Teaching CASP+ next week

In my Pentest+ and CySA+ classes, I’ve encountered students who come in with completely unrealistic expectations, especially those new to the field or making a career change. Some have little to no understanding of the material or the depth of knowledge required, yet expect to be able to conduct professional-level penetration tests or handle complex cybersecurity incidents right after the course. They often don’t realize that certifications like Pentest+ and CySA+ are just foundational steps, not shortcuts to becoming experts. To help manage these expectations, I use TryHackMe to give them hands-on practice and a sense of the real-world challenges they’ll face, but I also have to continuously remind them that they’re at the beginning of a long learning curve. It’s crucial for them to understand that developing the necessary skills, especially in a field as dynamic and demanding as cybersecurity, requires time, effort, and experience far beyond passing the certification exam.
Agree 100%. I try to find and encourage students to find mentors in the field already to help students gain expertise. That's how I learned about SOC, by shadowing a couple of SOC staffers.
Something that I took away from that experience is developing checklists. I read the boom 'The Checklist Manifesto' and suggested it to one of my mentors. It turns out developing checklists and reading other peoples checklists is a great way to learn in these environments.

Teaching CASP+ next week

Yes, some training companies are just trying to sell seats, telling students they can jump into any course without telling them the right background they need to get the most out of the class. It sets them up for failure when they hit the material and realize they’re way over their heads
When that happens, I tell the students the truth. They were convinced to sign up for a course that they were not prepared to take.

There are no shortcuts. People have to pay their dues, do the work, and build skills from the ground up. You don't start at the end or the middle; you have to start at the beginning.

I also talk to sales and request that they stop setting the students up for failure.

Teaching CASP+ next week

We can verify certifications rather easily. CompTIA, ISACA, ISC2, Microsoft, et. al. keep full information on active certifications.

We can verify work experience. ISACA and ISC2 require documentation and confirmation that a person has a role where their work is covered in the domain objectives for an exam.

I know why we don't. It has to do with time and resources. The only ones currently inconvenienced are the students and the instructor. Enforcing prerequisites would inconvenience other people, such as the ones who work in operations or sales.

I tell all my students the required or recommended prerequisites for every certification. I also tell them that if they don't meet those prerequisites, they will have to work much harder to achieve the certification than those who do. With some students, I have recommended that they delay testing until they cover the recommended prerequisites. I may not have enough time in a course to cover all of Network+ and Security+ when I'm teaching CASP+. Often, the students must address their knowledge gaps on their own.

Teaching CASP+ next week

Too many unscrupulous training companies and salespeople are telling students they can sign up for any class they want
Yes, some training companies are just trying to sell seats, telling students they can jump into any course without telling them the right background they need to get the most out of the class. It sets them up for failure when they hit the material and realize they’re way over their heads

Teaching CASP+ next week

I’ve also noticed that CASP+ attracts students with varying skill levels, as there are no prerequisites for the course. This mix can make teaching both challenging and rewarding, as I’ve had to adjust activities to cater to different abilities. Tailoring exercises based on individual student needs has proven to be effective, ensuring that both novice and more advanced learners remain engaged and get the most out of the course.
In my Pentest+ and CySA+ classes, I’ve encountered students who come in with completely unrealistic expectations, especially those new to the field or making a career change. Some have little to no understanding of the material or the depth of knowledge required, yet expect to be able to conduct professional-level penetration tests or handle complex cybersecurity incidents right after the course. They often don’t realize that certifications like Pentest+ and CySA+ are just foundational steps, not shortcuts to becoming experts. To help manage these expectations, I use TryHackMe to give them hands-on practice and a sense of the real-world challenges they’ll face, but I also have to continuously remind them that they’re at the beginning of a long learning curve. It’s crucial for them to understand that developing the necessary skills, especially in a field as dynamic and demanding as cybersecurity, requires time, effort, and experience far beyond passing the certification exam.

CEU's for other certifications earned

I used ISACA's CISM to get full CEUs for the CASP+. Since then, I passed the CISSP and can use it to get full CEUs for both CISM and CASP+.
That's excellent! One of the universities I work for asked me to take the CISM as they have an academic partnership with ISACA. But for those tests you need to get rid of the practitioner hat and focus on thinking like a manager. I'm still thinking about taking that test.....

