In this article, we cover the CompTIA CASP+ certification. If you’re looking for information on similar certifications from CompTIA, such as the CompTIA PenTest+ or CompTIA CySA+, we have articles for those as well. You can see our recommended resources for the CASP+ here.
The CompTIA CASP+ certification is CompTIA’s highest-level, and probably least known, cybersecurity-related certification. Since it follows in sequence two very popular certification exams, the PenTest+ and CySA+, a lot of people want to know more about the CASP+ and if it’s worth tXhe time and effort to earn. In this article, I’ll address that question.
Is the CompTIA CASP+ worth it? The CompTIA CASP+ is an advanced-level cybersecurity certification intended for experienced security architects and engineers. While the certification is well-established and backed by CompTIA, many cyber professionals will find more value in other advanced-level certifications, such as the CISSP or CISM.
With that said, let’s take a closer look at the CASP+ and what you need to know about it if you’re going to consider adding this certification to your list of credentials.
Table of Contents
- What is the CompTIA CASP+?
- CompTIA CASP+ Exam Details
- Key skill areas of the CompTIA CASP+
- Who Should Consider the CASP+?
- Should You Consider The CASP+?
- What experience is required to sit for the CASP+?
- What is the cost of the CASP+?
- What is the DoD compliance of the CASP+?
- How long will it take to prepare for the CASP+?
- Is the CompTIA CASP+ hard?
- What certifications are comparable to the CASP+?
- How well known is the CASP+?
- What should you expect on the CASP+ exam?
- How long is the CASP+ good for?
- Which positions would benefit from the CASP+?
- Our Recommendations
- Conclusion/Key Points
What is the CompTIA CASP+?
The CompTIA CASP+ is CompTIA’s highest level cybersecurity-based certification, designed to be an advanced level certification that a cyber professional would take after completing the Security+, PenTest+, or CySA+. More importantly, the CASP+ is CompTIA’s answer to the very popular and well-known CISSP certification, which is offered by the ISC2 organization.
On CompTIA’s certification page, they compare the CASP+ to not only the CISSP, but also the CISM and GCED certifications. CompTIA has positioned the CASP+ as a cheaper alternative to these other exams, while also touting that the CASP+ includes performance-based questions, while the others do not.
CompTIA CASP+ Exam Details
| Number of Questions | Up to 90 |
| Question Type | Multiple Choice and PDQ |
| Test Length | 165 Minutes |
| Scoring | Pass/Fail |
| Recommended Experience | 10 Years in Administration, including 5 in Security |
| Required Prerequisite | None |
| Suggested Prerequisite | CompTIA Security+, PenTest+ and/or CySA+ |
Key skill areas of the CompTIA CASP+
| Risk Management |
| Technical Integration of Enterprise Security |
| Enterprise Security Architecture |
| Research, Development, and Collaboration |
| Enterprise Security Operations |
Who Should Consider the CASP+?
The CASP+ is certainly not for everybody, and if you’re at an intermediate to advanced level in the cybersecurity field with several years of experience, there are other certifications that you may want to consider instead of the CompTIA CASP+, such as the CISSP. CompTIA has recommended that any test takers for the CASP+ have at least ten years of administration experience in IT, which seems excessive, especially when considering that they only recommend three to four years of experience to sit for the CySA+ certification exam. CompTIA also recommends that a test taker have at least five of those years of experience related directly to hands-on security work.
The CASP+ appears to be best aligned for cybersecurity professionals that are in a management role overseeing a cybersecurity or technology department, division, or major project, but that want to remain sharp with their technical skillset. In fact, CompTIA has gone to great lengths to highlight this, purposefully making the distinction between the “practitioners” that the exam is designed for and the “managers” who it is not.
CompTIA has also specifically identified roles such as security architect, technical lead analyst, application security engineer, and security engineer as job titles that they believe align to the intent of the CASP+ exam, so from this we can see that their focusing on security-related jobs that we can assume are at an intermediate level or higher.
Should You Consider The CASP+?
The CASP+ probably makes the most sense for mid to senior-level experienced cybersecurity professionals that have a lower-level certification or certifications from CompTIA and need to renew those certs. Instead of completing and documenting continuing education credits or retaking a certification you already have, preparing for and passing the CASP+ would be a direct way to renew the existing CompTIA certifications you already have while adding another credential to your resume.
