On CASP: Credentialism or Real Cred?

The CASP exam for CompTIA’s certification is a welcome departure from the standard test format in that it challenges candidates to grapple with real-world scenarios to test foundational knowledge.

Here we go again – another security certification. Break out the countless tables of port numbers to memorize, the endless lists of vintage computer viruses from the ’90s and ’00s that are still, somehow, relevant. Prepare to trudge through the alphabet soup of confusing acronyms and Escherlike diagrams of network configurations that don’t exist in the real world. Such endless hours of repetition and memorization are a necessary evil in the quest to be a credentialed security professional.

However, the CompTIA Advanced Security Practitioner (CASP) certification differs from many others by testing one’s knowledge in real-world scenarios. For example, instead of asking, “Which port number is utilized for HTTPS?” CASP squeezes the candidate in a vise grip: “Your network is being destroyed, hell is breaking loose, you’ve run a port scan, and the following ports are open: X, Y, and Z. Which port should you close to save the network, life on earth as we know it, and your job?” I’m taking liberties with some of the language, but you get the idea.

CompTIA Advanced Security Practitioner (CASP) certification

This pass/fail test combines multiple choice and performance-based questions. It’s relatively short with 90 questions, meaning the margin of error is narrower than other, seemingly endless certifications (250 multiple choice questions, really? What are we trying to prove?).

And if you genuinely want to test security professionals’ mettle, present them with an end-of-days scenario, then give them a blank command line – as CASP does. That challenge will separate the strong from the weak in no time.

CASP is one of the most in-depth certifications currently offered and requires a mix of real-world and foundational knowledge to pass. For obvious reasons, measuring one’s skill set based on certifications alone is a flawed approach. By earning CASP, security professionals accomplish far more than others holding certifications that merely scrape the surface of the security landscape. Those who are CASP certified demonstrate they possess the essential cybersecurity skills and technical knowledge required to conceptualize, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise.

TalaTek provides specialized services in risk management, security, and compliance. Our team comes with the highest industry certifications. We’re trusted partners delivering solutions that make good IT sense and good business sense. Contact TalaTek to learn how we can help your organization navigate the complexities of information security.

Johann Dettweiler

Johann Dettweiler

Information Assurance Consultant

Certified CISSP, CCSP, CEH, PMP, and now CASP. When not pursuing professional credentials, he is perfecting his technique crafting the perfect pint.

TalaTek provides specialized services in risk management, security, and compliance. Our team comes with the highest industry certifications. We’re trusted partners delivering solutions that make good IT sense and good business sense. Contact TalaTek to learn how we can help your organization navigate the complexities of information security.