Post on 21-Jul-2018
transcript
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 3
Where does GSEC fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA Security+ and GIAC Security Essentials (GSEC)
4
Feature CompTIA Security+ GIAC GSECCertifying
organization
CompTIA (nonprofit
association)
GIAC (Global Information Assurance
Certification) (for-profit organization)
Industry recognized
(see description
above)
Professional Development
Qualifying Credential
Professional Development
Qualifying Credential
Vendor-neutral Yes Yes
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M IAT II, IAM I IAT II
Target audience Entry-level cybersecurity
professionals
Entry-level cybersecurity professionals
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA Security+ and GIAC Security Essentials (GSEC)
5
Feature CompTIA Security+ GIAC GSEC
Exam topics Similar, more in-depth Similar, less in-depth
Prerequisites No required prerequisites;
CompTIA A+ and Network+
recommended
None, no recommendations
Performance-based
questions
Yes No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why Security+ instead of GSEC?
6
Reason #1 Security+ is better suited to help IT professionals reach a base level of cybersecurity competence for the least amount of money
GSEC is less in-depth and costs more (GSEC $659 vs Security+ $320 retail)
Reason #2 The Security+ exam assesses hands-on cybersecurity skills through performance-based questions
GSEC does not
Reasons #3 Security+ is focused 100% on cybersecurity skills
GSEC is more general and includes networking and Linux fundamentals
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of GIAC
7
Reason #1 CompTIA encourages partners to choose anytraining option
GIAC uses SANS 401 training
Reason #2 Security+ is more cost-effective to assess entry-level cybersecurity skills
GSEC USD $659 vs Security+ $179 retail
Reason #3 CompTIA certifications are more widely adopted by the industry
96,131 GIAC certifications issued versus over 2,000,000 CompTIA certifications issued (July 2017)
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
Where does SSCP fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA Security+ and (ISC)2 Systems Security Certified Practitioner (SSCP)
10
Feature CompTIA Security+ (ISC)2 SSCPCertifying
organization
CompTIA (nonprofit association) (ISC)2 Information Systems Security
Certification Consortium (nonprofit
association)
Industry recognized Professional Development
Qualifying Credential
Professional Development
Qualifying Credential
Vendor-neutral Yes Yes
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M IAT II, IAM I IAT I, IAT II, CSSP-IS
Target audience Entry-level cybersecurity
professionals
Entry-level cybersecurity
professionals
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA Security+ and (ISC)2 Systems Security Certified Practitioner (SSCP)
11
Feature CompTIA Security+ (ISC)2 SSCPExam topics Baseline cybersecurity skills,
more in-depth
Baseline cybersecurity knowledge,
less in-depth
Prerequisites No required prerequisites;
CompTIA A+ and Network+
recommended
Requires proof of one year IT-related
experience and an endorsement.
Candidates can also pass the exam,
become an associate and get the
experience later
Performance-based
questions (PBQs)
Yes No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why Security+ instead of SSCP?
12
Reason #1 Security+ is more technical and goes further in-depth into cybersecurity skills than SSCP
Reason #2 SSCP is considered “CISSP light” because it covers an extremely broad level of topics without going into depth
Reason #3 The Security+ exam assess hands-on skills through performance-based questions (and closed-response questions)
Reason #4 The SSCP exam has no performance-based questions, only closed-response questions
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of (ISC)2
13
Reason #1 CompTIA certifications are more widely adopted by the industry: Over 400,000 CompTIA Security+ certifications have been issued versus 3,360 SSCP certifications (April 2017)
Reason #2 SSCP requires one-year verification for IT-related work to certify, otherwise test takers become an “associate”
Reason #3 Security+ assesses cybersecurity skills when the student sits for the exam; no proof of IT experience required because the hands-on skills are verified immediately at the testing center
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 15
Where does CEH fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA Security+ and EC-Council Certified Ethical Hacker (CEH)
16
Feature CompTIA Security+ EC-Council CEHCertifying
organization
CompTIA (nonprofit
association)
EC-Council (Int’l. Council of
Electronic Commerce Consultants)
(for-profit association)
Industry recognized
(see description on
first page)
Professional Development
Qualifying Credential
Professional Development
Qualifying Credential
Vendor-neutral Yes Yes
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M IAT II, IAM I CSSP-Analyst, CSSP-IS, CSSP-IR,
CSSP-Auditor
Target audience Entry-level cybersecurity
professionals
Intermediate-level cybersecurity
professionals
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA Security+ and EC-Council Certified Ethical Hacker (CEH)
17
Feature CompTIA Security+ EC-Council CEHExam topics Baseline cybersecurity skills
required for an entry-level IT
professional, including basic
penetration testing skills
Penetration testing knowledge
Prerequisites No required prerequisites;
CompTIA A+ and Network+
recommended
Requires proof of two-years
cybersecurity related experience,
unless the candidate attends official
EC-Council training
Performance-based
questions (PBQs)
Yes No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why Security+ instead of CEH?
