This year, IT security professionals working with the U.S. Department of Defense got a new option for their required credentials: the CompTIA Advanced Security Practitioner (CASP) certification.
The CASP certification now fits into several tracks governed by DoD Directive 8570.01-M, including Information Assurance Technical (IAT) Level III, Information Assurance Management (IAM) Level II, and Information Assurance System Architect and Engineer (IASAE) Levels I and II.
CompTIA spoke with three CASP-certified professionals about why they chose this security certification to move their career forward.
The Security Big Picture
Although he had spent months studying for the Certified Information Systems Security Professional (CISSP) credential, Troy Sullivan decided in March that the CASP was more relevant to his job as an Information Security Analyst at Computer Sciences Corporation (CSC) at Scott Air Force Base in Illinois.
The CISSP exam is targeted to management track security professionals, with job titles such as CISO, director of security or security manager. The CASP exam has more hands-on content—in the form of performance-based questions—and is ideal for technical leads. CISSP also requires five years of experience in the field, while CASP recommends five years of IT security experience.
Earning the CASP “helped me look at security from different angles,” Sullivan said. “My basic experience was mostly from the technical side, but learning the principles of risk management helped me understand the bigger picture and think of different aspects of security that I wouldn’t have before.”
In addition, Sullivan believes the CASP helped him secure a new job on with Lockheed Martin. “As an 8570 compliant certification, it completed that checkbox for this senior position, and since it was a more technical certification than other Level III certs, it seemed the right one to go for.”
Sullivan also holds CompTIA Security+, EC Council’s Certified Ethical Hacker (CEH) and ITIL v3 Foundation certifications. He likes how the CASP and the CEH certifications “gives you a parallel view of network security”—the CASP from the network defense point of view, the CEH from the attacker’s viewpoint. “For me, as a security professional, the CASP allows me to see more of the big picture.”
For James Riley, the CASP certification opened doors to conversations with employers. Riley earned the CASP in March. At the time, Riley, a Navy veteran, was working for BAE Systems on a federal contract with the Defense Security Service, but he knew that the contract could expire at any time. He earned the CASP to be proactive for his next job hunt, believing that the CASP certification “would open up a lot of doors in the future and catch on” within the federal defense arena.
Shortly after Riley earned the CASP, BAE Systems’ contract did expire and Riley was looking for work. He posted his resume, including the CASP certification, on several online job sites. He said employers “inquired about what the CASP was and what it entails, and nine times out of 10, it impressed them that I had it.”
In April, Riley landed a job as an information systems security officer for First Information Technology Systems in Arlington, Va. The CASP was “a great conversation starter” when First Info Tech Systems called, he said.
Riley likens the CASP to the Certified Ethical Hacker exam because both require a level of security experiences in the field and the capacity to drill down into security specifics. “But the CASP takes it one step further with the simulations (performance based questions),” Riley said. “The CASP was very real world, scenario-based.”
Nadean Tanner finds she’s in demand as an IT training instructor with CASP certification. “In my environment, military defense, the CASP is what they (service members and defense contractors) need for their highest level IA-III security admin privileges,” she said.
Tanner has taught IT courses since 1996 at businesses, in academia and now at Ironhorse University, the Army 4th Infantry’s training support division in Fort Carson, Colo.
Over time, she’s earned a raft of IT certifications, including the CompTIA A+, CompTIA Network+, CompTIA Security+, CompTIA Server+, along with multiple Microsoft credentials. When Ironhorse University’s lead IT security instructor left the training division for a private sector job, Tanner decided she would earn the CASP so she could teach the course.
Whereas Security+ gives a strong introduction to security, the CASP requires candidates to breakdown those core concepts, understand how they work and apply them to scenarios, she said. “You don’t just need to know the different types of encryption, but which one is best in different situations, and what are the best practices,” said Tanner.
She expects to travel to teach CASP at different bases, potentially as far away as South Korea and Germany. “I can go anywhere with this,” Tanner said. “The demand is very high.”