Teaching CASP+ next week

I only use TryHackMe for PenTest+.


I've found that to be true for every CompTIA course. I get people with no technical experience taking CySA+ or beyond. CompTIA should start enforcing prerequisites. Failure to do so is doing a disservice to the students. Too many unscrupulous training companies and salespeople are telling students they can sign up for any class they want, which leaves the trainers stuck with students who can't handle the materials.
Yes. My experience mirrors exactly what Greg is saying about tech experience. Same for CISSP. CASP+ is incredibly hard for students who don't have any kind of people or staff management experience. I'd go as far as saying CISSP is almost impossible for those folks.

Student screening and checking prerequisites is an near impossible administrative task. It comes down to if the student doesn't have the prerequisite requirements and institution points that out but said student wants to pay for the course; should the registrar stop them?

When I take on clients seeking either CASP+ or CISSP they are people that don't want to sit for a class with others. Either the course meeting times or schedule doesn't work for them or they just don't want to sit with other learners. I have clients complete a survey that asks about all prerequisites and other certification programs. I often see expired certifications (which are easy to check for CompTIA). When I meet with the client I go over those survey answers. But in the end the client is paying me to get them that certification so I tailor the engagement to the client. My clients are always adults who are years or decades away from their last academic experience. I start off with lots of knowledge transfer (they read and study on their own) and then hammer them hard with test taking (they take tests on their own and we review the results). CASP+ engagements almost always go smoothly because the scope of the topics covered is well aligned to many IT jobs. CISSP is a completely different story because the body of knowledge is so broad that no one I've worked with has worked in all of those domains.

Teaching CASP+ next week

I’ve only taught CASP+ once this year, and while there doesn’t seem to be a huge demand for it at the moment, I found incorporating parts of TryHackMe’s SOC Level 1 and 2 into the coursework as homework very beneficial. It provided students with some hands-on experience after class, and I was able to offer guidance where needed. These labs allowed students to apply theoretical knowledge in a practical way, which is often key to solidifying their understanding.
I only use TryHackMe for PenTest+.

I’ve also noticed that CASP+ attracts students with varying skill levels, as there are no prerequisites for the course. This mix can make teaching both challenging and rewarding, as I’ve had to adjust activities to cater to different abilities. Tailoring exercises based on individual student needs has proven to be effective, ensuring that both novice and more advanced learners remain engaged and get the most out of the course.
I've found that to be true for every CompTIA course. I get people with no technical experience taking CySA+ or beyond. CompTIA should start enforcing prerequisites. Failure to do so is doing a disservice to the students. Too many unscrupulous training companies and salespeople are telling students they can sign up for any class they want, which leaves the trainers stuck with students who can't handle the materials.

N+ VOUCHER :

I believe the vouchers for N+ are being sent out in batches. There are a lot of checks that need to be completed, especially considering past misuse, so it’s important to be patient and allow some time for the process to finish. I’m sure @Stephen Schneiter will update everyone once all the vouchers have been distributed, and at that point, you can follow up if needed.

I imagine Stephen is receiving several inquiries about this daily, which must be quite overwhelming.

From my perspective, the Train the Trainer sessions we have access to are invaluable. The opportunity to learn the new materials and engage with fellow trainers for free is worth far more than the cost of a voucher. It’s truly impressive how much effort Stephen and the team put into organising these sessions at no charge to us.

I’d recommend waiting a few more weeks to see how things progress before reaching out again.

Teaching CASP+ next week

I’ve only taught CASP+ once this year, and while there doesn’t seem to be a huge demand for it at the moment, I found incorporating parts of TryHackMe’s SOC Level 1 and 2 into the coursework as homework very beneficial. It provided students with some hands-on experience after class, and I was able to offer guidance where needed. These labs allowed students to apply theoretical knowledge in a practical way, which is often key to solidifying their understanding.

I’ve also noticed that CASP+ attracts students with varying skill levels, as there are no prerequisites for the course. This mix can make teaching both challenging and rewarding, as I’ve had to adjust activities to cater to different abilities. Tailoring exercises based on individual student needs has proven to be effective, ensuring that both novice and more advanced learners remain engaged and get the most out of the course.

