I recently passed (as in yesterday) the CompTIA Certified Advanced Certified Security Practitioner (CASP+) exam. There are always questions about what you did to pass and why that cert, so here’s my breakdown of that type of info.
An obvious (and frequent) question is CASP+ or CISSP? Both have value, though to be honest, I think CISSP has such a head start and brand power that I’m not sure CASP+ will ever gain that level of popularity. They are sort of “equivalent”, but not really. I thought about doing CompTIA’s CySA+ next too. But for that skillset, I have opted for the eLearnSecurity’s Incident Handling and Threat Hunting certs (again, not exactly the same thing, but I wanted the hands-on components of the eLearnSecurity courses and exams). I also wanted a more managerial focused cert because I felt that was an important aspect of my skillset to develop. I also liked the more technical focus of CASP+ compared to CISSP.
But bottom line, the 5 year experience requirement for CISSP kind of takes it off the table for a bit longer. I know I can do the Associate of CISSP thing, but I don’t feel like that carries much weight (for my situation). I would rather focus on other things until I’m eligible for the CISSP. Plus I should be able to take CISSP at about the time I need to renew CASP+, so that will be a good renewal option.
I’m not going to get into the which is a better or harder cert. That’s just asking for aggravation. This cert was the right option for me at this time.
I was fortunate to be able to take a prep course with Global Knowledge last summer through my employer. I took it as an instructor-led online class and learned a lot. And learned enough to know I wasn’t ready to take the exam yet. The material was covered well, and reviewing my notes from the class was one of the last things I did to prep. I did the labs during the class and then read the provided book afterward. Good overall prep and probably enough for people with more experience than I had at the time. I picked this training for job-related professional development because I thought it made the most sense for the job I have. The certification was in some ways just a bonus.
Based on my assessment that I needed additional prep, I turned to Cybrary. I did the set of labs from Practice Labs – that had 30+ virtual labs covering the content of the exam. That was a LOT of time. I don’t know that it was really necessary for the exam, but it was great for skill development. I also did the CASP+ video course with Jim Hollis. I used that as kind of an audiobook more than a dedicated watch the videos and take notes thing. Basically a time efficient way to cover the material again. I thought the class was good. Not as in-depth as the Global Knowledge course, but a good review of the information. I also did the practice exams available from Kaplan and Practice Labs. Those were huge. Getting used to how the questions are asked is a really important part of prepping for this cert (and CISSP as well from what I understand). I have a tendency to overthink questions and bring in all kinds of what-ifs, so the practice exams and explanations were really helpful. Plus they work well for review. I have access to the labs and exams because of my TA work, but I would have paid for at least a couple months access to help prep if I didn’t have access. I will also say that even though my TA stuff wasn’t directly related to prepping, the stuff that I’ve done as a TA did help with preparation because it is related to professional development.
I also listened to the Linked-in-Learning CASP+ course by Jason Dion – same as the Cybrary course – audio review. Another way to get exposure to the content. This course coverage was probably in between Global Knowledge and Cybrary in terms of depth. It is interesting that different courses focus on different things. I thought it was a good course and the review questions were a little different. This was also something I was able to access because of my employer. I’m very fortunate to work somewhere that my boss values continued professional development and has some budget to support it.
This certification focuses more on application of concepts than memorization, so prep accordingly. I think the big question I have about prep for this one is how much was the Global Knowledge course “needed” since it was the most expensive piece. I’m really glad I took the course because I learned a lot from the instructor and other students, but it’s unlikely I could have afforded the class on my own. If you look at the costs for a Cybrary and Linked-in-Learning, you can get a lot of content for a pretty reasonable price. I am a little biased toward Cybrary since I am a TA with them, but I feel like if you look at the content available, you get a massive amount of stuff for the price. If you can’t afford a year, just getting the premium access for a few months of dedicated prep will serve you well. If I had to choose between Cybrary and Linked-in-Learning, I would opt for Cybrary because of the labs and practice exams. I think combining the Cybrary CASP materials and a good CASP+ book would put you in a pretty good position. I used the book from my Global Knowledge course, so I can’t recommend a specific text. Amazon has a couple of options from the publishers you expect to see. But the reviews (grain of salt needed) for both the All-in-One and Sybex are mixed.
The exam itself costs $450ish direct, so probably around $400 with discount you can usually get. Couple months of Cybrary, a prep book, and the exam, and you are looking at under a grand. That’s not cheap, but hopefully doable for most people looking at this cert. The Global Knowledge course highlights the importance of a training budget at work. It really was good training, but more expensive that I would likely have paid for out-of-pocket.
I took the Global Knowledge course about a year ago, so I took my time prepping. I think it can be done more quickly, but I was okay taking longer. I continued my habit of having too many irons in the fire. Working on the AWS pentesting book definitely took some prep time away. As did working on the eLearnSecurity incident handling course. You can argue those also are preparation since they are professional development, but I definitely could have shortened my prep time by focusing purely on CASP.
In the week leading up to the test, I reviewed my notes from the Global Knowledge course and drilled the practice exams on Cybrary a lot. I spent the morning working then took the test. I did take the test while my area was still under restrictions related to COVID – don’t generally recommend taking a certification exam in the middle of a pandemic, but it was scheduled when it was scheduled.
What Would I Do Differently
If I had the experience and wanted to just get the cert – do one of the video courses, read a book, and prep with the exams. I think depending on reading speed and other demands, you could be ready to go in a couple months (or less). Otherwise, I’m pretty happy with how I prepped. I could have been more focused, but I get so much value out of book club and other things that it’s not worth eliminating those things. I think scheduling the exam is a good idea early in the prep process. Having a deadline helps keep you focused. Given the cost of certification attempts, I’m likely going to continue to take my time preparing. I want to go in prepared and feel like I’ve done what I can to pass on the first attempt.
I’m still horrible about celebrating accomplishments, so I posted on LinkedIn again and will get around to posting on Twitter. I have already started planning out when I’ll get my incident handling course done plus working on the AWS pentesting book. I’ve got an Autopsy training that I picked up when they offered it free that I’m really looking forward to. And I’ve got a couple of really cool Black Hills 4 hour trainings that I need to work through. That sounds like a lot when I write it down…
For today, the day after passing, I’m going to enjoy the accomplishment and be happy with how far I’ve come.