The CASP+ also makes some sense for experienced cybersecurity professionals that want to stay in a technical role but want to add new credentials to their resumes on a regular basis. At some point, the number of certifications that makes sense to obtain for any specific cybersecurity professional starts to dwindle, and the CASP+ does stand out as a certification that won’t break the bank, only requires one exam to complete, and could be obtained without feeling like you’re preparing for a doctoral dissertation.
Another possible scenario that may make the CASP+ make sense for someone is if their employer has arranged specifically for training on this certification. Some employers will arrange for certification training for the entire office, and if your employer chooses to do that, it may make sense for you to take a little extra time to prepare for the exam and sit for it. Having an employer that is willing to invest money into training for you, and allow you to do that one company time, would make a great case for earning the certification, even if it wasn’t on your radar before.
What experience is required to sit for the CASP+?
One thing I love about CompTIA exams is that they don’t get into requiring test takers to document some amount of experience in order to sit for their exams. With CompTIA, if you feel like you know the material and are willing to part with the money, you can sit for just about any CompTIA exam at any time. The CASP+ is the same way. There are no specific mandatory requirements to sit for the exam, but CompTIA recommends that any test takers have a minimum of ten years of IT administration experience, with at least five years of technical security experience.
Just like with any other CompTIA exam, most test takers should be able to get by with having less experience than what they’ve stated here, but certainly with the CASP+, you’ll want to have at least five or so years of real hands-on experience that preferably was progressive in nature and allowed you to work within a wide variety of security scenarios.
I wouldn’t recommend anyone sit for the CASP+ certification directly after completing the CySA+ or PenTest+, unless you’re a seasoned pro in the field and feel really comfortable with the topics listed on the exam objectives.
You can download this graphic for free here.
What is the cost of the CASP+?
Currently, CompTIA charges $439 in the United States to take the exam, which isn’t a terrible amount compared to some other certification exams, such as the Certified Ethical Hacker, however it is about $90 more than the suggested prerequisite CySA+ and PenTest+ exams.
Keep in mind that CompTIA often offers bundles that may include training options and an exam retake, so be sure to shop around. Currently enrolled college students may also find discounts if their college or university is a CompTIA authorized partner and they have and can use a .edu email account to sign up for the exam.
What is the DoD compliance of the CASP+?
CompTIA has been pretty good about getting their cybersecurity-related certifications recognized by the U.S. Department of Defense, and they have done the same for the CASP+. CompTIA states that the CASP+ is approved by the DoD to meet directive 8140/8570.01-M, and is also compliant with ISO 17024 standards. Overall, it seems that CompTIA has really been working hard to make their certifications stronger, widely recognized, and respected in the industry. From my perspective, it seems to me that they are being very careful to not fall into the trap of allowing their certifications to become paper mills.
Regarding the DoD designation, what this means for test takers is that the exam is recognized for some DoD jobs as well as jobs with DoD-approved sub-contractors, and because of this, depending on your situation, you may be able to get employer support to train for and sit for this certification exam. Consider your options related to these types of jobs if you’re thinking of pursuing the CASP+ certification.
How long will it take to prepare for the CASP+?
How much time you’ll need to put into preparing for the CASP+ really depends on your individual background, how often you work hands-on with security tech, and whether you’ve completed CASP+ training or not, and if you have, how recently that training was.
Assuming that you do have the required experience, most test takers will probably need about 90 to 120 days of serious study to be sufficiently prepared for the CASP+ exam. This estimate takes into consideration the fact that most cybersecurity professionals with some experience spend on average approximately 60 – 90 days preparing for a lesser exam, such as the CompTIA Security+, so given the advanced nature of this exam, another month or two of serious focus would probably be in order. Using additional tools, such as taking a course on the CASP+ or having a lab to work through exercises, will have an effect on that timeline as well.
Is the CompTIA CASP+ hard?
Many potential test-takers want to know how difficult the CASP+ is before the prepare to sit for the certification.
Is the CASP hard? The CASP+ is more difficult and than other CompTIA exams, such as the Security+ and CySA+, and it will require substantially more experience and study, however, is it generally considered easier than comparable exams from other vendors, such as the CISSP.
Exams such as the CISSP are notorious for requiring substantial study, coursework, study group effort and so forth to have a good shot at passing, but CASP+ test takers may not have to go to these lengths to be adequately prepared for the certification exam, although many of these study options would be a good idea for most test taking candidates.