I’d be interested to hear more about the specific labs and activities you incorporate into your CASP training. It's always great to exchange ideas and strategies for adding value, especially with such a diverse group of learners.

Leveraging CompTIA DataX for Data-Driven Security Strategies

@precious some these core concepts and strategies include:
  1. Hands-On Labs: Incorporate virtual labs where students can practice data manipulation, analysis, and visualization. This practical experience is crucial for understanding real-world applications.
  2. Case Studies: Use case studies to illustrate how data analytics can solve business problems.This helps students see the relevance of what they're learning and how it applies to actual scenarios.
  3. Interactive Tools: Utilize interactive tools and software for data analysis, such as Excel, SQL, and data visualization tools like Tableau or Power BI. This exposure helps students become proficient with industry-standards tools.
  4. Group Projects: Encourage group projects where students can collaborate on data analysis tasks. This fosters teamwork and allows them to learn from each other .
  5. Regular Assessments: Implement regular quizzes and assessments to gauge understanding and provide feedback This helps ensure that students are keeping up with the material and allows for timely intervention if needed .

Leveraging CompTIA DataX for Data-Driven Security Strategies

Thanks for your insights, @Emmanuel Phakula Mandala! I completely agree that the CompTIA DataX certification will equip students with essential skills in data analysis. The emphasis on data mining, manipulation, and visualization is critical for making informed decisions. I'm looking forward to incorporating these concepts into my curriculum and helping students understand their relevance in the cybersecurity field. Do you have any specific strategies in mind for teaching these core concepts?

Leveraging CompTIA DataX for Data-Driven Security Strategies

@precious This CompTIA Data X certification will have a significant impact in a position to say students will be equipped with a lot of information when it comes to data analytics remember they have to tackle with the core concepts of data analysis, including data mining, manipulation, and visualization. This certification is crucial for making informed, data -driven decisions
  • Like
Reactions: precious

RTFM Red Team Field Manual PDF

I'm excited to share the RTFM (Red Team Field Manual) PDF! This resource is a fantastic quick reference for red team tactics, techniques, and procedures. It's invaluable for both beginners and seasoned pros in our field. If you're looking to enhance your toolkit, definitely check it out!


Leveraging CompTIA DataX for Data-Driven Security Strategies

As industries increasingly rely on data to inform decision-making, CompTIA’s DataX certification seems poised to become a crucial part of the cybersecurity landscape. I'm particularly interested in how this certification might bridge the gap between data analytics and security. Are any of you planning to introduce DataX in your teaching, especially for students aiming to specialize in data security and analysis? Would love to hear how others see this fitting into current learning pathways!

Emerging Threats: What Should We Be Teaching?

I took the SY0-701 exam on April 1. No mention of AI. It could be the foot soldiers are ahead of the generals. o_O.
Appreciate the insight, @Mark Anthony Germanos. Seems like it's more of a "horizon topic" for now—still worth mentioning in class as future trends to watch.

Emerging Threats: What Should We Be Teaching?

While AI is an incredibly interesting topic the term only shows up in the acronym list for the SY0-701 Security+ course. The related topic of machine learning now also only appears in the acronym list. Neither topic is part of the exam objectives. There are some topics were I mention the impact AI and ML; specifically around SIEM/SOAR and automated code analysis. I'm not sure that I'd go there for AI developed threats yet.
Thanks, @Brian Ford. That's a good point. I might focus on AI/ML's impact in areas like SIEM/SOAR too, just to give students some context without straying too far from the objectives.

Engaging Students with Cryptography Labs

@Brian Ford, you're spot on! Most folks in cybersecurity aren't big fans of math, and you're absolutely right about not needing complex math for Security+. However, I think understanding the basics of cryptography, even without the heavy math, is crucial to grasping how encryption works under the hood. I love your idea of generating and validating file checksums—simple yet effective in showing the real-world applications of cryptography. In my own labs, I focus on practical exercises with OpenSSL, getting students hands-on with encryption and decryption. That approach really seems to help concepts click without scaring them off with math!

Filter