What Is the CASP IT Security Certification From CompTIA?

How does the new kid on the block measure up against the CISSP?

Man at home working on computer
-Oxford-/E+/Getty Images

CompTIA is one of the major players in the IT Certification business. Their Security+ certification has long been considered an entry-level foot-in-the-door certification that was, and still is, just about mandatory for anyone wanting to work in the information security field.

Most of our fellow colleagues started off studying for and taking the CompTIA Security+ exam and then moved on to more advanced certifications such as the CISSP, CISM, GSLC, etc.

It appears that CompTIA is tired of being just a stepping stone to more advanced security certifications. CompTIA has now added the CompTIA Advanced Security Practitioner (CASP) cert to their certification lineup, in what appears to be an attempt to lure pro-level cert seekers away from ISC2 and ISACA who are the current major players in the pro-level information security certification arena.

Why Would I Want a CompTIA CASP Certification?

A certification isn't worth the paper it's printed on unless it gains acceptance and recognition by employers. Why bother getting one if it's not going to help you get a job or help advance your career, right? CompTIA knows this fact which is why they likely made a push to get the CASP accepted by major players such as the U.S. Department of Defense.

The DoD has a "Directive" named DoDD 8570.1-M which basically says: If you want to work in an IT security position you better have one of the following certifications. 8570 then goes on to list a bunch of acceptable certifications with each certification being grouped with the position level that the certification satisfies. High-level positions require more advanced certifications such as the CISSP and CISM while lower-level positions require less advanced certifications such as Security+, CAP, etc.

CompTIA has apparently done all the legwork required to have the DoD list the CASP as an advanced level certification on par with the CISSP or the CISM. This was likely no easy task on their part. So, if you are looking for an alternative to the CISSP that the US government considers equivalent, the CASP appears to be a viable option.

How Does the CASP Compare to the CISSP?

The CISSP has been around much longer and is recognized amongst IT professionals as the "gold standard" for security professional certifications. In our opinion, the CISSP carries a lot more weight than a newcomer like the CASP. Simply attempting the CISSP is an exercise in endurance. It is an accomplishment akin to passing the Bar or passing a board exam. It is an intimidating task and is generally thought to be hard to do.

The CISSP exam is a 6-hour, 250 question beast of a test, costing nearly $600 just to give it a try. Most of your peers respect you just for attempting it. Additionally, you must also prove that you have a required amount of previous experience and after you pass, you still must obtain a written endorsement from someone who already holds the certification and thinks your worthy of having the cert. All this stuff makes it feel like a huge accomplishment when you actually pass and get your CISSP certificate.

The CASP, on the other hand, has no experience prerequisites (although they recommend that you have 10 years of IT experience with 5 years in IT Security). The CASP test is $426 USD, contains a maximum of 90 questions, and only requires about two and 3/4 hours of your time (165 minutes to be exact).

How Do I Prepare for the CASP and Where Can I Take the Test?

If you wish to pursue the CASP you will want to visit CompTIA's CASP website for details on what training material is available, learn what topics are covered, and to find the location of a testing center nearest you.

Will the CASP Carry the Same Weight as the CISSP in the IT Security Field?

In our opinion, no, not until they make it more difficult to achieve and add experience requirements.

The CASP will help you meet job certification requirements for obtaining DoD-related IT security jobs, but we don't think it will give you the same level of 'street cred' associated with having a CISSP.