When the U.S. Navy needed a way to assess its cybersecurity practitioners, CompTIA answered the call with the CompTIA Advanced Security Practitioner (CASP+) certification in 2012. But this advanced-level cybersecurity certification can be applied to the corporate sector as well.
The IT certification validates the skills of some of the highest-paying cybersecurity jobs, according to Cyberseek, including cybersecurity architect and cybersecurity engineer.
The following topics are covered by this cybersecurity certification:
- Risk management
- Enterprise security operations and architecture
- Research and collaboration
- Integration of enterprise security
CASP+ is the only hands-on, performance-based certification for cybersecurity practitioners – not managers – at the advanced skill level. While cybersecurity managers help identify what policies and frameworks could be implemented, CASP+-certified professionals figure out how to implement solutions within those policies and frameworks.
How CASP+ Skills Apply to the Corporate Sector
When CompTIA responded to the U.S. Navy’s need for a performance-based certification, the U.S. Department of Defense (DoD) approved and mandated CASP+ as part of the DoD 8570 directive.
Many corporations that provide services to the U.S. government, such as General Dynamics IT (GDIT), Booz Allen Hamilton and the Johns Hopkins University’s Applied Physics Lab, require personnel to earn CASP+ for specific job roles.
But since 2012, civilian corporations have also adopted CASP+ certification to validate the skills of their cybersecurity professionals. For example, Verizon Connect, Nationwide, Network Solutions and SecureWorks all have CASP+-certified employees. The skills are necessary to ensure enterprise networks are secure, regardless of government or non-government status.
To receive DoD approval, CASP+ required accreditation through ISO/ANSI 17024. Regulators and government rely on ANSI 1704 accreditation because it provides confidence and trust in the outputs of an accredited program.
Different Job Titles for the Same Role
While the skills required by civilian and DoD companies are the same, the job titles vary. CASP+ aligns with 11 work roles in the framework used by the DoD to define cybersecurity jobs – the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF), also known as National Institute of Standards and Technology (NIST) SP 800-181. In the table below, we’ve matched up common civilian job titles to those in the NICE framework to show how the skills align.
Civilian Cybersecurity Job Titles Compared to DoD Job Roles and Skills
Civilian Job Roles
DoD/NICE Job Roles
||Number of Job Listings
Cybersecurity Architect or Security Architect
||Enterprise Architect, SP-ARC-001
Security Architect, SP-ARC-002
Systems Requirements Planner, SP-RP-001
|Design, build, test and implement cybersecurity systems
|Cybersecurity Engineer or Security Engineer
||Security Control Assessor, SP-RM-002
Cyber Defense Analyst, PR-DA-001
Cyber Defense Incident Responder, PR-IR-001
Vulnerability Assessment Analyst, PR-VA-001
Cyber Crime Investigator, IN-CI-001
|Monitor networks for cybersecurity breaches and vulnerabilities; test and screen security software; provide recommendations for improvements
|Technical Lead Analyst
||Warning Analyst, AN-TA-001
Research and Development Specialist, SP-RD-001
|Manage a team; set up, configure, test and analyze systems
|Application Security Engineer
||Information Systems Security Developer, SP-SYS-001
||Design, test, and implement web security, mobile security and cryptography
*The closest salary and job listings match on Cyberseek.org is cybersecurity analyst.
As you can see, the jobs are similar, but they have different names. For example, DoD personnel may be cyber defense incident responders, but in the civilian world they might be security engineers. Both job roles perform incident detection and response.
See how CompTIA certifications map to DoD 8570 job roles.
Why Should Job Seekers Care?
As a cybersecurity professional, performance certifications like CASP+ can show employers that you have the skills they are looking for. When you apply for jobs and go on interviews, highlight the skills covered by your IT certifications, whether the employers listed the certifications in the job description or not.
By not just listing your certifications and skills, but by being able to explain what they mean and how you’ve applied them in your previous roles, you can prove to employers that you are the right candidate for the job.
Why Should Corporations Care?
Corporations are increasing their ability to fight cyber threats and weaknesses with the skills covered by the CASP+ certification. Making CASP+ certification a requirement in job postings increases the likelihood that you will hire the right person for your cybersecurity enterprise operations.
CASP+ certification ensures that your employees can exercise critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise goals.
Learn more about the CompTIA Advanced Security Practitioner (CASP+) certification.
Find Your Path to a Cybersecurity Career
CASP+ is the endpoint of the CompTIA Cybersecurity Career Pathway. The pathway aligns with the skills needed to support and manage IT cybersecurity.
Click the image to learn more about the CompTIA Career Pathways
Learn with CompTIA
Official CompTIA Content is the only study material exclusively developed by CompTIA for the CompTIA certification candidate; no other content library covers all exam objectives for all certifications. Official CompTIA study guides have been developed with Official CompTIA Content to help you prepare for your CompTIA certification exams with confidence. You now have everything you need to learn the material and ensure you are prepared for your exam and your career. See what training materials are available for CASP+.
Want to learn more about CASP+? Download the exam objectives to see what’s covered.
Patrick Lane is a director of product management for CompTIA. He manages IT workforce skills certifications, including CompTIA Cybersecurity Analyst (CySA+), CompTIA PenTest+ and CompTIA Advanced Security Professional (CASP+). He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick has received certifications in CompTIA Network+, Security+, (ISC)2 CISSP, Microsoft MCSE and CIW Internetworking Professional and Server Administrator.
Jen Blackwell also contributed to this article. She is a senior products marketing manager at CompTIA and oversees the certifications along the CompTIA Cybersecurity Career Pathway.