know basic utilities like nmap you will do fine on the CSA+.

Congrats! Awesome job!

Congrats!
I realize you leaned on your knowledge from the previous exam prep, but in your opinion did you find any of the CSA+ books on Safari more useful than the others?

Sorry I can't really say. I just jumped around the 3 books on Safari, mainly looking at the review questions. I didn't spend enough time in them to even give an assessment of first impressions.

Esmillo

CSA has been approved a[FONT=&quot]nd is now in the following categories:[/FONT]
[FONT=&quot]IAT Level II, CSSP Analyst, CSSP Infrastructure Support, and CSSP Incident Responder, CSSP Auditor[/FONT]

airzero

Esmillo wrote: »

CSA has been approved a[FONT=&amp]nd is now in the following categories:[/FONT]
[FONT=&amp]IAT Level II, CSSP Analyst, CSSP Infrastructure Support, and CSSP Incident Responder, CSSP Auditor[/FONT]

Where did you see this information?

edit: nevermind found it here https://www.comptia.org/about-us/newsroom/press-releases/2017/10/17/comptia-csa-certification-approved-for-dod-information-assurance-workforce-improvement-program

This just came in a huge boost for this CERT

https://certification.comptia.org/it-career-news/post/view/2017/11/29/dod-approves-comptia-cybersecurity-analyst-why-it-matters?utm_source=Marketo&utm_medium=Email&utm_campaign=NL-2017-12-IT-Careers.Email%201&mkt_tok=eyJpIjoiWldJMFpXTTBPVFJsWXpZdyIsInQiOiJrYURjTW1GUmJPemNXY2RsTkNlQUNFZVwvemVKK3l0OGNScUZOZGlGMEJYNTNDRkJwN2dpZlNHWVwvUERLQzNxZ2VJU3IzbjVqdEJBNzJ2bDk1OGdGWk5PMDVkZlRFXC92aGNiN2NXdTJyb0kxOGpsR0FLU2VtRGp0Y1lEMXZ3b2FkTSJ9

airzero wrote: »

Where did you see this information?

edit: nevermind found it here https://www.comptia.org/about-us/newsroom/press-releases/2017/10/17/comptia-csa-certification-approved-for-dod-information-assurance-workforce-improvement-program

Yeah, the CSA+ is the new best bang for your buck in the DoD sector, good stuff.

connorm

Looks like DISA finally updated the baseline on their site. Glad there is finally a competitor to the CEH.

https://iase.disa.mil/iawip/Pages/iabaseline.aspx

jeremywatts2005

JDMurray

You people all realize that the pay in government-sector jobs is much worse than the pay for the equivalent private-sector jobs? Private and commercial industries are really hurting for InfoSec people right now. Why do the same work for less money? For the retirement benefits?

This is just my personal opinion so take it with a grain of salt.

DoD skill level wise is far below the baseline in the industry. Any Joe Smole off the street with a clearance and a certification for the job can get it. Most won't be able to compete in the private sector to be honest.

Most DoD jobs when I interviewed, I interviewed for an instructor job at DLI in Monterey, Cali, you would think their technical interview would be top notch, nope! It was a joke. Needless to say, they selected me. I ended up going private. Most good companies are good at spotting bs in technical interviews. DoD, not so much.

Another example is the biggest dirtbag I have ever met, got a job at fort Campbell GS9, I assume clearance, disability preference, blah, blah. Once you are in, it will take an act of God, literally to get fired.

JDMurray - I am active duty military and half way to my 20. I am trying to make a MOS change to the IT field for my last 10. That is why I earned the certs I have for the infosec field. When I'm done I plan to shift to the private sector while collecting a nice pension.

yoba222

xxxkaliboyxxx wrote: »

This is just my personal opinion so take it with a grain of salt.DoD skill level wise is far below the baseline in the industry. Any Joe Smole off the street with a clearance and a certification for the job can get it. Most won't be able to compete in the private sector to be honest.Most DoD jobs when I interviewed, I interviewed for an instructor job at DLI in Monterey, Cali, you would think their technical interview would be top notch, nope! It was a joke. Needless to say, they selected me. I ended up going private. Most good companies are good at spotting bs in technical interviews. DoD, not so much.Another example is the biggest dirtbag I have ever met, got a job at fort Campbell GS9, I assume clearance, disability preference, blah, blah. Once you are in, it will take an act of God, literally to get fired.

This matches my DoD experiences with as well. They were more interested in placing a warm body with a clearance and the right certs in a chair to meet their contract obligations rather than being the best. I went private and doubt I'd go back.

spiderjericho

yoba222 wrote: »

This matches my DoD experiences with as well. They were more interested in placing a warm body with a clearance and the right certs in a chair to meet their contract obligations rather than being the best. I went private and doubt I'd go back.

To be perfectly candid. It’s always a numbers game. Quantity over quality. I could probably go on several rants but will opt not to.

OP, what MOS are you switching to? 25D? 17 whatever?