CASP after Security+..possible?

technew · December 2018

Hello Everyone

Just need some advise. I have network + and recently passed security+ (with 820/900). I do not have any IT experience.... Do y'all think CASP might be a good next step? or am I getting ahead of myself here? If CASP might be too difficult, then what would be the next step after Sec+? may be SSCP or CySA+?
Thanks guys!

PCTechLinc · December 2018

I have no experience with CySA+ or CASP, but based on the feedback I've heard about both, if you don't have any practical IT experience, those might be much more difficult than what you experienced with Security+. Other than building up your experience, I would recommend staying around the entry-level until the more advanced technologies become second nature to you. What you DON'T want to do is have expert-level knowledge on paper with entry-level practical experience on your Resume. Try to keep both around the same level, in my opinion.

In short, CySA+ or SSCP would be a good segue, but maybe add the A+ in there as well.

charismaticx · December 2018

I would not advise it. CASP requires some level of intermediate experience. Work on the basics and slowly work your way up to the most advanced certs.

technew · December 2018

Thanks a lot... I guess I will try to do SSCP then.

shochan · December 2018

My advice is to go after a Linux, AWS, or...do you know your hardware and software really well?? perhaps A+ is calling you...if you like servers, you might try Microsoft's MCSA (3 exams). I almost went after the CASP myself after my Sec+, but after reading how difficult it was, I wasn't about to waste $400 and not pass it. OH btw, it's only my opinion, mannnnn...@crking3
Good luck!

technew · December 2018

Thanks shochan, you definitely bring up valid points. I was going to study Linux just to have good foundation for pen testing. Definitely will look into MCSA.

spiderjericho · December 2018

Linux is a must. Without breaking NDA (and not taking 003), Linux command line and OS services/applications are necessary. Defense in depth, security architectures. How to implement controls.

I would definitely recommend Linux+ and CySa+ prior. The path CompTIA has laid out is good.

Pseudonymous · December 2018

I've seen a Linkedin profile where someone had both Sec+ and CASP (not CSAP) with no experience so it's definitely possible, but I'm not sure if it will be worth it.

I actually had this issue a couple years ago. I was thinking about getting a lot of high level certs that had no hard requirements (like forcing you to already have 5-10 years of IT Security experience), but the problem is that even if you get something like that, it likely won't do much for you because you don't have the experience to go along with it and you don't want people thinking you know more than you do.

For example, lets say someone passes a bunch of exams gets the MCSE with no actual prior experience. An employer (HR) might see that you have your MCSE and just assume you're an expert on it just because you have the certification and hire you for a position you're not really ready for.

I think your next step depends on where you want to go in Security. If you want to learn more fundamentals, SSCP is probably a good step. Cybersecurity? CySA+ or CCNA CyberOps. Pentesting? PenTest+ or eJPT.

technew · December 2018

Great advise Cameron, debating between CYSA+ And SSCP. My research shows that SSCP might be equivalent to security + ... what’s your opinion ? Is it considered higher or equivalent or security + ?

Thanks.

technew · December 2018

Thanks spiderjericho!! Will definitely learn some Linux !

jcundiff · December 2018

technew said:

Great advise Cameron, debating between CYSA+ And SSCP. My research shows that SSCP might be equivalent to security + ... what’s your opinion ? Is it considered higher or equivalent or security + ?

Thanks.

I think it(SSCP) is a fairly significant step above the Security +

https://www.cybrary.it/0p3n/making-sense-of-certifications-sscp-vs-security/

triplea · December 2018

I found SSCP way harder and I thought I had decent knowledge.

If you want to get some ground level experience, this wasn't a bad way to go and I can recommend.

Udemy networking and subnetting course 5 hours fairly practical

Cybrary Linux Ubuntu course - 6 hours fairly practical

Elearnsecurity ejpt junior penetration course- about 60 hours inc exam.

Those 3 really have boosted my non windows knowledge.

charismaticx · December 2018

Hmm... now I’m a little curious about SSCP. Maybe after I’m done with CISM and Linux.

ecuison · December 2018

shochan said:

... I almost went after the CASP myself after my Sec+, but after reading how difficult it was, I wasn't about to waste $400 and not pass it. Good luck!

I can tell you are already selling yourself short. Don't do that, if you have enough drive and motivation, determination to learn and accept what you don't know but willing to learn, you can do almost any exam out there. It's not about the cert, it's what it take to get there. Plus $400? That's a deal compared what I had to pay for certifications. I also got a rash of Sh*t a while back asking about the CASP after I passed the CISSP. Everyone said it was a waste, or that I was cert collector.