What certifications are comparable to the CASP+?
As mentioned above, CompTIA has identified ISC2’s Certified Information Systems Security Professional certification, or CISSP, as a comparable exam. CompTIA also identifies the GIAC Certified Enterprise Defender (GCED) and the ISACA Certified Information Security Manager (CISM) as comparable certifications. For many professionals, one or more of these other certifications may be a better option than the CASP+, given everyone’s limited amount of time and money to invest in certifications.
How well known is the CASP+?
The CASP+ has been around for quite a while, but it doesn’t seem to have anywhere near the popularity of CompTIA’s lower-level certifications. Also, the competing certification exams that CompTIA has listed as comparable to the CASP+ tend to be better known and well respected among seasoned professionals in the cybersecurity field. In our research, it was much easier to find job postings requesting other certifications such as the CISSP or CISM than to find postings asking for the CASP+, based on a recent search analysis we completed.
What should you expect on the CASP+ exam?
CompTIA lists a maximum of 90 questions for the CASP+ exam, with a maximum of two hours and 45 minutes to complete the questions you’ve been provided. Most test takers will see some number of questions less than that, perhaps in the 75 – 85 question range. Regardless, test takers will have the full two hours and 45 minutes to complete the exam, which should be more than enough time for most.
If you’ve taken any CompTIA exam before, expect the questions on the CASP+ to be of a similar style, however, they will feel different. In particular, expect the questions on the CASP+ to make assumptions of your previous security knowledge (which you should already have.) Also expect that the questions will ask for you to make judgement calls, instead of strictly identifying a definition. And as is CompTIA fashion, expect several performance-based questions that will require you to complete some multi-step tasks.
How long is the CASP+ good for?
Like most CompTIA certifications now, the CASP+ is valid for three years from the date of completion. CompTIA is also updating the CASP+ on a rotating basis every few years.
In order to renew your CASP+, you’ll need to complete and submit at least 75 continuing education units (CEUs) during the three years prior to your exam’s expiration.
Which positions would benefit from the CASP+?
There are several cybersecurity-related positions that would benefit from earning the CompTIA CASP+ or similar certification. All of these positions are managerial or senior-level, due to the difficulty and content of the CASP+ exam. If you are currently or are aspiring to be any of the career positions listed here, the CASP+ might be a good certification for you:
- Chief Information Security Officer (CISO) – CISOs are executive-level positions that are responsible for all security aspects of an organization.
- Chief Information Officer (CIO) – CIOs are executive-level positions that are responsible for all information technology aspects of an organization, which may or may not include security, depending on whether there is also a CISO within the organization.
- Senior Cybersecurity Analyst – SCAs perform high-level defensive cybersecurity work for their organizations to ensure systems and assets are protected.
- Cybersecurity Engineer – CEs are professionals that are responsible for the security aspects of critical systems of an organization.
- Cybersecurity Manager – A manager responsible for a team of cybersecurity professionals, such as cybersecurity analysts or engineers.
- Senior IT Manager – A manager responsible for a team of IT managers, which may or may not include security personnel.
- Cybersecurity Consultant – A cybersecurity professional that provides contracted consulting or professional services to organizations.
Our Recommendations
| Use the CASP+ as a way to renew your other certifications from CompTIA, such as the CySA+, PenTest+, and Security+ |
| If you plan on sitting for the CASP+, you will be benefitted by taking it within a few months of taking the CySA+ because of the security content overlap, as long as your skills are strong |
| Consider going for the CASP+ if you don’t have the time or finances to pursue more involved certifications, such as the CISSP |
| Look into your employer’s willingness to fund training, the exam voucher, and/or a raise for completion of the CASP+ |
Conclusion/Key Points
- The CompTIA CASP+ is a certification that has been around for quite a few years but has often been overshadowed by advanced-level certifications offered by other competing organizations.
- Potential test-takers should weigh the benefits of this certification against other advanced-level cybersecurity certifications on the market.
- Potential test-takers should do a job search for potential positions in their area and cybersecurity specialty, and identify which certifications are most requested by employers, including the CASP+
- Entry to mid-level cybersecurity professionals should expect that the certification exam will be substantially more difficult than other exams they have taken, such as the CompTIA Security+ and CySA+.
- Professionals that are in top-level positions, or are aspiring to be, should consider the CASP+ as a career development option.
