Is CompTIA’s CASP a good next step?

I teach several CompTIA certifications, and believe they certainly have value. But I make it a point not to try to maintain a huge array of them. They’re often a starting point, something that gets your value recognized. But once your name is out there and you’ve established value, work is likely to be a problem only in its overabundance. Assuming you’ve got something to offer.

That does call for a degree of attention to what’s being asked for by any substantial group of customers. One of the most substantial groups I know is the massive defense industry, which is particularly the case in New Mexico. The so-called “DoD Order” requires a high degree of certification for anyone involved with information, which means that national laboratory employees, military personnel and contractors like Lockheed Martin are all asking for, or requiring, security certifications.

I make no secret that I’m involved with ISECOM and frankly prefer the style of security the institute advocates: describing, creating and supporting a culture of security consciousness. Consider, for perhaps an unfortunate example, the security of gangs, and members both in and out of prison. They have no real problems with information leakage, because the strictures are absolute: no one talks, everyone walks; you talk, you die. It’s a shame to put it in these terms, but I’ve witnessed the collapse of businesses and watched the weeping employees filing out with their boxes of cubicle tchotchkes. Sometimes security is highly preferable to unemployment or worse.

Now the DoD is expressing some respect for the CASP:

The Department of Defense (DOD) has begun including the security certification known as “CompTIA Advanced Security Practitioner” (CASP) in its accepted roster of industry-based security exams to prove technical skills, the trade group says.
http://www.networkworld.com/news/2013/032213-dod-comptia-268017.html

It might be time to start studying.

* * *