Comptia CASP (Advanced Security Practitioner)

I have always had a huge interest in Computer security, and I always believe that the best way to defend yourself from computer attacks is to be up-to-speed.
Computer attacks are becoming more and more sophisticated, and therefore you need to know all the aspects of your infrastructure in order be prepared.
If you are like me and like to pursue certifications and have an interest in security. I would suggest the following!

1: (If you want to move towards Microsoft, start with MTA security fundamentals –> then continue on with either client, server, sql etc.)
2: (If you want to move towards Network, Citrix has an excellent security track. You have to start with CCNA then continue on with CCNA Security.
3: (If you want a little of both and a bit more of the administrative part, pursue Comptia Security+

When you have all of these, you can for instance start with EC-council exams, (CEH Certified Ethical Hacker contains a lot about how hackers think and how their gather information, great stuff!)

My next certification I’ve planned on taking is the Comptia CASP ( And I intend spending my holiday reading for it)

A little bit about the certification:
The CASP certification is an international, vendor-neutral exam that proves competency in enterprise security; risk management; research and analysis; and integration of computing, communications, and business disciplines.
The exam covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.

Number of questions
80 (maximum)

Length of Test
150 minutes

Passing Score
Pass/Fail only. No scaled score.

Recommended experience
10 years experience in IT administration, including at least 5 years of hands-on technical security experience

You can download the exam objectives here –>
But I can give you the headlines.

Enterprise Security (This consists of the technical part of the exam)

Risk Mgmt, Policy/Procedure and Legal (risk implications associated with business decisions, etc)

Research & Analysis (Analyze industry trends and outline potential impact to the enterprise)

Integration of Computing, Communications,
and Business Disciplines (The Administrative part)

If you wish to study for this exam, I suggest buying a book from Amazon –>
But remember that Comptia recommends that you have 10 years experience in IT administration and and at least 5 years of technical security experience, like wise does the book. Not all terms in the book are explained as well as they should, so if there is something you are unsure about Google it or look it up in wikipedia.
And of course this is not as much a technical exam, it is split 50/50 into Technical and administrative (Much like the CISSP).

Leave a Reply

Scroll to Top