The business value of the CompTIA CASP+ employee certification

May 4, 2020 by Susan Morrow


Cybersecurity breaches continue to present serious challenges to organizations across every sector and of every size. In the first nine months of 2019, 7.9 billion data records were breached. These breaches are becoming increasingly sophisticated and continue to cause damage, present liability, and increase the costs of a business. 

To counter these threats, an organization needs to have excellent staff who are knowledgeable and who have practical skills in the areas known to be at risk. However, in a recent ISACA survey, “State of Cybersecurity 2020, 70 percent of respondents said that less than half of security job candidates were sufficiently qualified to do the job. 

Well-trained and certified staff are a key resource. However, there is a myriad of employee certifications in the cybersecurity area. According to a report by GlobalKnowledge, 85% of IT professionals hold at least one certification, while 66% of employees are looking to add a new certification. 

But which security certification is the best one to focus, time, energy and finances on? Here, we look at one of the most sought-after certifications in the industry: the CompTIA CASP+ certification.

What is the CompTIA CASP+ employee certification?

The CompTIA Advanced Security Practitioner (CASP+) is meant for hands-on practitioners in the IT security field. The certification proves a person has reached an advanced level in enterprise security operations and architecture and wishes to apply that knowledge. 

The certification provides evidence that you have a deep level of understanding of security matters and practical knowledge in the application of extended network and mobile security. It also covers the use of secure virtualization in an enterprise infrastructure at a time when this technology is being increasingly used.

CASP+ is a hands-on, performance-based exam, so only those who feel confident in the practical side of cybersecurity should attempt it. Because of the difficulty level, this certification provides evidence that an employee has the practical skills to apply the tenets of a security policy in line with business needs.

What roles need the CompTIA CASP+ employee certification?

The CompTIA CASP+ exam validates a practical understanding of security and its application in an enterprise setting. It also demonstrates that an individual can use research to spot trends in the cybersecurity landscape and then apply that knowledge within an organization. This latter skill takes you to a new level of expertise in the area of cybersecurity. 

CASP+ helps to define a career as a security architect or security engineer and related roles. This certificate is ideally suited to persons with a minimum of ten years of IT experience.

There are four key roles that benefit from CASP+ certification:

  1. Security architect
  2. Technical lead analyst
  3. Application security engineer
  4. Security engineer

What knowledge and skills does a CompTIA CASP+ employee certification validate?

The CASP+ exam includes the following key areas of cybersecurity know-how:

  • Concepts and techniques within the extended enterprise, including operation and architecture considerations
  • Techniques in trend data interpretation, as applied to ensure alignment of cyber-defense with business needs
  • Mobile and other device security
  • Software vulnerabilities detection, analysis and mitigation
  • Cloud and virtualization technology use within a secure enterprise architecture
  • Implementation of cryptographic techniques, including blockchain, cryptocurrency and mobile device encryption

CompTIA CASP+ certification demonstrates advanced level skills. As such, a successful training and exam outcome will show the individual has high-level competency in:

  • Risk analysis and management
  • Understanding enterprise security operations and architecture
  • Technical integration skills in enterprise architecture
  • Incident response and recovery
  • Research and collaboration

NOTE: Employees taking the certification will need to renew their certificate every three years.

How does the CompTIA CASP+ employee certification benefit my business?

IT security is a discipline that needs a good mix of general technology knowledge, analytical capability and practical skills. Finding staff that have the right level of know-how and practical experience is a challenge. Currently, finding these experienced and knowledgeable cybersecurity staff is difficult because of a skills gap; an (ISC)2 survey found that 65% of organizations were seeing a shortfall of skilled cybersecurity staff.

A company can benefit in several ways by using the CompTIA CASP+ exam:

  • Meets an internal skills gap: CASP+ was designed to ensure that employees, including those not at managerial level, can be trained to a high competence level in practical cybersecurity skills. The exam is ISO/ANSI 17024 standard and is approved by the US Department of Defense in Directive 8570.01-M requirements
  • Practical testing of skills: The CASP exam uses simulations to test skills in cybersecurity systems and programs on a network and various systems
  • Cybersecurity mastery: CASP+ confers advanced skills needed to lead, design and implement technical solutions

Businesses that train their staff to the level required to pass the CompTIA CASP+ exam will have created a valuable internal security resource.

How can I help my team prepare for CompTIA CASP+ employee certification success?

CompTIA CASP+ is an intensive examination process and preparation is half the battle. Unlike many other cybersecurity exams, the CASP+ exam has practical sessions. These sessions are performance-based questions (PBQs) used to measure a candidate’s ability to solve problems in a simulated environment. The environment is not a live lab; instead, it is a simulated environment, set up to test a candidate’s ability to troubleshoot a specific scenario. 

Typically, candidates will be shown a virtual scenario and given data to describe configuration and other variables within that scenario. They will be tested on their ability to analyze the situation based on the data, architecture diagrams, etc., and to troubleshoot the problem.

To optimize an employee’s success in achieving CASP+ certification, candidates can use training sessions. These training sessions take them through typical CASP+ questions and scenarios. 

Infosec offers a 5-day boot camp to achieve employee success in taking the CompTIA CASP+ exam. The boot camp can be done remotely from any location. Using expert instructors, the boot camp focuses on getting employees CASP- ready, including how to conceptualize, design, and engineer, secure solutions across complex enterprise environments. The practice sessions and in-depth course materials offered by the boot camp prepare your employees for both the multiple-choice part of the exam and the PBQs.

CompTIA CASP+ certification is an important way to help your employees understand their own skill set and work to apply it in a practical manner. CASP+ is also a great benefit to an organization in a climate where experienced and qualified employees are at a premium. Specialist training used to prepare employees for CASP+ exam success is also important. Using remote sessions, these training sessions help to build up the confidence of a candidate in readiness to sit the exam.



  1. Number of Records Exposed Up 112% in Q3, RiskBased Security
  2. State of Cybersecurity 2020, ISACA
  3. 2019 IT Skills and Salary Report, Global Knowledge
  4. CompTIA Advanced Security Practitioner (CASP+), CompTIA
  5. Strategies for Building and Growing Strong Cybersecurity Teams, (ISC)2
  6. DoD 8570 IAT Certification and Requirements [Updated 2019], Infosec
Posted: May 4, 2020
Susan Morrow
View Profile

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure. Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.

Leave a Reply

Your email address will not be published. Required fields are marked *