Introduction

At a glance, the CASP+ and CISSP certifications are similar to a large extent. The truth is that they are not interchangeable, due to different objectives and somewhat disparate career paths. However, both certifications prove that the candidate has technical and advanced-level skills to maintain the security of information systems and networks.

The CISSP certification features additional skills used to perform identity and access management (IAM), security assessment and testing, and software development authority. CASP+ covers two unique areas of information security, including technical integration of enterprise security and research, development and collaboration. These are not included in the CISSP.

In this article, we’ll take a deep dive into both certifications and try to understand the nuances of the CASP+ and CISSP certifications. We’ll look at the similarities and differences between the two, as well as how to know which certification is the best fit for you.

The difference in job roles

On its face, CISSP supports more job roles than the CompTIA CASP+. The following table includes a breakdown of the different job roles between the two.

CISSP CASP+
Network architect Security architect
Security consultant Application security engineer
Security architect Technical lead analyst
Security auditor Security engineer
Security manager
Security analyst
Security systems engineer
IT director/manager
Director of security
Chief information officer
Chief information security officer

CASP+ objectives (domains) and CISSP Common Body of Knowledge (CBK)

Whether they are objectives/domains or a Common Body of Knowledge (CBK), there is no serious difference between the two, as both terms cover the exam topics.

CompTIA CASP+ domains

Domain Exam Percentage
1 — Risk Management 19%
2 — Enterprise Security Architecture 25%
3 — Enterprise Security Operations 20%
4 — Technical Integration of Enterprise Security 23%
5 — Research, Development and Collaboration 13%
Total 100%

CISSP CAT Common Body of Knowledge (CBK)

Domains Exam Percentage
1 — Security and Risk Management 15%
2 — Asset Security 10%
3 — Security Architecture and Engineering 13%
4 — Communication and Network Security 14%
5 — Identity and Access Management 13%
6 — Security Assessment and Testing 12%
7 — Security Operations 13%
8 — Software Development Security 10%
Total 100%

What are the similarities between CASP+ and CISSP?

Both certifications are renewed after a three-year certification life cycle. In addition, both are compliant with ISO-17024 standard and accepted by the United States Department of Defense (DoD) to fulfill Directive 8140 (DoDD 8570) requirements.

The similarities between the CASP+ domains/objectives and the CISSP CBK are greater than their differences. For example, the opening domain of each of these certifications talks about risk management. (CASP+ pays more heed to risk management and gives 19% exam weight to it, unlike the CISSP, which assigns of 15%.) In addition, the following topics are also common in both certifications:

  • Security architecture
  • Security operations

Moreover, the following job roles are also common in both certifications.

  • Security architect
  • Security engineer

Furthermore, neither of these two certifications is vendor-specific; they are both vendor-neutral.

How do CASP+ and CISSP differ?

Although both certifications are alike in some ways, they also differ from each other in others. One of the key differences between CASP+ and CISSP is the experience requirements.

CISSP requires candidates to have a minimum of five years of cumulative, paid and full-time work experience in two or more of the eight CISSP CBK domains. However, if the candidate does not possess the required experience for CISSP, he or she may become an associate of (ISC)² by successfully passing the CISSP exam. Doing so can help the candidate to earn their required experience by remaining as an associate of (ISC)² for at least six years.

On the other hand, CompTIA CASP+ requires the candidate to have a minimum of 10 years of experience in IT administration, including at least five years of hands-on technical security experience.

The CISSP exam is more challenging than CASP+ in terms of exam material. The CISSP exam consists of eight domains, while CASP+ covers only five. The dissimilar domains or objectives of both exams are described in the following table.

CISSP Dissimilar Domains CASP+ Dissimilar Domains
Asset Security Technical Integration of Enterprise Security
Communication and Network Security Research, Development and Collaboration
Identity and Access Management (IAM)
Security Assessment and Testing
Software Development Security

Risk Management, Security Architecture and Security Operations are similar or common domains in both CASP+ and CISSP exam.

