If ever there were a decisive moment in the history of cybersecurity in the U.S., it was the November 2014 hack of Sony’s security infrastructure. The widespread release of stolen personal data and the possible implication of a foreign government drove the point home: Cybersecurity has entered a new era. The growing complexity of systems, the ubiquity of cloud-based data storage and the unprecedented severity of threats call for a new kind of IT professional—the sort of IT professional that the re-launched CompTIA Advanced Security Practitioner (CASP) certification will create.
The CASP is a certification for top-notch IT talent with 10 years or more of experience in the field. Its recent re-vamp has added new areas of focus that speak to both the new IT needs of enterprises and government, as well as the inquisitive, creative mindset today’s high-level IT professional needs to have.
“We’re really talking about people with the technical knowledge to conceptualize, engineer, integrate and implement secure solutions across complex environments. That is basically the current state of IT,” said Patrick Lane senior manager of product management at CompTIA, who offered some insights on the significance of the re-launched CASP.
With concerns about national, corporate and personal security all at play, the stakes are high. These seven new things about the CASP certification will show you a few of the ways that CompTIA is preparing the top-level IT pros to keep the online world safe.
1. More scenario-based objectives, opening the door for more performance-based questions.
Addressing high-level IT security concerns requires more than just memorizing strings to input into a command line or knowing how to get past a specific error screen. It requires the ability to dig deep and analyze what’s happening in a scenario that doesn’t offer clear answers. The new CASP isn’t the kind of exam made up primarily of terms and definitions. Rather it might ask IT professionals to react to a hypothetical DDOS attack, demonstrating the ability to assess and solve a real-world problem.
“[CASP certified IT professionals] are going to have the ability to do critical thinking and apply judgment as well as to implement the changes themselves,” said Lane.
2. More coverage of cryptographic concepts and methods.
The complex algorithms that go into keeping connections secure and data encrypted are ever-evolving and understanding how they function is necessary to both implementing security measures and knowing how data is being compromised. CASP requires IT professionals to have a command of the most up-to-date knowledge of the algorithms that are used for the various security protocols and a deep understanding of symmetrical and asymmetrical key exchanges and other cryptographic principles.
3. More emphasis on secure storage.
With more personal data online than ever before being housed on more disparate systems, keeping data secure is top-of-mind for everyone from government institutions to enterprises to SMBs. This is especially true in the case of cloud-based storage. According to a Federal Times article, even the Department of Defense is now expected to migrate data onto public cloud services after a change in legislation early in 2015. The new CASP exam makes sure that IT professionals are skilled in keeping information safe in cloud environments and have a deep understanding of the functioning of the most current cryptographic protocols used to encrypt stored data.
4. New cloud coverage, generally.
“The cloud is all about customization. Every single company that is going to be transitioning to the cloud, they’ve got their data in different places,” Lane said of cloud computing, and the CASP addresses this. The exam makes sure that IT pros are qualified to handle the deployment of and migration to this complicated, customizable and highly variable environment. When an enterprise moves onto the cloud, an organization’s security protocols will change. There will be new risks and new concerns. A CASP-certified pro can handle them.
5. Intelligence gathering tools.
In order to recognize a hack, sometimes an IT professional needs to think like a hacker. The CASP exam tests takers on their familiarity with a list of tools and methods for assessing flaws in systems so that they can see all the holes from a hacker’s-eye view and close them. Methods such as penetration testing – entering a system in order to assess its security flaws – and malware sandboxing – tinkering with malware in a controlled environment to see how it acts – help IT professionals know what they’re up against. CASP makes sure that IT professionals know all of the tools at their disposal and how to use them.
“Like the quiver of arrows Robin Hood would have, this is the quiver of tools a CASP IT pro would have in order to collect information to do a proper analysis,” Lane said.
6. Current tracking technologies in asset management.
Bring Your Own Device (BYOD) has become a workplace staple. Constantly-connected devices are a fact of life. With the advent of the Internet of Things (IoT), the number of types of devices that can connect to the Internet is skyrocketing. More connectivity means a broader range of devices to keep track of and keep secure. The new CASP ensures IT professionals are up to speed on the latest tracking technologies. In the IoT-era, workplace device theft is but one scenario a high-level IT pro may have to address.
“There are a lot of great things about being able to control your house from your mobile phone,” said Lane. “But what if somebody hacks into your house and they’ve taken control of your refrigerator, and they’ve installed malware across all devices into your home? This comes more into play when we’re talking about F-18 Hornets.”
7. The technical side of secure integration across the enterprise was extracted from domain 1.0 and expanded into a new 5.0 domain.
Network complexity is growing, and cloud adoption is no longer restricted solely to the enterprise level. Software-defined networking is opening up a world of complex variations in configurations of infrastructure.
“It’s highly likely that [an IT professional] will be in a situation where there is a complex network that’s been put together piece-by-piece over the years without a master plan,” Lane said.
The new CASP makes sure IT professionals know the standards needed to implement and work securely in these environments, as well as how to approach legacy systems and software developed both internally and externally that may pose completely unique challenges to creating and maintaining secure networks.
Matthew Stern is a freelance writer based in Chicago.
First to market with CompTIA-approved preparatory training for CASP is Skillsoft, a recognized learning-industry leader. Skillsoft’s CAS-002 eLearning self-paced online courseware includes engaging rich-media lessons with hands-on practice how-to videos for quick nuggets of instruction, live one-on-one mentoring for personal support and test-prep practice exams to ensure readiness to sit for the exam. The courseware is also eligible for credits under CompTIA’s Continuing Education Program and, for a limited time, Skillsoft is offering customers a special discount on the exam voucher for the CAS-002 exam.