CompTIA’s New CASP Exam Is Here: Keep Your Hands on the Keyboard

by Patrick Lane | Apr 02, 2018

A person types on a keyboard in a dark roomDid you start your cybersecurity career at the keyboard, working late into the night on the front lines, feeling the excitement of solving tech hurdles or responding to cyberattacks?

Did you move into cybersecurity management as your career progressed? Did you try to become a chief information security officer (CISO)?

And the most important question: Did you regret your decision to pursue cybersecurity management?

Not everyone wants to manage cybersecurity policies. Many cybersecurity professionals want to work directly with cybersecurity technology and geek out on the keyboard forever. For those brave practitioners, the updated CompTIA Advanced Security Practitioner (CASP) certification (CAS-003) is here.

Where It All Began

The U.S. Navy requested an industry IT certification for advanced cybersecurity technicians, or practitioners, who remain hands-on, deep in tech, for their entire military career.

In 2012, CompTIA fulfilled the request, and CASP was approved and listed in the U.S. Department of Defense (DoD) Directive 8570.01 Manual, which requires IT professionals working with sensitive information to earn IT certifications.

CASP is approved in four DoD job categories:

  • IA Technical Level III
  • IA Manager Level II
  • IA Architect & Engineer Level I
  • IA Architect & Engineer Level II
The skills validated by CASP are also used in the following job roles:
  • Security Architect
  • Technical Lead Analyst
  • Application Security Engineer
  • Security Engineer

What Is a Performance Certification?

CompTIA performance certifications validate the skills associated with a particular job or responsibility. To earn the certification, candidates must demonstrate their ability to perform related tasks through simulations and performance-based questions, proving they not only know what a job entails, but how to do it.

Why Is CASP Different?

CASP is the only hands-on, performance certification for practitioners – not managers – at the advanced skill level of cybersecurity.

While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP-certified professionals figure out how to implement solutions within those policies and frameworks.

What Topics Are Covered by CASP?

CASP validates advanced-level competency in risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security.

Successful candidates will have the knowledge required to:

  • Conceptualize, engineer, integrate and implement secure solutions across complex enterprise environments to build resilient networks.
  • Apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies.
  • Translate business needs into security requirements.
  • Analyze risk impact.
  • Supervise and respond as a team lead to security incidents.

What’s New in This Version?

Sign up to receive a discount on CertMaster or an exam voucher

CompTIA updated CASP in 2018 to continue addressing current risks and incident response scenarios inherent with cyber-warfare, modern hacking techniques and cloud migration.

Some of the changes from CAS-002 to CAS-003 include:

  • Expansion of enterprise security coverage to include operations and architecture concepts, techniques and requirements.
  • More emphasis on analyzing risk through interpreting trend data and anticipating cyber-defense needs to meet business goals.
  • Expanding security control topics to include mobile and small form factor devices, as well as software vulnerability.
  • Broader coverage of integrating cloud and virtualization technologies into a secure enterprise architecture.
  • Inclusion of implementing cryptographic techniques, such as blockchain, cryptocurrency and mobile device encryption.

Where Is CASP on the CompTIA Cybersecurity Career Pathway?

CASP is the endpoint of the CompTIA Cybersecurity Career Pathway. The exam objectives list the knowledge, skills and abilities of an advanced cybersecurity professional after 5 to 10 years on the job.

The CompTIA Cybersecurity Pathway

Are you an advanced cybersecurity professional? Learn more about the new CASP certification and register for your exam today.

CompTIA Director of Products Patrick Lane, M.Ed., manages IT workforce skills certifications, including CompTIA Cybersecurity Analyst (CySA+), CompTIA Advanced Security Professional (CASP) and the upcoming CompTIA PenTest+.

He assisted the U.S. National Cybersecurity Alliance (NCSA) and the National Security Agency (NSA) in creating the “Lock Down Your Login” campaign to promote multifactor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users.

Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, most recently assisting the Defense Information Security Agency (DISA) with scalable SIEM techniques from the private sector, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security (Syngress/Elsevier). He holds a number of IT certifications, including CompTIA Network+, CompTIA Security+, (ISC)2 CISSP, Microsoft Certified Solutions Expert (MCSE) and CIW Internetworking Professional and Server Administrator.

CompTIA Products Marketing Manager Jen Blackwell also contributed to this article. She oversees the certifications along the CompTIA Cybersecurity Career Pathway.

10 Comments

  • Zachery Harrell

    Sunday, April 22, 2018

    What is the average cost for the cyber route ie. Sec+, CySA+, and CASP.

  • Monday, April 23, 2018

    Hi, Zachery! The list prices for Security+, CySA+ and CASP are $330, $346 and $439, respectively. You'll also want to invest in training, whether a book, class, online tool like CertMaster or a combination of these. Remember that these certifications are typically earned over a number of years, not months. So, you can get Security+ early in your career, and then a few years into your cybersecurity career, get CySA+. Some employers will pay for their employees to get certified, and there are also a number of programs out there to financially help certain groups, like veterans. Good luck!

  • Gayle D . Kirchenbauer

    Friday, April 27, 2018

    I had CASP training in Oct and took the test shortly thereafter. However the exam I took seemed nothing like the training I received. I'm scheduled to take the exam next week. Because my training focused on the previous exams, are those exams still applicable or is the new exam being used now?

  • Natasha johnson

    Friday, April 27, 2018

    Can I please have some study material, a book, some slides, a few sample performance questions...I’m excited and ready for the new exam.

  • Tuesday, May 1, 2018

    Hi, Gayle! Thanks for your question. I'm sorry to hear that the training you took did not prepare you for the exam. A lot of people provide training for CompTIA certifications, so your best bet is to make sure to use an authorized training provider. That said, if you purchased a voucher for the old version of CASP, you will still take the exam for the old version, not the new version. When we release a new version of an exam, there is about six months of overlap when both versions are available. Good luck!

  • Tuesday, May 1, 2018

    Hi, Natasha! Thanks for your question. As you may know, when we release a new exam, it takes time for the training products to follow. If you go to the CASP product page, you can search for study materials and classes as well as download the exam objectives and practice questions. Good luck! https://certification.comptia.org/certifications/comptia-advanced-security-practitioner

  • Christopher

    Thursday, August 30, 2018

    Would this be considered the Comptia CCISP?

  • Friday, August 31, 2018

    Hi, Christopher! Yes, CASP and CISSP are both advanced-level cybersecurity certifications. CISSP focuses more on management whereas CASP covers practical skills. CASP also includes performance-based questions, which assess the candidate's hands-on cybersecurity skills. CISSP does not. You can learn more here: https://certification.comptia.org/certifications/comptia-advanced-security-practitioner

  • Mart

    Friday, September 14, 2018

    If we have a old voucher, what is the latest we can take this test without using the newest version.

  • Friday, September 14, 2018

    Hi, Mart! CASP (CAS-002) will retire on October 2, 2018, so be sure to use your voucher before then. Good luck!

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story