Quick question for folks about CASP+. Is there a capstone as part of the actual course?
CASP+ Curriculum
- Thread starter Nick Anthis
- Start date
just a question I got from a student planning on taking the course. I don’t have the cert yet, so I don’t know if it’s like the other CompTIA courses where it is lecture and labs. I know there is a question on the cert test where there is a VM, but they seemed to think there was a graded capstone at the end Of the class
Not that I know of, if it is delivered as CASP+ cert class as is.
However, there are schools/universities that deliver CASP+ as part of a degree.
For such cases, they typically end the course with a capstone project.
Hope this helps!
Capstone projects are more common in developer-focused programs (e.g., comp sci) as they allow students to work on a complete app that combines the tools and frameworks covered in multiple prerequisite courses, but over a long period of time. And employers want to see grads that have worked on an app project for a long period of time because they can ask important questions about it during interviews (e.g., How did you structure your project workflow, tools, and communication? What was your motivation to use ___ framework? What issues did you run into solving ____, and how did you solve them? Were there any team issues you had to deal with?).
So, while it's possible to have a capstone for CASP+, it'd have to be a project that encompasses security design/processes/governance and include both red and blue team elements in a way that makes sense. I can't think of a project off the top of my head that would do this, but it's possible. It may make more sense to design a CASP+ course with multiple, smaller projects that each focus on a single major topic.
So, while it's possible to have a capstone for CASP+, it'd have to be a project that encompasses security design/processes/governance and include both red and blue team elements in a way that makes sense. I can't think of a project off the top of my head that would do this, but it's possible. It may make more sense to design a CASP+ course with multiple, smaller projects that each focus on a single major topic.
Last edited:
I guess in that aspect of it, it's however you want it to be. If you're building a course, you can add whatever delivery methods and content that you wish. But my experience with CASP+ suggests that it follows the same structures and methodologies as every other certification. As Jason mentioned, it would involve elements from pen testing and cyber defense. CASP also does play heavily into standards and regulations that an organization will have to follow to do business in it's respective sector.
If I was going to build one, I would probably craft something around building a cybersecurity plan for an organization. The plan would include various elements like a method for which regulations would be required for the organization's posture, penetration testing schedule with ROE's and how those results get reviewed, vulnerability scanning, including what tools are used and how those results are reviewed and by whom, what gets done in-house, and what you outsource - things like that. Use the Objectives as a guide for things to cover in a capstone project.
I'd make the capstone realistic, because with these kinds of projects, it's easy to create a limousine plan, but in reality, you only have a subcompact budget and staff to put it into play.
/r
Thank you everyone. Some reallynawesome responses. We have a cyber academy at UMBC training centers that I designed with basic CompTIA courses and several home grown courses culminating in a capstone.