Both exams also differ in terms of exam details:

  • CASP+: Maximum of 90 questions and the length of the test is 165 minutes. CASP+ is available in English and Japanese. Requires 75 Continuing Education Units (CEUs) in three years to renew certification
  • CISSP: 100-150 questions and the length of the test is three hours. CISSP is available only in English. Requires 120 CPE credits in three years to renew certification

Benefits of CISSP

CISSP is a globally recognized certification and can open up information security jobs in the United States and elsewhere. According to (ISC)², the CISSP is the most valued information security certification in the world and employers give it 53% more preference over any other cybersecurity certification. Career prospects of the CISSP certification are:

  • IA manager level II
  • IA manager level III
  • IA technical level III

(ISC)² (the CISSP vendor) regularly conducts Job Task Analysis (JTA) to maintain the relevancy of the CISSP exam with modern information security trends. JTA is a methodical process whose purpose is to scrutinize the job roles of CISSP security professionals in order to make sure that they are meeting the current information security needs of the organizations. Once the JTA is successfully performed, the acquired information will be used to update the CISSP CBK in order to make it more relevant and appropriate for information security practices and careers.

Benefits of CASP+

CASP+ offers technical mastery for cybersecurity managers. Without a deep knowledge of technology, managing a cybersecurity team or program can become a daunting task. For instance, if you are given a task by your company’s top management to ensure compliance with a specific government standard, the request may include rolling out infrastructure requirements and complex cybersecurity technologies. However, CASP+-certified experts have an understanding of government standards and know how to meet their compliance requirements. The CASP+ certifies that a person possesses the advanced skills required to design, implement and lead technical solutions.

In addition, CASP+ certification supports the cybersecurity architect role, which is in high demand worldwide. Per CyberSeek statistics, the annual salary of a cybersecurity architect is $133,000. More than 5,000 jobs are available in the U.S. alone. Moreover, CASP+ is a globally recognized certification and therefore offered in many countries.

The career prospects for CASP+ certification holders include:

  • IA manager level II
  • IA technical level III
  • IA architect and engineer level I
  • IA architect and engineer level II

Since governments and regulators rely heavily on ANSI accreditation, CompTIA has delivered over 1.3 million ISO/ANSI-accredited exams since 2011 and is still continuing its efforts. The current CompTIA CASP+ exam version is CAS-003 and was made available on April 2nd, 2018.

Which certification is right for you?

Attaining a CISSP certification proves that you have technical skills and advanced knowledge to develop, design and manage an organization’s overall security defense mechanism. It includes risk management, asset security, security architecture, network security, security operations, security assessment and testing, and software development security. CISSP-certified professionals are security practitioners, security managers or executives with at least five years of information security experience. From CISOs to network architects, CISSPs are leaders who are always ready for information security challenges. Since CISSP meets the U.S. Department of Defense (DoD) Directive 8570.1, it is very useful for candidates who want to work in government institutions.

On the other hand, the CompTIA CASP+ credential certifies that you possess advanced-level skills in risk management, enterprise security architecture and operations, research and collaboration, and the integration of enterprise security. After being CASP+-certified, you will be able to conceptualize, integrate, engineer and implement security solutions across the organization’s complex environment. In addition, you will also apply judgment and critical thinking across a wide spectrum of security disciplines to suggest, implement and recommend proactive security solutions.

If you want to work in one of the following companies, then the CASP+ certification is right for you. The employers of these companies require CASP+ certification:

  • Verizon Connect
  • S. Navy
  • S. Army
  • Network Solutions
  • Booz Allen Hamilton
  • Dell

In addition, you can also apply in the companies who require technical hands-on skills in CASP+ domains’ areas.

Conclusion

Both the CISSP and CASP+ certifications offer huge benefits to individuals and organizations because they provide necessary managerial and technical knowledge required to succeed in the IT industry. CISSP is a popular certification throughout numerous industries so the Return on Investment (ROI) for CISSP is much higher than CASP+.

CASP+ is rapidly gaining popularity and recognition in the IT industry. CASP+ certification holders impress employers due to their technical knowledge and hands-on skills, unlike the CISSP, which is more managerial than technical. However, both certifications can provide a wide range of opportunities in the information security industry.

 

Sources

  1. The Ultimate Guide to the CISSP, (ISC)2
  2. CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives, CompTIA
  3. CISSP – The World’s Premier Cybersecurity Certification, (ISC)²
  4. CompTIA Advanced Security Practitioner, EXAM CODES CAS-003, CompTIA
  5. WHAT’S THE DIFFERENCE BETWEEN CASP AND CISSP?, ITPRO.TV
  6. CISSP vs CASP+ Which Certification is Right for you?, SecureNinja
  7. Which IT Certification Is Best For Me CompTIA CASP vs CISSP?, uCertify