18
Reason #1 The Security+ and CEH audiences are different:
• Security+ is designed to help IT professionals reach a base level of cybersecurity competence
• CEH is designed to help IT professionals ethically hack and pen test at the intermediate level (CPT+)
Reason #2 The Security+ exam assesses hands-on skills through performance-based questions and closed-response questions:
• The CEH exam has no performance-based questions
• The CEH exam assesses only knowledge
• Security+ assesses knowledge, comprehension and application of skills
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of EC-Council
19
Reason #1 EC-Council requires candidates to attend official EC-Council CEH training, otherwise candidates must provide two-years of employer-endorsedproof of cybersecurity experience
• CompTIA allows partners to choose less expensive training options
• CompTIA requires no proof of IT experience to receive Security+; hands-on skills are verified at the testing center
Reason #2 Security+ is more cost-effective to assess entry-level cybersecurity skills (USD $179vs $700 retail)
Reason #3 CompTIA certifications are more widely adopted by the industry: Over 2,000,000 CompTIA certifications have been issued versus over 200,000 EC-Council certifications (July 2017)
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 22
Where does CEH fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CSA+ and EC-Council Certified Ethical Hacker (CEH)
23
Feature CompTIA CSA+ EC-Council CEHCertifying
organization
CompTIA (nonprofit
association)
EC-Council (Int’l. Council of
Electronic Commerce Consultants)
(for-profit association)
Industry recognized
(see description on
first page)
Professional Development
Qualifying Credential
Professional Development
Qualifying Credential
Vendor-neutral Yes Yes
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M In review: IAT II, CSSP-Analyst,
CSSP-IS, CSSP-IR, CSSP-Auditor
CSSP-Analyst, CSSP-IS, CSSP-IR,
CSSP-Auditor
Target audience Intermediate-level
cybersecurity professionals
Intermediate-level cybersecurity
professionals
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CSA+ and EC-Council Certified Ethical Hacker (CEH)
24
Feature CompTIA CSA+ EC-Council CEHExam topics Security analyst knowledge,
application and analysis
Penetration testing knowledge
Prerequisites No required prerequisites;
CompTIA Network+ and
Security+ recommended
Requires proof of two-years
cybersecurity related experience,
unless the candidate attends official
EC-Council training
Performance-based
questions (PBQs)
Yes No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CSA+ instead of CEH?
25
Reason #1 They have different audiences:
• CSA+ focuses on security analyst techniques to protect and defend networks
• CEH focuses on ethical hacking and penetration testing, which is a subset of CSA+
There is only a 38% overlap between the exams, most in penetration testing and vulnerability assessment and management
Reason #2 CSA+ objectives cover higher-level learning objectives by analyzing and applying; CEH requires only knowledge of a given topic
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CSA+ instead of CEH?
