I have been teaching CASP for many years and am looking forward to the Train the Trainer for CSAP in its newer name SecurityX, I add labs and activities for managers on this course, what do you include when delivering a CASP+ course for added value.
I only use TryHackMe for PenTest+.I’ve only taught CASP+ once this year, and while there doesn’t seem to be a huge demand for it at the moment, I found incorporating parts of TryHackMe’s SOC Level 1 and 2 into the coursework as homework very beneficial. It provided students with some hands-on experience after class, and I was able to offer guidance where needed. These labs allowed students to apply theoretical knowledge in a practical way, which is often key to solidifying their understanding.
I've found that to be true for every CompTIA course. I get people with no technical experience taking CySA+ or beyond. CompTIA should start enforcing prerequisites. Failure to do so is doing a disservice to the students. Too many unscrupulous training companies and salespeople are telling students they can sign up for any class they want, which leaves the trainers stuck with students who can't handle the materials.I’ve also noticed that CASP+ attracts students with varying skill levels, as there are no prerequisites for the course. This mix can make teaching both challenging and rewarding, as I’ve had to adjust activities to cater to different abilities. Tailoring exercises based on individual student needs has proven to be effective, ensuring that both novice and more advanced learners remain engaged and get the most out of the course.
Yes. My experience mirrors exactly what Greg is saying about tech experience. Same for CISSP. CASP+ is incredibly hard for students who don't have any kind of people or staff management experience. I'd go as far as saying CISSP is almost impossible for those folks.I only use TryHackMe for PenTest+.
I've found that to be true for every CompTIA course. I get people with no technical experience taking CySA+ or beyond. CompTIA should start enforcing prerequisites. Failure to do so is doing a disservice to the students. Too many unscrupulous training companies and salespeople are telling students they can sign up for any class they want, which leaves the trainers stuck with students who can't handle the materials.
In my Pentest+ and CySA+ classes, I’ve encountered students who come in with completely unrealistic expectations, especially those new to the field or making a career change. Some have little to no understanding of the material or the depth of knowledge required, yet expect to be able to conduct professional-level penetration tests or handle complex cybersecurity incidents right after the course. They often don’t realize that certifications like Pentest+ and CySA+ are just foundational steps, not shortcuts to becoming experts. To help manage these expectations, I use TryHackMe to give them hands-on practice and a sense of the real-world challenges they’ll face, but I also have to continuously remind them that they’re at the beginning of a long learning curve. It’s crucial for them to understand that developing the necessary skills, especially in a field as dynamic and demanding as cybersecurity, requires time, effort, and experience far beyond passing the certification exam.I’ve also noticed that CASP+ attracts students with varying skill levels, as there are no prerequisites for the course. This mix can make teaching both challenging and rewarding, as I’ve had to adjust activities to cater to different abilities. Tailoring exercises based on individual student needs has proven to be effective, ensuring that both novice and more advanced learners remain engaged and get the most out of the course.
Yes, some training companies are just trying to sell seats, telling students they can jump into any course without telling them the right background they need to get the most out of the class. It sets them up for failure when they hit the material and realize they’re way over their headsToo many unscrupulous training companies and salespeople are telling students they can sign up for any class they want
When that happens, I tell the students the truth. They were convinced to sign up for a course that they were not prepared to take.Yes, some training companies are just trying to sell seats, telling students they can jump into any course without telling them the right background they need to get the most out of the class. It sets them up for failure when they hit the material and realize they’re way over their heads
Agree 100%. I try to find and encourage students to find mentors in the field already to help students gain expertise. That's how I learned about SOC, by shadowing a couple of SOC staffers.In my Pentest+ and CySA+ classes, I’ve encountered students who come in with completely unrealistic expectations, especially those new to the field or making a career change. Some have little to no understanding of the material or the depth of knowledge required, yet expect to be able to conduct professional-level penetration tests or handle complex cybersecurity incidents right after the course. They often don’t realize that certifications like Pentest+ and CySA+ are just foundational steps, not shortcuts to becoming experts. To help manage these expectations, I use TryHackMe to give them hands-on practice and a sense of the real-world challenges they’ll face, but I also have to continuously remind them that they’re at the beginning of a long learning curve. It’s crucial for them to understand that developing the necessary skills, especially in a field as dynamic and demanding as cybersecurity, requires time, effort, and experience far beyond passing the certification exam.
