Passed CASP CAS-002 5-11-2018

That test was harder than the CISSP! Studied the Pearson CAS-002 book by McMillan and did the tests from the CD. Also watched the Kelly Handerhann CASP videos @ Cybrary.it and the McMillan CASP video on SafariBooksOnLine. Close to the same material as the CISSP, but a little more technical. The test though, wow--more experience based than study material. It is doable, but many of the questions asked were no where near the material I studied. (Can someone help Troy out with his vocabulary?). CCSK and CRISC next.

Find more posts tagged with

Comments

PCTechLinc

Awesome on the difficult pass! I've heard mixed reviews about that exam. A coworker of mine took the CAS-001 test, and he said that if you focused on the lab sims, the questions weren't too hard. I do have an opinion-based question for you: after already having CISSP, what made you decide to go for CASP? I was thinking about doing that too, but not sure if I will get the ROI I would like.

Ertaz

I also thought the CASP to be more difficult than the CISSP. CASP was way more technical. Congrats on the Pass! What's next?

roxer

PCTechLinc wrote: »

Awesome on the difficult pass! I've heard mixed reviews about that exam. A coworker of mine took the CAS-001 test, and he said that if you focused on the lab sims, the questions weren't too hard. I do have an opinion-based question for you: after already having CISSP, what made you decide to go for CASP? I was thinking about doing that too, but not sure if I will get the ROI I would like.

Thanks!! I get the ROI thing-I am trying to retool myself in InfoSec for potential consulting work. Finding senior level jobs at my age is getting hard and I hate my company. The new CIO (new CEOs best friend) is an Agile programming idiot trying to run the department with that mentality--it is crashing fast. But I had to pass the Security+ and CySA+ to satisfy two classes with Southern New Hampshire University (In my last term this month! Woot!!). So I decided to go ahead and do the CASP to round out the certification and I had the knowledge from the CISSP still in my head. From another point of view, I satisfy .gov cert requirements if something comes available. So YMMV, but for me it was a step in the right direction.

I see you have the MS infoSec and Assurance and now taking the MBA with IT from WGU. Which would you recommend? I will start a Masters after I finish my SNHU degree. What was required for the MBA and does it cost more than the other?

roxer

Ertaz wrote: »

I also thought the CASP to be more difficult than the CISSP. CASP was way more technical. Congrats on the Pass! What's next?

Thanks a lot @Ertaz. Yeah, that was a bear. More technical and sometimes outright confusing, but a good test nonetheless. I have learned alot going through this cycle. I was amazed at how much I did know just from my 20 years in IT. I am going for the CCSK now and then the CRISC when the next ISACA cycle starts. CCSP and then finally either Project+ or CAPM. PMP is too rigid and CAPM is also a respected PM cert.

PersianImmortal

Congratulations!!!!

And I completely agree, the CASP was harder than the CISSP, but for me the CISSP was more nerve-wracking when I was taking it possibly due my pre-conceived notions of the difficulty of the test. I don't have test anxiety at all, but I was definitely anxious while taking the CISSP... I'm curious, though, how do you think the CASP measures in difficulty to the CISM? (I'm hoping to go for it in early 2019)

roxer

PersianImmortal wrote: »

Congratulations!!!! And I completely agree, the CASP was harder than the CISSP, but for me the CISSP was more nerve-wracking when I was taking it possibly due my pre-conceived notions of the difficulty of the test. I don't have test anxiety at all, but I was definitely anxious while taking the CISSP... I'm curious, though, how do you think the CASP measures in difficulty to the CISM? (I'm hoping to go for it in early 2019)

Thanks very much @PersianImmortal. I studied for the CISM using the Krag videos from MegaMind. Then I was able to watch another from MM on CISSP. They both had a few of the same questions/answers in their lessons, but the selected answers were different. I reached out to MM to understand why. Their explanation was:

"The CISSP and the CISM are two different exams, two different purposes.
Questions have to be taken into context, they are not truly black and white.

CISM is for information security management, higher level, strategic.
CISSP is general security for IT professionals, not just management and is more technical."

So, CISSP is related more to overall risk and the RMF whereas CISM is concerned with strategic management of keeping the business moving forward. The identical question concerning risk can be asked for both certifications with totally different answers. I would study the CISM QB for that exam--it is nothing like either the CISSP or the CASP. It is almost heavily IT management where cost-benefit analysis is the underlying factor in almost everything. So focus is on BCP, DRP, BIA, Risk Analysis and such. I hope that answered your question without being too preachy.

PersianImmortal

Thanks Roxer!! So far I've purchased the all-in-one CISM guide and at first glance I definitely agree, the CISM material has a far more managerial tone than the CISSP. Good to know about the CBA, I'll keep that in mind as I'm reading along, and I'll look into the Krag videos as well. Thanks again for the info and advice!

Info_Sec_Wannabe

roxer!

IMHO, CISSP is harder due to the manner in which ISC2 asked or framed the questions such that it can be subject to various interpretations whereas the CASP is, I would say, more direct to the point or straight-forward on what the question is really asking. Just my 0.02.

averageguy72

Congrats!

PCTechLinc

roxer wrote: »

Thanks!! I get the ROI thing-I am trying to retool myself in InfoSec for potential consulting work. Finding senior level jobs at my age is getting hard and I hate my company. The new CIO (new CEOs best friend) is an Agile programming idiot trying to run the department with that mentality--it is crashing fast. But I had to pass the Security+ and CySA+ to satisfy two classes with Southern New Hampshire University (In my last term this month! Woot!!). So I decided to go ahead and do the CASP to round out the certification and I had the knowledge from the CISSP still in my head. From another point of view, I satisfy .gov cert requirements if something comes available. So YMMV, but for me it was a step in the right direction.

I see you have the MS infoSec and Assurance and now taking the MBA with IT from WGU. Which would you recommend? I will start a Masters after I finish my SNHU degree. What was required for the MBA and does it cost more than the other?

All degrees at WGU are based on time, not credit units, so if you take the full 2 years they would cost the same.

The way I separate the degrees is that the MS InfoSec is tech-focused sprinkled with management. The MBA is business-focused sprinkled with tech. I took both because I didn't know much about business, plus it seems that companies today want someone with EVERYTHING, so I guess I'm doing that a little at a time.