Did you start your cybersecurity career at the keyboard, working late into the night on the front lines, feeling the excitement of solving tech hurdles or responding to cyberattacks?
Did you move into cybersecurity management as your career progressed? Did you try to become a chief information security officer (CISO)?
And the most important question: Did you regret your decision to pursue cybersecurity management?
Not everyone wants to manage cybersecurity policies. Many cybersecurity professionals want to work directly with cybersecurity technology and geek out on the keyboard forever. For those brave practitioners, the updated CompTIA Advanced Security Practitioner (CASP) certification (CAS-003) is here.
Where It All Began
The U.S. Navy requested an industry IT certification for advanced cybersecurity technicians, or practitioners, who remain hands-on, deep in tech, for their entire military career.
In 2012, CompTIA fulfilled the request, and CASP was approved and listed in the U.S. Department of Defense (DoD) Directive 8570.01 Manual, which requires IT professionals working with sensitive information to earn IT certifications.
CASP is approved in four DoD job categories:
- IA Technical Level III
- IA Manager Level II
- IA Architect & Engineer Level I
- IA Architect & Engineer Level II
- Security Architect
- Technical Lead Analyst
- Application Security Engineer
- Security Engineer
What Is a Performance Certification?
CompTIA performance certifications validate the skills associated with a particular job or responsibility. To earn the certification, candidates must demonstrate their ability to perform related tasks through simulations and performance-based questions, proving they not only know what a job entails, but how to do it.
Why Is CASP Different?
CASP is the only hands-on, performance certification for practitioners – not managers – at the advanced skill level of cybersecurity.
While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP-certified professionals figure out how to implement solutions within those policies and frameworks.
What Topics Are Covered by CASP?
CASP validates advanced-level competency in risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security.
Successful candidates will have the knowledge required to:
- Conceptualize, engineer, integrate and implement secure solutions across complex enterprise environments to build resilient networks.
- Apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies.
- Translate business needs into security requirements.
- Analyze risk impact.
- Supervise and respond as a team lead to security incidents.
What’s New in This Version?
CompTIA updated CASP in 2018 to continue addressing current risks and incident response scenarios inherent with cyber-warfare, modern hacking techniques and cloud migration.
Some of the changes from CAS-002 to CAS-003 include:
- Expansion of enterprise security coverage to include operations and architecture concepts, techniques and requirements.
- More emphasis on analyzing risk through interpreting trend data and anticipating cyber-defense needs to meet business goals.
- Expanding security control topics to include mobile and small form factor devices, as well as software vulnerability.
- Broader coverage of integrating cloud and virtualization technologies into a secure enterprise architecture.
- Inclusion of implementing cryptographic techniques, such as blockchain, cryptocurrency and mobile device encryption.
Where Is CASP on the CompTIA Cybersecurity Career Pathway?
CASP is the endpoint of the CompTIA Cybersecurity Career Pathway. The exam objectives list the knowledge, skills and abilities of an advanced cybersecurity professional after 5 to 10 years on the job.
Are you an advanced cybersecurity professional? Learn more about the new CASP certification and register for your exam today.
CompTIA Director of Products Patrick Lane, M.Ed., manages IT workforce skills certifications, including CompTIA Cybersecurity Analyst (CySA+), CompTIA Advanced Security Professional (CASP) and the upcoming CompTIA PenTest+.
He assisted the U.S. National Cybersecurity Alliance (NCSA) and the National Security Agency (NSA) in creating the “Lock Down Your Login” campaign to promote multifactor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users.
Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, most recently assisting the Defense Information Security Agency (DISA) with scalable SIEM techniques from the private sector, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security (Syngress/Elsevier). He holds a number of IT certifications, including CompTIA Network+, CompTIA Security+, (ISC)2 CISSP, Microsoft Certified Solutions Expert (MCSE) and CIW Internetworking Professional and Server Administrator.
CompTIA Products Marketing Manager Jen Blackwell also contributed to this article. She oversees the certifications along the CompTIA Cybersecurity Career Pathway.