I have been given the opportunity to teach both of these courses, and in my opinion, it seems as though the Security + course is getting closer to the CISSP. What are your views about this?
Security + and CISSP
- Thread starter Peter Bagley
- Start date
I believe the CISSP is still in a higher tier of proficiency than that of Security+. I respect both exams for the markets that they serve, but I don't think Security+ is on par with the CISSP. Now the CASP...that's a different story.
Security+ would be appropriate for the 18m - 2y IT professional (depending on whom you ask) and would present significant challenge to that candidate. CISSP targets the five year tier. CySA/PenTest are at the four year level, where CASP is more to five years. CISSP, as an exam, is more grueling, since it's 250 questions where the CASP is about 80.
/r
Security+ would be appropriate for the 18m - 2y IT professional (depending on whom you ask) and would present significant challenge to that candidate. CISSP targets the five year tier. CySA/PenTest are at the four year level, where CASP is more to five years. CISSP, as an exam, is more grueling, since it's 250 questions where the CASP is about 80.
/r
CISSP is going to contain a higher level of management level objectives as well. As @Rick Butler commented CISSP is geared at a higher level candidate with more experience. But, they also need to have the expereince and knowledge of Security+, CySA+ and PenTest+ to make sounds decisions about how to secure an enterprise network. But that is just my two cents.
This is one of the things I like most about the CySA and PenTest offerings - they incrementally build the gap between Security+ and the CISSP/CASP objectives. I always believed that, before the introduction of these certs, there was too big a gap to jump. Now, a few certs in between will make it easier for folks to grow from the Incremental to the Advanced level.
Big difference is moving from an operational perspective to strategic. Also focus is being aware of the need for profitability and good governance.
This is a key thing when crossing into these upper echelon certs. It's not just understanding the framework in theory, being able to actually put it into functional practice when rolling out a cyber program, promoting security awareness in an organization, managing service levels in an enterprise IT architecture, or just delivering good IT to every level of an organization, from the CEO to the building maintenance people.
Security+ and CySA introduces these frameworks, but CASP and CISSP are much more tilted to the bigger picture, with more than half of their objectives being less technical and more managerial.
It's like the relationship between a Baccalaureate degree vs. a Master's Degree.
/r