Good luck!

shochan · December 2018

well, I agree...I believe, the CASP was about to turn over to a newer exam at the time (after passing Sec+ in May 2016). I will eventually go after it, I just need to continue learning what I have planned on taking in 2019...It might be 2020 before I take it.

technew · December 2018

Thanks everyone. @ ecuison , how much IT experience did you have when you passed your CISSP ? And what other certs did you already have before you took on CISSP ?

ecuison · December 2018

I had about 17 years in IT and was last a Sysad before I moved over to security. With that, I had the necessary experience in 5 out of 8 domains. I got my Security+ back in 2005 along with my Network+. Prior to that I had my MCP, MCSA + Security back during the Windows 2000 days long been expired.

When I took the CISSP, I prepared for 7 weeks with a 1 week boot camp. Boot camp only added about 7% additional information that I didn't know. Passed the CISSP on the first try.

MickyDee · December 2018

I took the CASP after the Security+, it was big step up, but it was manageable. I "backtracked" after that and got the CySA+, which was relatively easy after getting the CASP. I would recommend the Sec+ -> CySA+ -> CASP route if that's your plan as it all builds on one another. Otherwise, the CASP is manageable after the Sec+ as long as you put in the study and follow the CompTIA objectives.

technew · December 2018

Thanks everyone for the comments and help. I think I will go for CySA+ then CASP.

spiderjericho · December 2018

I feel like the CySa+ is more blue team based...than the CASP’s sort of security engineer approach. As the analyst, you’re leveraging the technologies the engineer has designed and implemented.

@technew that sounds like a good decision. I’d just maintain the momentum and motivation to power through all three.

technew · December 2018

Thanks @Spiderjericho
@MickyDee did you have any IT experience at the time you passed CASP?

MickyDee · December 2018

@technew, yes I have over 5+ years in an IT capacity, amongst other prior roles that were helpful with the exam. I also looked through the CISSP material briefly while preparing for the exam. I'm currently studying for the CISSP now, which the CASP helps prepare you for if you go down that route too.

technew · December 2018

Thanks mickydee

NetworkNewb · December 2018

Look at jobs you want to get in your area (or ones you would like in the future) and see what they are asking for. Don't waste your time getting something you might not need. Get the certs they are asking for and work on building a lab and working on getting some hands on experience. Showing employers you have built a lab and you are working on your skills will most likely impress them more than any cert.

technew · December 2018

Thanks @NetworkNewb. Will definitely work on that.

DatabaseHead · December 2018

Whenever these topics are brought up I use the visual of two linear lines running through time. You want to keep these moving up (which indicates you are increasing) however both of these lines need to be in synch or close to it. If one get's too far out ahead or above the other you begin to put yourself at risk of losing value. In other words make sure to keep your education tied closely with your experience.

The most common mistake I have seen on here (according to the folks who did this) was getting the CCNP without having any real networking experience, several of these folks were still on the "Desk". They probably should of stayed at the CCNA level gained experience for a few years then moved into another "level" of training. If they ended up staying in networking and ascending through experience then the CCNP makes sense then........

Just my two cents....

technew · December 2018

@DatabaseHead...thanks. I'll be doing CySA+ and then gain some experience before I go for any advance level certs!

LonerVamp · December 2018

A recurring theme here is experience. I'm curious if the OP has a plan to start gaining said experience, or what is the goal of these certs and such? What do you want to do career-wise?

crking3 · December 2018

MickyDee said:

I took the CASP after the Security+, it was big step up, but it was manageable. I "backtracked" after that and got the CySA+, which was relatively easy after getting the CASP. I would recommend the Sec+ -> CySA+ -> CASP route if that's your plan as it all builds on one another. Otherwise, the CASP is manageable after the Sec+ as long as you put in the study and follow the CompTIA objectives.

How did you prepare for casp?

technew · December 2018

sorry, been away from the computer from past few days. @LonerVamp , yes experience is definitely on my mind but I wanna have some basic and mid level certs under my belt before I apply for some jobs.
This is a career change for me and unfortunately might be a good pay cut. So, my goal is to start somewhere junior - mid level instead of junior level. I know this might not come easy but I don't have to rush since my current job is pretty stable for now .....I need more time to learn and get ready for the cyber-security field.
While working in my current job, I wanna earn some more certs and complete my MS in cybersecurity and then finally make the switch when the right opportunity comes my way. Again, this is easier said than done but that's the plan for now since my biggest hurdle is the paycut.
I was already offered a junior level analyst job recently but had to decline due to a steep pay difference and would have been impossible for me to sustain.

crking3 · December 2018

How’s the studying goin !?

CASP after Security+..possible?

Comments