The CompTIA CASP+ Certification
CompTIA recently updated its CASP+ exam topics from the third to fourth iteration. The actual exam code is CAS-004 and should be good up to around October 2024 when it's due to have an update.
Security certifications are in very high demand in the IT industry with company owners nothing short of obsessed with keeping their data secure, avoiding embarrassing breaches, and of course, complying with laws and regulations around customer information and financial transactions.
There are many security certifications to choose from now but they tend to be on the expensive side with many vendors charging over $1200 per exam AND forcing you to take their own training course before you are permitted to attempt the exam. We won't go into the morals of that in this post but one such vendor who doesn't insist on this is CompTIA.
CompTIA is vendor-neutral meaning they have no particular ties to any one company although they do maintain close ties with many organizations and high-profile industry experts. They do work with the US government which in turn validates many CompTIA certifications as DoD compliant meaning you must have it in order to perform certain roles as a government employee or contractor.
There are many to choose from but you can broadly divide them into technical and non-technical and each of these categories will of course sub-divide further. Non-technical can include management, compliance, documentation, project management, and others. Technical can include cyber security support, programming, penetration testing, firewall support, ethical hacking, or technical management. Of course, there are hundreds of career paths to choose from.
Which path you choose depends on your career goals and of course your personal interests. If you love hands-on configuration then of course you will choose technical. Whichever path you choose, we strongly recommend you lay a strong foundation by passing the CompTIA Security+ exam which covers all the important aspects of network security and compliance you need to know no matter your chosen career.
Each CompTIA exam is focused on a particular career choice from PC and desktop support to cloud engineering or Linux server support. The CASP+ is aimed at advanced security engineers. They stress on the exam page that it's aimed at ‘advanced practitioners' so those with existing experience performing technical security support or configurations such as firewalls or penetration testing.
Don't be put off though because, unlike other certifications such as the CISSP, you don't need to prove any previous or current security role employment to take the exam. CompTIA leaves you to make your own judgment calls. The truth is that many people choose to take CompTIA certifications in order to get job interviews for the roles they are seeking. It's the old chicken and egg scenario.
According to CompTIA, the new CASP+ exam covers these broad areas:
- Security Architecture – Expanded coverage to analyze security requirements in hybrid networks to work toward an enterprise-wide, zero-trust security architecture with advanced secure cloud and virtualization solutions.
- Security Operations – Expanded emphasis on newer techniques addressing advanced threat management, vulnerability management, risk mitigation, incident response tactics, and digital forensics analysis.
- Governance, Risk, and Compliance – Expanded to support advanced techniques to prove an organization’s overall cybersecurity resiliency metric and compliance to regulations, such as CMMC, PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.
- Security Engineering and Cryptography – Expanded to focus on advanced cybersecurity configurations for endpoint security controls, enterprise mobility, cloud/hybrid environments, and enterprise-wide PKI and cryptographic solutions.
CASP+ Exam Information
Below is some information about the actual CASP+ exam:
- 90 questions
- Multiple-choice and performance-based questions
- Passing score not disclosed
- 165 minutes long
- $480 USD
- Renew every three years
- Take online or at the testing center
Of course, check the CompTIA website for any changes but that's it. If you pass you are notified at the testing center and you are a certified CASP+ engineer for three years.
CompTIA doesn't post pass rates but it's around 50% so many will take two or three attempts to pass.
Of course, there is little point in spending months of your time studying and paying the exam fees if you can't get a well-paid job in the end. This all comes down to your experience and location. With some experience and living in a city, your prospects of getting a related career are excellent but if you have neither then don't fret. IT security recruiters can't find enough candidates to fill the roles which means that they have to drop their standards in order to fill the posts.
Many companies now train engineers from scratch and offer remote working solving both of your problems. The only remaining hurdle is to get called for the interview but without the certification, you won't be found on the searches. As I said above, I strongly recommend you pass the Security+ exam because more advanced exams presume that you are familiar with the security industry best practices, terminology, and security protocol basics including SSH, hacking attack types, documentation, reporting standards, and so on.
There was a time when CompTIA certifications weren't really recognized in the industry but that has changed now. You will see pretty much every CompTIA certification listed in the job advert and the CASP+ is no exception.
Preparing for the CASP+ Exam
If you are an experienced security expert then you may just need to download the CASP+ exam syllabus from CompTIA, brush up on any weak areas, and then sit the exam. For the rest of us, some serious study is required. If you have already passed the Security+ exam then you need to allow around three months if you can find two hours per day for study.
There are a few study guides available so check Amazon or your local book store. There are a few video training courses out there including one created by our Cisco CCIE so check out our CompTIA CASP+ certification training course. Our course includes all the video lessons, practice exams, and lab training. CompTIA offers a training program of some sort including exam vouchers but it goes for $1300 but might be an option if your company is paying.
Because of the practical nature of the exam, you will want to spend a lot of time labbing up all the exam topics. Our sister website 101labs.net has a ton of security-based labs for Security+, PenTest+, Certified Ethical Hacker, as well as labs for Python and Linux and many other skills you will need to know.
We only create courses we know will be both useful for your IT career but also give you a great return on investment which is why we added the CASP+. For this exam, we do recommend you pass the Security+ first. When you look at the job openings, salary levels and role of CASP+ engineers I'm sure you'll agree it's well worth taking.