CEU's for other certifications earned

[Gregory Childers]

I supervise people, but I’ve maintained hands-on involvement, just like many others I know. In my experience, I’m often the one the CISSP or CISM call on to do the heavy lifting, even though we work on the same floor and are seen as part of the top-level IT/cybersecurity chain, where managerial duties are typically expected. We’re clearly coming from different perspectives, and that’s normal—no two IT professionals take the same path. Regardless of how many letters are after my name, I’m on the side that knows how to do the work and actually gets it done.

It's not required that managers be able to do the work. If they're doing the work, they're not managing. It's two different skill sets. The further a person goes up the management chain, the less technical they have to be. Most CISOs are completely non-technical and would be a liability in a production environment. CISSPs/CISMs very rarely touch the technology hands-on because they're managing people who do.

I've done the hands-on work. I was doing BC/DR during the lead-up to Y2K. I've built relational databases from scratch. I've built and maintained network infrastructures. I've built websites and maintained web servers. I've deployed software and done patching. I've configured various servers. And now I teach others how to do it. While helpful, none of those skills are required for management. Management requires skills to manage the people and the work. Project management, service management frameworks, time management, budgeting, forecasting, conflict resolution, collaboration with stakeholders, and communication become much more important than scripting in Bash.

To pass CySA+, a solid understanding of Linux+ is crucial. Once again, you're focusing on the test-taking aspect, which some people on platforms like YouTube claim they can pass in just two weeks without any prior experience, relying on memorization rather than actual knowledge even though CompTIA says the test is for a 10 year old veteran. And if they pass it they can use the credential because you don't have to prove those 10 years of experience. My point is simple: if you're genuinely working in IT on a 9-5, any additional knowledge you acquire and validate through certification should be recognized, regardless of the certification level, as it complements your practical experience. The CompTIA model is good, but there is always room for improvement.

A solid understanding of Linux is only required if you're using Linux hands-on in your on-premise environment on a regular basis. If you're not, then you don't have to know anything about Linux. Same with Cisco. Same with Palo Alto. Same with VMWare. Same with Splunk. Same with every other vendor-specific technology.

The great thing about CompTIA is that it is vendor-neutral or vendor-agnostic. You don't have to know any vendor's technology. You get a deep and broad fundamental understanding of how the technology works and how it relates to other technologies. Knowing a specific command line tool or knowing a specific configuration setting on a router is not the focus. Knowing how things work is relevant. If you want to know the specifics of a single vendor tool or service, get that training as well. The different vendors do not cover the fundamental theory of how anything works even remotely as well as CompTIA does. Microsoft gives an extremely rushed and abridged explanation of cloud computing concepts in their MS Azure course, and then they do nothing but focus on specific technical skills with their technology.

 

[Jose A Ruiz Marquez]

I took the regular exam. People speculate on the grading of exam questions and make unsupported assumptions. I didn't even read the scenario and I passed the exam. It was not a make-or-break question. The same is true for PBQs on the other exams. If you do well on the multiple-choice questions, you can easily pass every CompTIA exam without answering a single PBQ.

That's good to know, as a matter of fact the CASP+ I think I did pretty well, from all the tests taken it had the shortest list of failed objectives, 5 to be exact and objective 4 - GRC wasn't even there.

 

[Jose A Ruiz Marquez]

I've done the hands-on work. I was doing BC/DR during the lead-up to Y2K. I've built relational databases from scratch. I've built and maintained network infrastructures. I've built websites and maintained web servers. I've deployed software and done patching. I've configured various servers. And now I teach others how to do it. While helpful, none of those skills are required for management. Management requires skills to manage the people and the work. Project management, service management frameworks, time management, budgeting, forecasting, conflict resolution, collaboration with stakeholders, and communication become much more important than scripting in Bash.

In most places, you'd expect to focus on a specific role, but in Puerto Rico, it's different. You have to be prepared to handle much more than what the job description outlines. It’s a cultural thing here—you’re hired for one position, but you often end up managing multiple responsibilities. For example, I’ve had to do hands-on work, manage projects, collaborate with senior leadership, and lead a team, all at the same time. If you look at job ads here, people often complain that companies want to pay for one role but expect you to perform the work of three. That’s just how things tend to be.

 

[Gregory Childers]

In most places, you'd expect to focus on a specific role, but in Puerto Rico, it's different. You have to be prepared to handle much more than what the job description outlines. It’s a cultural thing here—you’re hired for one position, but you often end up managing multiple responsibilities. For example, I’ve had to do hands-on work, manage projects, collaborate with senior leadership, and lead a team, all at the same time. If you look at job ads here, people often complain that companies want to pay for one role but expect you to perform the work of three. That’s just how things tend to be.

It's like that here, but mostly with smaller companies. Larger organizations tend to have more specialized roles.

 

[precious]

I took the regular exam. People speculate on the grading of exam questions and make unsupported assumptions. I didn't even read the scenario and I passed the exam. It was not a make-or-break question. The same is true for PBQs on the other exams. If you do well on the multiple-choice questions, you can easily pass every CompTIA exam without answering a single PBQ.

That's an interesting perspective! It’s true that multiple-choice questions can carry significant weight in the overall score. Many people focus heavily on PBQs, but if you have a solid understanding of the core concepts, you can still succeed by mastering the MCQs. It’s good to see you’re confident in your approach! How did you feel about the exam overall?

