First of all, job positions that require the professionals to have this (ISC)² certificate are usually paid superbly. An individual with this credential can make an average of six-figure remunerations per annum but it depends on his/her location. Additionally, there is no lack of job roles for the security specialists, which means there is always an opening that you can fill when you have such a certification. For instance, it is estimated that there will be approximately 2 million extra security positions that will require the IT experts to fill them. Of great importance is the number of people who will fulfill these roles, and this is where a strong consideration for CISSP comes in. No doubt, this is a good reason to pursue this certificate but you shouldn’t jump right into it without putting some facts into consideration.

Below we share some objective views on choosing the CISSP certification as your goal.

• CISSP requires paid work experience

Your work experience will showcase whether you should strive to pursue this credential or not. For instance, if you are just starting out in the sector of information security, you won’t be able to do it. This doesn’t mean that if you take the exam, you won’t pass it; it is all about the prerequisite for pursuing this (ISC)² certification. You should have more than 5 years of paid work experience to qualify for this certificate. It is essential to point out that you can actually shorten the time by one year. However, you have four years to contend with, and nothing can be done about it. You just have to wait before you can attempt the CISSP certification test.

There are some other options that the professionals who starting out in the security field can consider. For those who want to earn their first job in the security field, CISSP is not the point to start. At this stage, you should seek to validate your basic skills. CompTIA Security+ and CompTIA CySA+ are two certificates you can consider to confirm your knowledge and skills, as well as increase your chance of landing an entry-level position.

CompTIA Security+ is an entry-level cybersecurity credential that requires a single exam. It is made up of about 90 questions, which must be completed within 90 minutes. The test is created to validate the candidates’ knowledge and skills in basic IT and security domains. CompTIA CySA+ is also an excellent choice for an entry-level IT security specialist. This credential was introduced in 2017 by CompTIA, and it was developed to bridge the gap between the skills required for the foundational CompTIA Security+ and the expert-level CASP+ certificates. You can continue to pursue CISSP after earning either of these certifications. However, you have to fulfill the requirements for years of experience before you obtain it.

• CISSP is great if you want to take up government jobs

For the professionals trying to get a job position in the government, CISSP is a great credential option. It satisfies the IA baseline certification requirements for taking up job roles in this realm. The baseline certificates for the government employees possess four different categories, including IAT, AIM, CSSP, and IASAE. (ISC)² CISSP takes its place in these categories, which means it is a great certification option for those individuals who want to get a government job title.

• CISSP requires recertification

This is actually a great thing because it helps you consistently update your skills so as not to become obsolete. To renew your certification, you have to earn the CPE credits, which are quite easy to achieve. Every 3 years, you have to submit at least 90 Group-A CPE credits, as well as the additional 30 Group-A or Group-B CPE credits to retain your credential. There are different educational activities that make up for these CPE credits. You earn one credit for each hour you spend learning. Some educational activities you can engage in include reading of whitepapers, books, or magazines; attending educational courses, presentations, seminars, or conferences; publishing a whitepaper, an article, or a book. You can also earn the credits by preparing to train or present information associated with information security; volunteering for charitable organizations, public sector, and government; performing special project-related work outside your normal work responsibilities; taking higher academic training courses. Generally, if you learn the topics covered in the eight security domains, you can claim the CPE credit hours. Of course, they should be not within your standard job activity. With an average of 40 CPE credits every year, you can easily meet up with the recertification requirements.

Please note that the Group-B credits cover the general professional and development activities that the certification holders may engage in. These include anything that is not within the scope of the security domains. Additionally, the activities that qualify for the Group-A CPE credits can also be used for the Group-B ones.

Conclusion

Your choice of obtaining the CISSP certificate will be determined by your professional goals, industry, and work experience. If you want to break into the information security field, this (ISC)² certification is the ideal choice. However, if you are an entry-level professional, it will not be a good starting point because you don’t have the prerequisite experience for it at this stage. Instead, you should pursue either CompTIA Security+ or CompTIA CySA+ to begin your journey in the world of information security. With experience you will earn, you can proceed to pursue the CISSP credential. This will be a good foundation for your future career path.

