The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

CASP vs. CISSP: The Real Fight Is For Candidates' Attention

Not surprisingly, CompTIA security guru Patrick Lane compared his organization's CASP and (ISC)²'s CISSP and found in favor of CASP. Ed Tittel says job posting and salary numbers tell a somewhat different story.

Should you choose CASP or CISSP when seeking expert-level security certification?Thanks to an interesting blurb in this week’s Certification Watch (Vol 21, No. 42) I learned about an interesting IT Career News blog piece from CompTIA. You'll find it under the headline “CASP vs. CISSP: 4 Advantages of CompTIA’s Advanced Cybersecurity Certification.”

 

In this piece, the author, Patrick Lane, attempts to make a case for picking the CASP over the CISSP. FYI, Lane is the CompTIA Director of Products, who oversees related CompTIA security certs CySA+, PenTest+, and — you guessed it — CASP. So clearly, Lane has some skin in the game. So do I, however, so it’s time for me to make some disclosures, too.

 

Ed Adds Some Additional Transparency

 

I’m actually positioned in this particular face-off with a foot on each side of the contest. Let me explain. First, I designed and worked on the first five editions of the Sybex CISSP Study Guide. It’s now out in a sixth edition, in which I am no longer personally involved. But I’ve been following this cert in great detail, with rapt attention since the late 1990s.

 

On the other side of this face-off, I’ve been writing blog posts and the occasional longer pieces for CompTIA for the past three years or so. Last week, in fact, I just submitted four posts to them in the general areas of cloud computing and career development. Hopefully, you’ll buy my assertion that I am not biased toward one cert or the other here, though I do have reason to think of both of them positively and their sponsors likewise.

 

Lane’s 4 Arguments to Choose CASP, Summarized and Abridged

 

If you want the full details of his arguments, read his post. Here’s the Reader’s Digest condensed version, in bullet points:

 

The CASP exam is performance-based and CISSP is not. Lane correctly observes this means that the CASP exam can test for hands-on skills and operational knowledge, while the CISSP exam can (and does) not.

 

CASP endows cybersecurity managers with technical mastery, says Lane, and explains it applies to”a specific government standard” and “rolling out complex cybersecurity technologies and infrastructure requirements.” He goes on to say that CASP holders “understand the standard and how to comply with it. They also have the advanced skills needed to lead, design, and implement the technical solution.” By implication (though not by assertion) CISSP does not.

 

CASP fills a need for professionals with vetted, advanced, hands-on cybersecurity skills, especially for those who “want to remain at the keyboard and work directly with cybersecurity technologies and tools.” The assertion is that CASP fits this bill, the implication that CISSP aims more at security management types (a true characterization, IMO).

 

CASP costs less to achieve than CISSP: $439 for the CASP vs. $699 for the CISSP.

 

The Texas Truth-o-Meter Strikes Again!

 

Where I live our local NPR affiliate (KUT Austin) brings on political commentator Ben Philpott and his colleagues regularly to assess the veracity of politician’s claims and assertions. Ratings vary from “Pants on Fire” (obvious, blatant lie) to “Completely True” (no falsehoods here). On that scale, Mr. Lane's piece hits the high end of the spectrum, with a rating of “Completely True” for everything it says.

 

One may sin by omission, however, as well as sinning by commission, as any good person knows. Part of what Lane leaves out of the article is addressed in the table of numbers below. I’ll get to some others after I present that next.

 

Comparing CISSP and CASP by job board results.

 

The table holds a snapshot from four job posting sites — SimplyHired, Indeed, LinkedIn and Linup — taken Thursday morning (Oct. 18). I don’t insist on perfect accuracy for these numbers, but I will point out that the ratio of mentions between CISSP and CASP in today’s job postings is roughly 9:1 (actual value: 9.03).

 

That simple comparison tells me that CISSP is a great deal better-known and more popular with employers than is CASP, at this point in time.