CASP vs. CISSP – My Experience

I decided to take the CASP exam for only one reason…

There is only one reason that I initially took the CASP exam instead of the CISSP. I did not make the decision logically.  I did not know the real differences between the tests.

I took the CASP test first because I thought it would be easier to pass. 

Plain and Simple – I thought that I would have a better chance to pass the CASP than the CISSP.  I heard that the CISSP was one of the most challenging and dreaded tests.  I heard story after story about people failing the CISSP.  I heard about one persistent person who was scheduled to take the CISSP for the 5th time.  Then I heard he failed it again.

So, I was scared to take the CISSP exam.  I did not think that I had what it takes to pass the test.

I did not hear the same things about the CASP.  I did not know a single person who had the CASP certification.  I also did not know anyone who took the test.  I did not hear any test horror stories.  I was uninformed, but I made the choice that was logical to me.  I would study for the CASP and try to pass it.

The CASP exam in a nutshell:

I believe that the CASP exam can be described as the test that should follow after you successfully pass the Security+ exam.

But the truth is that the CASP is probably 50x harder than the Security+ exam. 

The best way to pass the CASP exam is to pass the entry-level Security+ test and then work in the industry for around five years and learn everything you can along the way.

The reason that I say this is because the CASP exam requires you to have in-depth knowledge in the cybersecurity domains.

The CASP exam is for the technical folks who are in the weeds and know how to do the work.  The simulations on the CASP are quite difficult.  You never know what you will get, but I had questions about building networks, using Linux commands to complete tasks, matching terms, etc.

The simulation questions are all given at the beginning of the test.

They say that if you can get through the simulations successfully, then you will likely pass the entire CASP exam.  The thought is that the CASP exam weights the simulations more heavily than the multiple-choice section of the test.  Given this, I spent a long time working through the simulations.

I had about seven different simulations, and it took me an average of about 5-10 minutes to complete each of these.  You have 165 minutes allocated to complete the test.  I felt pretty confident that I could zip through the multiple-choice questions, so I was not concerned about moving slowly on the simulations.

Unlike the CISSP, you can go back and review your answers on the CASP exam.

This ability to review your answers and change them made the CASP exam a bit easier for me.  I found that subsequent questions would jog my memory and allow me to go back and correct answers.

Also, at the end of the exam, you can flip through all of the questions and answers and double-check that you did not make any blatant mistakes.

But just like the CISSP, the CASP exam is a monstrous test. 

If I had to compare the tests, I would say that the CISSP exam is more complicated.  The CISSP exam covers more depth — the questions on the CISSP exam range from obscure technical issues to IT management and leadership questions.

However, I don’t want to minimize the difficulty of the CASP exam.  The CASP exam is challenging and is undoubtedly it is a great and respected achievement to earn this certification.

My Recommendation

I recommend both certification exams.  The CASP will show your expertise at the technical level.  CASP proves that you can do the work.

The CISSP proves that you have both technical expertise and also prove that you have mastery of management and leadership concepts related to cybersecurity.