For those of our readers who are new to CompTIA certification program, CASP is an advanced level exam that validates candidates’ full competency and skills in IT security. According to CompTIA, the new version of the exam addresses the latest enterprise-level cybersecurity threats. The exam ensures that the new CASP credential holders can effectively combat the growing threat of malware coming from individual hackers and well as from organized hacking groups. The new CASP version also covers  the troubleshooting processes security professionals rely on to keep data, devices and networks secure.

Needless to say that while the old CASP exam wasn’t a piece of cake, the new one will be even more challenging. “Each hack is unique,” noted James Stanger, senior director, product development, CompTIA. ”It takes technical knowledge and creativity to combat these threats. These advanced skills are assessed in the CASP exam.”
The CASP certification exam validates competency in enterprise security; risk management; incident response; research and analysis; integration of computing, communications and business disciplines; and technical integration of enterprise components.

CASP exam targets IT professionals with at least 10 years’ experience in IT administration and five years hands-on technical security experience in job roles such as information security analyst, security architect, cybersecurity risk manager and cybersecurity risk analyst. The CompTIA Advanced Security Practitioner (CASP) exam is an internationally targeted validation of advanced level security skills and knowledge. While there is no formal prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

The exam does not exceed 80 questions and is fully performance based. CASP CAS-002 exam objectives include:

• Enterprise Security – 30%
• Risk Management and Incident Response 20%
• Research and Analysis – 18%
• Integration of Computing, Communications and Business Disciplines – 16%
• Technical Integration of Enterprise Components – 16%

For a full list of CASP exa, objectives and subtopics, please refer to CompTIA website.

While Cisco is now redesigning and re-adjusting its Security track, it does not compete with CASP that much. The way the way Cisco and CompTIA certifications compare remains the same: Cisco certifications are vendor-based, and focus entirely on Cisco solutions and technology. CompTIA certifications, on the other hand, are vendor-neutral, and focus on the general security approaches, technologies and solutions. So, CASP’s direct competition would be CISSP (which was one of the best paid IT certifications last year by the way), and not Cisco. But before comparing CASP to CISSP further, let’s take a closer look at this CompTIA certification and the exam it requires.

CompTIA Advanced Security Practitioner (CASP) Certification And Exam

Like other CompTIA credentials, the Advanced Security Practitioner (CASP) Certification is vendor-neutral. While it does not have any formal prerequisites, it requires candidates to have 10+ years of experience. This is a way more advanced step after the CompTIA Security+ certification.

The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. As mentioned earlier, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

The CASP exam validates that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. Successful candidates apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.

The CASP exam consists of 80 queries covering the following areas:

• Enterprise Security
• Risk Mgmt, Policy/Procedure and Legal
• Research & Analysis
• Integration of Computing, Communications, and Business Disciplines

Detailed CASP exam blueprint can be downloaded from the CompTIA website.

CASP Vs. CISSP

So how does CASP compare to CISSP? The latter is widely recognized, and is often considered to be the global standard for security professional certifications. Many IT professionals choose CISSP as it’s perceived to carry more weight and be more popular among employers.

This is partially explained by the fact that CISSP has been around much longer that CASP, but also by the fact that the CISSP exam is much longer and significantly harder, as many experts state. CISSP exam is 6 hour long and consists of 250 queries (CASP exam consists of 80 queries and lasts 2 hours). Candidates are also required to have verified prior experience, and, after they pass the exam, they need to acquire a written authorization from someone who holds the certification and thinks they’re worthy of holding the certification.

So what are the benefits of CompTIA’s Advanced Security Practitioner (CASP) certification? The US Department of Defense has recognized CASP as certification required for its employees at a IAT-3 or IAM-2 level. While it’s evident that CISSP certification is more comprehensive and offers more knowledge about information security. Yet, CompTIA’s CASP has its clear benefits (easier and cheaper exam, no formal prerequisites, easier to obtain, no written recommendations required, etc) and can be a huge career booster for experienced IT security professionals in the government structures and business enterprises alike.