Is the CompTIA CASP+ Worth It? Benefits, Comparison, Cost

In this article, we cover the CompTIA CASP+ certification. If you’re looking for information on the CompTIA PenTest+ or CompTIA CySA+, we have articles for those as well.

The CompTIA CASP+ certification is CompTIA’s highest-level, and probably least known, cybersecurity-related certification.  Since it follows in sequence two very popular certification exams, the PenTest+ and CySA+, a lot of people want to know more about the CASP+ and if it’s worth the time and effort to earn.  In this article, I’ll address that question.

Is the CompTIA CASP+ worth it?  The CompTIA CASP+ is an advanced-level cybersecurity certification intended for experienced security architects and engineers.  While the certification is well-established and backed by CompTIA, many cyber professionals will find more value in other advanced-level certifications, such as the CISSP or CISM.

With that said, let’s take a closer look at the CASP+ and what you need to know about it if you’re going to consider adding this certification to your list of credentials.

What is the CompTIA CASP+?

The CompTIA CASP+ is CompTIA’s highest level cybersecurity-based certification, designed to be an advanced level certification that a cyber professional would take after completing the Security+, PenTest+, or CySA+.  More importantly, the CASP+ is CompTIA’s answer to the very popular and well-known CISSP certification, which is offered by the ISC2 organization.

On CompTIA’s certification page, they compare the CASP+ to not only the CISSP, but also the CISM and GCED certifications.  CompTIA has positioned the CASP+ as a cheaper alternative to these other exams, while also touting that the CASP+ includes performance-based questions, while the others do not.

Who Should Consider the CASP+?

The CASP+ is certainly not for everybody, and if you’re at an intermediate to advanced level in the cybersecurity field with several years of experience, there are other certifications that you may want to consider instead of the CompTIA CASP+, such as the CISSP.  CompTIA has recommended that any test takers for the CASP+ have at least ten years of administration experience in IT, which seems excessive, especially when considering that they only recommend three to four years of experience to sit for the CySA+ certification exam.  CompTIA also recommends that a test taker have at least five of those years of experience related directly to hands-on security work.

The CASP+ appears to be best aligned for cybersecurity professionals that are in a management role overseeing a cybersecurity or technology department, division, or major project, but that want to remain sharp with their technical skillset.  In fact, CompTIA has gone to great lengths to highlight this, purposefully making the distinction between the “practitioners” that the exam is designed for and the “managers” who it is not.

CompTIA has also specifically identified roles such as security architect, technical lead analyst, application security engineer, and security engineer as job titles that they believe align to the intent of the CASP+ exam, so from this we can see that their focusing on security-related jobs that we can assume are at an intermediate level or higher.

Should You Consider The CASP+?

The CASP+ probably makes the most sense for mid to senior-level experienced cybersecurity professionals that have a lower-level certification or certifications from CompTIA and need to renew those certs.  Instead of completing and documenting continuing education credits or retaking a certification you already have, preparing for and passing the CASP+ would be a direct way to renew the existing CompTIA certifications you already have while adding another credential to your resume.

The CASP+ also makes some sense for experienced cybersecurity professionals that want to stay in a technical role but want to add new credentials to their resumes on a regular basis.  At some point, the number of certifications that makes sense to obtain for any specific cybersecurity professional starts to dwindle, and the CASP+ does stand out as a certification that won’t break the bank, only requires one exam to complete, and could be obtained without feeling like you’re preparing for a doctoral dissertation.

Another possible scenario that may make the CASP+ make sense for someone is if their employer has arranged specifically for training on this certification.  Some employers will arrange for certification training for the entire office, and if your employer chooses to do that, it may make sense for you to take a little extra time to prepare for the exam and sit for it.  Having an employer that is willing to invest money into training for you, and allow you to do that one company time, would make a great case for earning the certification, even if it wasn’t on your radar before.

What experience is required to sit for the CASP+?

One thing I love about CompTIA exams is that they don’t get into requiring test takers to document some amount of experience in order to sit for their exams.  With CompTIA, if you feel like you know the material and are willing to part with the money, you can sit for just about any CompTIA exam at any time. The CASP+ is the same way.  There are no specific mandatory requirements to sit for the exam, but CompTIA recommends that any test takers have a minimum of ten years of IT administration experience, with at least five years of technical security experience.

Just like with any other CompTIA exam, most test takers should be able to get by with having less experience than what they’ve stated here, but certainly with the CASP+, you’ll want to have at least five or so years of real hands-on experience that preferably was progressive in nature and allowed you to work within a wide variety of security scenarios.

I wouldn’t recommend anyone sit for the CASP+ certification directly after completing the CySA+ or PenTest+, unless you’re a seasoned pro in the field and feel really comfortable with the topics listed on the exam objectives.

What is the cost of the CASP+?

Currently, CompTIA charges $439 in the United States to take the exam, which isn’t a terrible amount compared to some other certification exams, such as the Certified Ethical Hacker, however it is about $90 more than the suggested prerequisite CySA+ and PenTest+ exams.

