As the data is growing day by day, it is understandable why there is a huge demand for Security professionals in this IT era. Being a certified security professional has an added advantage. It showcases your competency in the field of security and helps in authenticating your capabilities.
There are multiple security certifications out there and in this blog we will cover two very popular certifications – CASP+ and CISSP. CISSP is an old and well-recognized certification that was introduced in 1994. CASP+ is the new hero certification, which is gaining a lot of popularity after getting launched just two years back in 2018.
What is CASP+?
CompTIA Advanced Security Practitioner (CASP+) is an advanced security certification offered by CompTIA. It checks the competency in enterprise security operations and architecture, risk management, enterprise security integration and research and collaboration. CASP+ is the only performance-based certification that is focused on practitioners and not managers. CASP+ certified professionals are those folks who are responsible for implementing a cybersecurity solution by creating policies and frameworks.
CompTIA Advanced Security Practitioner is approved by DoD for directive 8140/8570.01-M requirements and compliant with ISO 17024 standards. This certification is compliant under the Federal Information Security Management Act (FISMA) with government regulations. That is the reason you will see people looking to get into government jobs in the security domain will opt for this certification. This certification is very much aligned with government security projects.
To achieve this certification, you need to pass the CASP+ certification exam, which is not an easy task. This certification is not suggested for beginners. You must have ten years of overall experience with five years of it in the security domain to attempt this exam. It is recommended to go for the CompTIA Security+ exam before trying CASP+. Most of the fundamentals of CASP+ is based on Security+.
Below are the different knowledge area domains in this certification and their coverage % in the certification exam.
|Knowledge Area||% in Exam|
|Enterprise Security Architecture||25%|
|Enterprise Security Operations||20%|
|Technical Integration of Enterprise Security||23%|
|Research, Development and Collaboration||13%|
Below are the core responsibilities of a CASP+ certified professional:
- Plan, engineer and implement complex enterprise solutions to build resilient networks
- Analyze the risk impact on the business
- Translate business needs into security requirements
- Apply critical thinking to propose necessary security disciplines
- Respond and supervise the security incidents as a team lead
What is CISSP?
Certified Information Systems Security Professional (CISSP) by Informational Systems Security Certification Consortium (ISC)² is considered as a high-standard certification in the security domain. This certification was started in 1994 and this is why it is very much trusted by professionals looking to make a career in cybersecurity. Taking up the CISSP certification will help you define the design, architecture, controls and management of highly secure business environments.
CISSP is considered as an advanced level cybersecurity certification. That is why it is better if the candidate clears the basic level and the managerial level certifications before attempting this certification. This certification is more suited for those who want to move into a management position in the organization. This certification focuses more on management practices, strategies and principles.
To achieve this certification, you need to pass the CISSP certification exam. CISSP needs you to have at least five years of paid work experience and you must have worked in 2 domains which are a part of the CISSP exam. Professionals at the director and CIO level are the ideal candidates for this certification.
The CISSP certification exam is divided into 8 different domains. Below is the weightage of each domain in the exam.
|Domain||% in Exam|
|Security and Risk Management||15%|
|Security Architecture and Engineering||13%|
|Communication and Network Security||14%|
|Identity and Access Management (IAM)||13%|
|Security Assessment and Testing||12%|
|Software Development Security||10%|
Let me now tell you the differences between CASP+ and CISSP.
Key Differences Between CASP+ and CISSP
CASP+ focuses on IT professionals who are core techies. They are practitioners who develop and implement cybersecurity solutions. Professionals who get certified have skills to lead and design security solutions. This certification gives you technical mastery to be a cybersecurity manager.
On the other hand, CISSP is for those professionals who are into management or want to get into a management role. This certification is more focused on managing the technical security solution rather than developing it.
You need to have a total of 10 years of experience with 5 years of hands-on experience in the security domain to attempt CASP+ certification. If you are a junior security engineer, security analyst, cybersecurity analyst, information security analyst, then you should go for this certification.
Whereas in CISSP, you only need to have 5 years of paid work experience which should cover a minimum of 2 domains, which are a part of CISSP certification domains. Professionals working as security consultants and managers, network and security architects, IT directors, security auditors and chief information security officers can take up the CISSP certification.
Exam Pattern / Duration / Passing score
CASP+ is the only exam at this level, which has performance-based questions. CASP+ exam consists of 90 questions which are divided into multiple-choice and performance-based types of questions. The duration of this exam is 165 minutes. There is no fixed passing score for this certification exam. At the end of the exam, you directly get to know whether you have passed or failed.
CISSP exam has total of 250 questions which consists of multiple-choice questions and advanced innovation-type questions. The length of this exam is 6 hours and you need to score 700 out of 1000, to pass this exam.
In terms of certification cost, CASP is way cheaper than CISSP. The cost of CASP+ certification is 452$, whereas the cost of a CISSP certification is 699$. In case you fail in the first attempt in any of these certifications, you again need to pay the same cost for the second attempt. There is no waiver of fee for the 2nd attempt. However, there is a “Basic Bundle” option offered by CASP+ for 799$, which consists of one exam voucher, one retake and an eBook of the official CompTIA CASP+ self-paced study guide. So, just 100$ more than the CISSP certification cost with one additional retake sounds like a good deal to me.
Professionals getting CASP+ certified will get in job roles such as Security Engineer, Network Engineer, Cybersecurity Engineer/Analyst, Security Architect. In comparison, professionals with CISSP certification will get into job roles such as Chief Information Security Officer (CISO), IT Manager, Chief Information Officer (CIO), Security Consultant, IT Director.
Globally, on average, a certified CASP+ professional earns $104,650 and a CISSP certified professional earns $116,573. So, the salary range is almost close. But the salary also depends on your years of experience. Majority of time, a professional with CASP+ will have at least 10 years of total experience and will earn more than a professional with CISSP who will have 5 years of total experience. The salary also depends on the job title/role. An average salary of a Senior Cybersecurity Engineer with CompTIA CASP+ certification is about $152,390 and Chief Information Security Officer is about $164,412.
That was all about the core differences between CASP+ and CISSP. Here is a table format of CASP+ vs CISSP.
|Eligibility Criteria||10 Years of IT experience, 5 Year hands-on experience in security domain||5 Years of full-time paid experience in 2 or more domains a/c to CISSP CBK|
|Focus Area||Risk Management, Enterprise security Operations and Integrations, Research & Development||Security and Risk Management, Communication and Network Security, IAM, Security Operations|
|Exam Pattern||Multiple Choice + Performance-based||Multiple choice + Advanced Innovative Questions|
|Exam Duration||165 Minutes||6 hours|
|Best Suited For||Security Architect, Application Security Engineer, Chief Security Officer||Chief Information Security Officer, Security Manager, IT Director|
Which Certification Fits Your Needs?
It is very clear that if you want to get your hands dirty by creating and implementing the enterprise security solution on your own, then you need to go for CASP+ certification. This certification will give you enough hands-on exposure you need and it will make you a practitioner. But if you want to get to a management level position who is responsible for understanding the solution architecture and taking the business decisions related to the security of an enterprise, then CISSP is the certification for you.
That was all that you needed to know about CASP+ and CISSP certifications and their differences. It is needless to say that both the certifications are hot in the market and have an increasing trend year on year. Whichever certification you choose, it will help you make your career successful in the security domain. The demand for security experts is high and this is the right time to get yourself certified in any of these two security certifications.