.

[Article]-CASP – The Evolution of Technical Security Certifications?

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Nov 27, 2011 2:05 am

[Article]-CASP – The Evolution of Technical Security Certifications?

A few questions have popped up on EH-Net regarding this new cert from CompTIA. So I figured that I would get a jump on things and start the conversation with the source. If you have any other questions, please ask in this forum, and we'll get Carol to answer directly. Hope it helps.

Permanent link: [Article]-CASP – The Evolution of Technical Security Certifications?


Image


CompTIA has been a stalwart in the IT certification arena for quite a number of years. They have dominated the space with such recognized credentials as A+, Linux+, Security+ and many others. Their certifications have been highly recommended by The Ethical Hacker Network (EH-Net) as well as countless others as an entry-point into a given area of IT. But can CompTIA help advance the careers of those already in the field of their choice within IT?

Enter CompTIA’s newest line of industry credentials, the Mastery Series of Certifications. The first offering from this new line is the CompTIA Advanced Security Practitioner, CASP (pronounced C-A-S-P like an acronym as opposed to ‘casp’ like a word). At first glance, it would appear as though CompTIA is taking on ISC2 and the venerable CISSP. After a closer look, this isn’t quite the case. Let’s find out more from Carol Balkcom, CompTIA’s Director and Product Manager for the CASP.



Don
CISSP, MCSE, CSTA, Security+ SME
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sun Nov 27, 2011 2:15 pm

Re: [Article]-CASP – The Evolution of Technical Security Certifications?

How do you guys feel about this cert? Do you think it will become an up and coming cert?
OSCP in progress
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Mon Nov 28, 2011 10:17 am

Re: [Article]-CASP – The Evolution of Technical Security Certifications?

It could be.  Depends on what it's based off of.  The A+ cert is probably the most widly known.

What are the requirements for it?
Security+, Network+, C|EH, CHFI, CPT
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Nov 29, 2011 10:05 am

Re: [Article]-CASP – The Evolution of Technical Security Certifications?

I'm extremely skeptical that this will go anywhere. If they achieve 8570 status then certainly many DOD folks will see this as a relatively inexpensive option, but other than that I have little faith in their ability to deliver a quality product. I've been a CompTIA cert holder since 1999 and have never been very impressed with their programs. They have a reputation as an entry level cert company and that's what they do. Trying to escape that will be an uphill battle. I sincerely hope I am mistaken.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

l33t5h@rk

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Tue Nov 22, 2011 12:06 am

Post Fri Dec 02, 2011 12:45 am

Re: [Article]-CASP – The Evolution of Technical Security Certifications?

tturner wrote:I've been a CompTIA cert holder since 1999 and have never been very impressed with their programs.


I hate to sound negative because it does look like they're exploring expansion of their current space, but I recently interviewed for a position on my team and two of the candidates who were brought in had A+, Sec+, and Network+, yet were extremely unqualified. Perhaps it's just a caveat emptor for certifications altogether, but if someone has those and can't explain the OSI model (as I always ask in interviews) then clearly a goal has been missed. Perhaps prereqs should be higher?
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Dec 02, 2011 9:41 am

Re: [Article]-CASP – The Evolution of Technical Security Certifications?

Net+ covers OSI model and asks questions about it so it's not necessarily a cert fail, but more an applicant fail. Just like anything else, if you are not using skills you will lose them. That being said, I find many unqualified applicants holding these certs because they are commonly delivered as part of tech school degree programs and the tests are really easy to braindump. Which may be a cert fail as well. At one tech school I attended in the late 90's, one student was charging other students to take their MCSE and CompTIA certs for them and sharing profits with the proctor. There was a camera in the testing room but everyone knew it did not work.

I for one am looking forward to the industry getting away from multiple guess and focusing on practical exams. I hope we get there one day because the current certification models are a complete failure.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Fri Dec 02, 2011 9:55 am

Re: [Article]-CASP – The Evolution of Technical Security Certifications?

I guy I worked with had a bunch of certs after his name and was going for his MBA.  But when it came to actually doing the work he fell short.  He either didn't share what he was doing or couldn't explain it.  I once asked him how his IIS 7 was since I had to rebuild a web server and migrate the old site pages off a recovered drive.  His answer was "what do you mean?"  So I repeated, and he came back with well "I have my MCSE so I know it."  I didn't get much help from him on the matter.  Not to mention it took him 3 days to set up watchguard SOHO devices.  Not 3 days total for all devices, but 3 days PER device.  Apparently he didn't realize you can dump the config files from a completed one and pump it down to new devices...  but I digress...

Yes people can have the cert and not know a damn thing about the material.  They knew enough to memorize the answers.  Wow though really?  OSI?  its like in every tech book out there no matter what the topic is!
Certs: GCWN
(@)Dewser
<<

l33t5h@rk

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Tue Nov 22, 2011 12:06 am

Post Fri Dec 02, 2011 11:53 am

Re: [Article]-CASP – The Evolution of Technical Security Certifications?

I always ask about OSI model in the interview. It just seems like a good way to find a starting place. I don't even necessarily expect people to dig deep, just tell me 7 layers and name them. Once you start discussing TCP/IP and packet structure in depth that is more what I'm interested in than the theory.

tturner - I agree with you on the applicant fail, but it should be both ways. How did this person get the cert? Exactly how you described, paper mill studying got the rubber stamp and now his resume has every CompTIA cert on it.

3xban - I am still LOL about the 3 days per SOHO, you could take one apart, put it back together, and configure it in 2 hours!

Return to Editor-In-Chief

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software