The cybersecurity world is almost perpetually in turmoil these days. Many in IT have dubbed 2014 the Year of Security Breaches, but it's probably still too soon to say whether the high incidence of attacks on highly visible targets was an anomaly — an outrageous convergence on unlikely events entirely deserving, in hindsight, of a dismissive label — or simply the new normal.
At any rate, one thing that should be crystal clear by now is that criminals are continually evolving their methods of attack, whether by cleverly circumventing air-gap protections or locking up personal and enterprise data with ransom demands. And if the bogeymen of the cyberrealm are building better mice, then it stands to reason that cyberdefenders need to be continually learning how to build better mousetraps.
For those and other reasons, CompTIA earlier this week released an overhauled version of its top-level security certification, the CompTIA Advanced Security Practitioner, or CASP. (What happens to a CASP when he goes to the ER? He becomes a friendly ghost. Eh? Eh? No? Not working?) The overhauled CASP certification exam, CS-002, is the end product of the first major revision to CASP since the credential was introduced in Sept. 2011.
The top CompTIA security certification is intended for advanced cybersecurity professionals, IT pros who have a broad working knowledge of security threats and a background that includes 10 years of IT administration experience and five years of hands-on experience in roles such as security analyst, security architect, risk manager, or risk analyst. While plainly created in part as an alternative to the widely popular Certified Information Systems Security Professional (CISSP) credential curated by (ISC)², CASP is still building its own reputation.
James Stanger, a senior director of product development for CompTIA, said in a statement to media that CASP drives security professionals to acquire and refine the "technical knowledge and creativity" to counter continually evolving cybersecurity threats.
“CASP is more hands-on, technical and task oriented than other comparable advanced security certifications,” Stanger said. “While they explain the ‘why’, CASP covers the ‘how.’ Our exam includes performance-based questions, requiring the test taker to demonstrate their ability to complete tasks in simulations of real-world security situations.”
CompTIA reports that there are already a variety of training materials already available to help certification candidates study and prepare for the new CASP certification exam. Skillsoft is offering e-learning courseware, while Wiley/Sybex has issued a self-study guide. Practice tests are available from Kaplan/Transcender, and Logical Operations is offering instructor-led seminars. CompTIA's own popular CertMaster training tool is not yet equipped with CASP study materials.