If you’re looking for a more advanced security certification, you may want to consider the new CompTIA CASP certification. The CASP certification is a vendor-neutral, advanced security certification. It’s targeted to individuals with five to ten years of hands-on security experience. The exam itself is comprised of four domains which include:
- Enterprise security
- Risk management, policy/procedure, and legal
- Research and analysis
- Integration of computing, communications, and business disciplines
Enterprise security is weighted the heaviest and comprises 40% of possible test questions whereas research and analysis only covers 14% of the exam.
If you spend a few minutes looking over the test objectives, you will notice that the exam covers not only the four domains, but has an extensive list of tools that a security professional should know and understand. Some of these tools include packet sniffers, threat modeling tools, and port scanners. An understanding of how to analyze network traffic including TCP, UDP, IPv4, and IPv6 is critical to a candidate’s success on the CASP exam.
The exam is graded on a pass/fall basis and doesn’t provide candidates with a scaled score. While the exam is designed for those with 10 years experience in IT administration, including at least five years of hands-on technical security experience, anyone can attempt the certification.
I like that this exam is different than other high-level security exams in that it is designed to validate hands-on experience. If you have been involved in IT security for the last five to ten years and are looking for a security certification to challenge your knowledge, you may want to consider the CASP certification.