 

[Gregory Childers]

That's an interesting perspective! It’s true that multiple-choice questions can carry significant weight in the overall score. Many people focus heavily on PBQs, but if you have a solid understanding of the core concepts, you can still succeed by mastering the MCQs. It’s good to see you’re confident in your approach! How did you feel about the exam overall?

Overall, I thought it was a comprehensive and challenging exam.

As I've said, I have no idea what the scenario was in the simulation because I skipped it. I tend to do the PBQs last, and I wasn't aware that the CASP+ had a simulation question. I answer all the M/C questions first, then went back and answer the PBQs during the review. I was concerned when I realized I couldn't review the simulation question. However, when I completed the survey questions, I saw the notification on the screen that I had passed. Since this exam is pass/fail, I have no idea how well or poorly I did other than knowing I passed.

Many people speculate on the number of points M/C questions, PBQs, and simulations are worth. No one outside the inner circle of CompTIA staff who manage the exam knows.

 

[MBA]

Great conversation. I'll just say that I think both arguments have merit and are not mutually exclusive.

-Moez

 

[precious]

Overall, I thought it was a comprehensive and challenging exam.

As I've said, I have no idea what the scenario was in the simulation because I skipped it. I tend to do the PBQs last, and I wasn't aware that the CASP+ had a simulation question. I answer all the M/C questions first, then went back and answer the PBQs during the review. I was concerned when I realized I couldn't review the simulation question. However, when I completed the survey questions, I saw the notification on the screen that I had passed. Since this exam is pass/fail, I have no idea how well or poorly I did other than knowing I passed.

Many people speculate on the number of points M/C questions, PBQs, and simulations are worth. No one outside the inner circle of CompTIA staff who manage the exam knows.

Thanks for sharing, Gregory! It’s interesting that you skipped the simulation and still passed. I agree that tackling MCQs first helps build momentum. Many focus on PBQs, but mastering the MCQs is key.

I also find the speculation about scoring frustrating—confidence in your knowledge is crucial.

 

[Jose A Ruiz Marquez]

Great conversation. I'll just say that I think both arguments have merit and are not mutually exclusive.

Thanks, some of us on the thread are looking things from different point of views and that's great. I'm sure as technology develops and more and more certifications objectives start to overlap CompTIA will make it easier to add CEU's, in the meantime I'll concentrate on the CASP+/Security X CEU's. I started going back to the practical exams and I'm getting ready to do the OSCE to finish the Off-Sec trifecta of OSCP/OSWE/OSCE and they count as full renewal for CASP+. Then for next year I'll get PNPT to add to my Active Directory pentesting skills.

 

[Gregory Childers]

I used ISACA's CISM to get full CEUs for the CASP+. Since then, I passed the CISSP and can use it to get full CEUs for both CISM and CASP+.

 

[Jose A Ruiz Marquez]

I used ISACA's CISM to get full CEUs for the CASP+. Since then, I passed the CISSP and can use it to get full CEUs for both CISM and CASP+.

That's excellent! One of the universities I work for asked me to take the CISM as they have an academic partnership with ISACA. But for those tests you need to get rid of the practitioner hat and focus on thinking like a manager. I'm still thinking about taking that test.....

 

[Gregory Childers]

My A+ instructor does the opposite. He goes in, does all the PBQs immediately, then does like the first 20 or questions, depending on how many PBQs he gets, and leaves. He passes every time. I'm too paranoid to do what either of you do.

PBQs take longer to answer than M/C questions. I do all the M/C questions first, preferably spending no more than 30-40 seconds on each and then use the remaining time on the PBQs. I usually end the exam with plenty of time to spare.

 

[Gregory Childers]

I agree- except for him. He's really good at PBQs and knows pretty much everything in the field. And he knows PBQs are worth the most. He's been doing this so long that he can figure out how many extra multi-choice questions he needs to roughly clear and still pass. He does his PBQs, a few multiple choice, and then he ends the exam. Once, he left his car running and went upstairs and did this and walked out with his pass score.

No one knows how many points any of the questions are worth, and anyone who claims to know is speculating.

I answer all the questions. I just prefer to answer the quick M/C questions first and save the longer PBQs until later.

 

[Gregory Childers]

He doesn't know, but whatever he guesses, he's getting it right. Works for him. I do believe you should do your MC first and swing back for the PBQs, no matter how short or long. I'm just commenting that I know a guy who is really smart- he just does all the PBQs, the first 30 or so questions, and he always passes.

I always pass as well, but it still doesn't explain how CompTIA scores the exam.

 

[Gregory Childers]

I'll make it crystal clear so you are clear. I said HE GUESSES what he THINKS what will get him enough points to pass. I'll emphasize that he's VERY LUCKY to guess right each time he takes the exams for his certifications. NO ONE KNOWS exactly HOW CompTIA gives points.

I am not sure why you keep on going on and on. It's kind of clear that I'm just saying THIS is what HE DOES and it works FOR HIM.

Does that help? I am NOT trying to EXPLAIN how CompTIA scores the exam, merely giving an observation of what my old teacher does.

OK, so he does the minimum. Sounds like a great role model.

 

[KGreen]

Yes, you can use other certifications toward CEU for renewal. I did. You do have to be very clear about topic and hours, making sure it's at the right level of experience (beginner, intermediate, advanced).