Later this year, CompTIA will be releasing the CompTIA Advanced Security Practitioner (CASP) certification.
This is an advanced enterprise level certification for those with 10+ years experience in IT administration, with at least five years in hands-on security.
We are not talking about the suit and tie crowd here; this certification is for those that do the day-to-day security work that keeps networks running and secure.
CASP is vendor-neutral. The exam has four domains:
- Enterprise security (40 percent)
- Risk management, policy/procedure and legal (24 percent)
- Research and analysis (14 percent)
- Integration of computing, communications and business disciplines (22 percent)
There's no required prerequisite; but CASP essentially follows the CompTIA Security+ certification.
I recently completed the beta exam for the certification in Houston. It's quite close to the CISSP certification in terms of difficulty level. One difference between the two is that CASP recommends 10 years of experience - versus the five years required by CISSP.
Consider the knowledge areas that CompTIA is looking for with CASP. In just one area, such as security assessments, the test candidate is expected to know about port scanners, vulnerability scanners, protocol analyzers, switchport analyzers, network enumerators, password crackers, fuzzing, and attack tool frameworks.
Anyone performing a security assessment needs to be able to use and understand specialized tools such as exploit frameworks. One good example is Metasploit. The Metasploit Framework is an advanced platform for developing, testing, and using exploited code.
Another tool "hands-on" security professionals need to know is the sniffer. There are many sniffers available yet almost all present the same data.
Some of the most basic sniffers, such as TCP dump, use a command line interface and dump captured data to the screen, while more advanced products such as Wireshark use GUI, graph traffic statistics, track multiple sessions, and offer multiple configuration options.
Regardless of the sniffer tool used, the successful CASP candidate must understand how to analyze network traffic. This includes TCP, UDP, IPv4 and IPv6.
IPv6 does have differences from IPv4. The IPv6 address space is 128 bits, IPv6 does not support a checksum, and does not support ARP protocol. If you are not comfortable with IPv6, now is the time to get up to speed.
I believe this certification is going to meet real need in the IT security industry by addressing an area of the market that has been overlooked.
While there are many entry-level certifications and others that address security management, this will be the enterprise level advanced hands-on security certification.
The CASP exam should be available by fourth quarter of this year. Look for Sybex's upcoming CompTIA Advanced Security Practitioner Study Guide - which should be out soon.
Contributed by Superior Solutions, Inc.