It's great to hear about your experience with CASP+ and the excitement for SecurityX! I also integrate labs into my CASP+ training to provide added value, particularly focusing on real-world scenarios that senior security professionals and managers might encounter, I focus on incorporating hands-on labs and activities that enhance real-world applications. I often use platforms like Hack The Box (HTB) and TryHackMe to create practical scenarios that allow students to apply what they've learned in a safe environment. Additionally, incorporating Capture The Flag (CTF) challenges helps to reinforce skills and foster a competitive spirit among students.I have been teaching CASP for many years and am looking forward to the Train the Trainer for CSAP in its newer name SecurityX, I add labs and activities for managers on this course, what do you include when delivering a CASP+ course for added value.
I completely agree with you @Brian Ford about the challenges with CASP+ and CISSP for those lacking management experience. Tailoring your approach and focusing on knowledge transfer seems effective. Aligning content with real-world applications also helps bridge experience gaps. Thanks for sharing!Yes. My experience mirrors exactly what Greg is saying about tech experience. Same for CISSP. CASP+ is incredibly hard for students who don't have any kind of people or staff management experience. I'd go as far as saying CISSP is almost impossible for those folks.
Student screening and checking prerequisites is an near impossible administrative task. It comes down to if the student doesn't have the prerequisite requirements and institution points that out but said student wants to pay for the course; should the registrar stop them?
When I take on clients seeking either CASP+ or CISSP they are people that don't want to sit for a class with others. Either the course meeting times or schedule doesn't work for them or they just don't want to sit with other learners. I have clients complete a survey that asks about all prerequisites and other certification programs. I often see expired certifications (which are easy to check for CompTIA). When I meet with the client I go over those survey answers. But in the end the client is paying me to get them that certification so I tailor the engagement to the client. My clients are always adults who are years or decades away from their last academic experience. I start off with lots of knowledge transfer (they read and study on their own) and then hammer them hard with test taking (they take tests on their own and we review the results). CASP+ engagements almost always go smoothly because the scope of the topics covered is well aligned to many IT jobs. CISSP is a completely different story because the body of knowledge is so broad that no one I've worked with has worked in all of those domains.
That sounds exciting! Crypto and PKI are such foundational topics for security, and it's great that you have enough time to dive deep into them. Covering asymmetric vs. symmetric encryption, hashing, key management, and certificate authorities in detail really gives learners a solid understanding of secure communication. Plus, it's always fun to see that "aha!" moment when students grasp how all the pieces fit together in a practical security architecture. Do you have any specific labs or demos planned for that day?Teaching CASP+ this very week! What I really look forward to is the crypto/PKI day. Finally a course that allots enough time to cover these subjects in the depth they deserve and not rush through them!
It has already occurred. I'm not sure what the link is, but usually CompTIA archives it so that others can watch the recording.Silly question but where can I sign up for Comptia SecurityX TTT?
I am getting that with my Security+ students. They come into class expecting to digest the Security+ curriculum and then run job hunts, but they do not understand why subnet masks, DNS and VLANs exist. They instead get A+ training and transition to Security+ the following week.. I feel we are committing information overload.When that happens, I tell the students the truth. They were convinced to sign up for a course that they were not prepared to take.
There are no shortcuts. People have to pay their dues, do the work, and build skills from the ground up. You don't start at the end or the middle; you have to start at the beginning.
I also talk to sales and request that they stop setting the students up for failure.
The gap between A+ and Security+ is significant, especially when foundational networking concepts like subnet masks, DNS, and VLANs are not fully understood. Jumping straight into Security+ without that solid base can overwhelm students. It's essential to ensure they have a firm grasp of the fundamentals before tackling more advanced topics to avoid information overload and help them succeed.I am getting that with my Security+ students. They come into class expecting to digest the Security+ curriculum and then run job hunts, but they do not understand why subnet masks, DNS and VLANs exist. They instead get A+ training and transition to Security+ the following week.. I feel we are committing information overload.
not only that, but people think that if they pass CASP+, they can get a job in security... despite most security jobs requiring several years of experience.I've found that to be true for every CompTIA course. I get people with no technical experience taking CySA+ or beyond. CompTIA should start enforcing prerequisites. Failure to do so is doing a disservice to the students. Too many unscrupulous training companies and salespeople are telling students they can sign up for any class they want, which leaves the trainers stuck with students who can't handle the materials.