Keep in mind that CompTIA often offers bundles that may include training options and an exam retake, so be sure to shop around.  Currently enrolled college students may also find discounts if their college or university is a CompTIA authorized partner and they have and can use a .edu email account to sign up for the exam.

What is the DoD compliance of the CASP+?

CompTIA has been pretty good about getting their cybersecurity-related certifications recognized by the U.S. Department of Defense, and they have done the same for the CASP+.  CompTIA states that the CASP+ is approved by the DoD to meet directive 8140/8570.01-M, and is also compliant with ISO 17024 standards. Overall, it seems that CompTIA has really been working hard to make their certifications stronger, widely recognized, and respected in the industry.  From my perspective, it seems to me that they are being very careful to not fall into the trap of allowing their certifications to become paper mills.

Regarding the DoD designation, what this means for test takers is that the exam is recognized for some DoD jobs as well as jobs with DoD-approved sub-contractors, and because of this, depending on your situation, you may be able to get employer support to train for and sit for this certification exam.  Consider your options related to these types of jobs if you’re thinking of pursuing the CASP+ certification.

How long will it take to prepare for the CASP+?

How much time you’ll need to put into preparing for the CASP+ really depends on your individual background, how often you work hands-on with security tech, and whether you’ve completed CASP+ training or not, and if you have, how recently that training was.

Assuming that you do have the required experience, most test takers will probably need about 90 to 120 days of serious study to be sufficiently prepared for the CASP+ exam.  This estimate takes into consideration the fact that most cybersecurity professionals with some experience spend on average approximately 60 – 90 days preparing for a lesser exam, such as the CompTIA Security+, so given the advanced nature of this exam, another month or two of serious focus would probably be in order.  Using additional tools, such as taking a course on the CASP+ or having a lab to work through exercises, will have an effect on that timeline as well.

How difficult is the CASP+?

The CASP+ is certainly more difficult than other CompTIA certification exams, but test takers tend to report that the CASP+ exam seems easier than the CISSP certification.  Exams such as the CISSP are notorious for requiring substantial study, coursework, study group effort and so forth to have a good shot at passing, but CASP+ test takers may not have to go to these lengths to be adequately prepared for the certification exam, although many of these study options would be a good idea for most test taking candidates.

What certifications are comparable to the CASP+?

As mentioned above, CompTIA has identified ISC2’s Certified Information Systems Security Professional certification, or CISSP, as a comparable exam.  CompTIA also identifies the GIAC Certified Enterprise Defender (GCED) and the ISACA Certified Information Security Manager (CISM) as comparable certifications.  For many professionals, one or more of these other certifications may be a better option than the CASP+, given everyone’s limited amount of time and money to invest in certifications.

How well known is the CASP+?

The CASP+ has been around for quite a while, but it doesn’t seem to have anywhere near the popularity of CompTIA’s lower-level certifications.  Also, the competing certification exams that CompTIA has listed as comparable to the CASP+ tend to be better known and well respected among seasoned professionals in the cybersecurity field.  In our research, it was much easier to find job postings requesting other certifications such as the CISSP or CISM than to find postings asking for the CASP+, based on a recent search analysis we completed.

What should you expect on the CASP+ exam?

CompTIA lists a maximum of 90 questions for the CASP+ exam, with a maximum of two hours and 45 minutes to complete the questions you’ve been provided.  Most test takers will see some number of questions less than that, perhaps in the 75 – 85 question range. Regardless, test takers will have the full two hours and 45 minutes to complete the exam, which should be more than enough time for most.

If you’ve taken any CompTIA exam before, expect the questions on the CASP+ to be of a similar style, however, they will feel different.  In particular, expect the questions on the CASP+ to make assumptions of your previous security knowledge (which you should already have.)  Also expect that the questions will ask for you to make judgement calls, instead of strictly identifying a definition. And as is CompTIA fashion, expect several performance-based questions that will require you to complete some multi-step tasks.

How long is the CASP+ good for?

Like most CompTIA certifications now, the CASP+ is valid for three years from the date of completion.  CompTIA is also updating the CASP+ on a rotating basis every few years.

In order to renew your CASP+, you’ll need to complete and submit at least 75 continuing education units (CEUs) during the three years prior to your exam’s expiration.

Conclusion

The CompTIA CASP+ is a certification that has been around for quite a few years, but has been overshadowed by advanced-level certifications offered by other competing organizations.  Earning any cybersecurity certification at this advanced level takes a great deal of time and preparation, so potential test takers should weigh the benefits of this certification against other advanced-level cybersecurity certifications on the market.  One strategy for those considering the CASP+ is to do a job search for potential positions in their area and cybersecurity specialty, and identify which certifications are most requested by employers. This will provide a good measure of which advanced-level certifications will be most beneficial to each person’s individual career. 

Matt Day

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity and technology training fields. He has a degree in Computer Information Science and holds CompTIA A+, Network+, Security+, CySA+, and Cisco CCNA certifications. Matt is the author of the book CCENT Troubleshooting Guide.