26
Reason #3 The upcoming CompTIA CPT+ exam will directly compete with CEH
Reason #4 The CSA+ exam assesses hands-on skills through performance-based questions and closed-response questions
• The CEH exam has no performance-based questions, only closed-response questions
• The CEH exam only assesses knowledge of skills. CSA+ assesses knowledge, comprehension, application and analysis of skills
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of EC-Council
27
Reason #1 EC-Council requires candidates to attend official EC-Council CEH training, otherwise candidates must provide two-years of employer-endorsedproof of cybersecurity experience
• CompTIA allows partners to choose less expensive training options
• CompTIA requires no proof of IT experience to receive CSA+; hands-on skills are verified at the testing center
Reason #2 CSA+ is more cost-effective to assess intermediate-level cybersecurity skills (USD $179vs $700 retail)
Reason #3 CompTIA certifications are more widely adopted by the industry: Over 2,000,000 CompTIA certifications have been issued versus over 200,000 EC-Council certifications (July 2017)
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 29
Where does CND fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CSA+ and EC-Council Certified Network Defender (CND)
30
Feature CompTIA CSA+ EC-Council CNDCertifying
organization
CompTIA (nonprofit
association)
EC-Council (Int’l. Council of
Electronic Commerce Consultants)
(for-profit association)
Industry recognized
(see description on
first page)
Professional Development
Qualifying Credential
Professional Development
Vendor-neutral Yes Online exam (www.eccexam.com)
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M In review: IAT II, CSSP-Analyst,
CSSP-IS, CSSP-IR, CSSP-Auditor
No
Target audience Intermediate-level
cybersecurity professionals
No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CSA+ and EC-Council Certified Network Defender (CND)
31
Feature CompTIA CSA+ EC-Council CNDExam topics Security analyst knowledge,
application and analysis
Focuses on traditional perimeter
defense knowledge, such as
firewalls and anti-virus software;
includes basic security analyst
knowledge (closer to Security+
knowledge)
Prerequisites No required prerequisites;
CompTIA Network+ and
Security+ recommended
Requires proof of two-years
cybersecurity related experience,
unless the candidate attends official
EC-Council training
Performance-based
questions (PBQs)
Yes No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CSA+ instead of CND?
32
Reason #1 The CND exam focuses more on traditional perimeter techniques, such as firewalls and anti-virus software
Reason #2 CSA+ focuses more on modern security analytics, such as the Advanced Persistent Threat (APT)
• CSA+ covers the essential concepts of zero-day anomaly detection that focuses on symptoms and analysis, and penetration testing aspects of vulnerability assessment and management; CND does not
• The CSA+ exam includes Secure Information and Event Management (SIEM) practices and concepts; the CND exam does not
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CSA+ instead of CND?
33
Reason #3 CSA+ objectives cover Bloom’s taxonomy higher-level learning objectives by analyzing and applying
• CND objectives cover mostly lower-level learning objectives through knowledge and comprehension.
The best way to assess performance is by analyzing and applying technology, in addition to memorizing knowledge and comprehending
Reason #4 The CND exam focuses more on entry-level concepts, rather than intermediate security analytics skills; CND is closer to Security+ than CSA+
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CSA+ instead of CND?
34
Reason #5 CSA+ contains both performance-based assessment items and multiple-choice items; CND contains only multiple-choice items.
Reason #6 CSA+ objectives cover higher-level learning objectives by analyzing and applying; CND requires only knowledge of a given topic.
Reason #7 EC-Council certifications also tend to focus on arcane security tool features, rather than industry-standard best practices.
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of EC-Council
35
Reason #1 EC-Council requires candidates to attend official EC-Council CND training, otherwise candidates must provide two-years of employer-endorsedproof of cybersecurity experience
• CompTIA allows partners to choose less expensive training options
• CompTIA requires no proof of IT experience to receive CSA+; hands-on skills are verified at the testing center
Reason #2 CSA+ is more cost-effective to assess cybersecurity skills (USD $179vs $350 retail)
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of EC-Council
36
Reason #3 At CompTIA, we are very careful to create high-quality exams. EC-Council tends to focus on training.
Reason #4 CompTIA certifications are more widely adopted by the industry: Over 2,000,000 CompTIA certifications have been issued versus approximately 200,000 EC-Council certifications (July 2017)
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 38
Where does CFR fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CSA+ and Logical Operations CyberSec First Responder (CFR)
39
Feature CompTIA CSA+ LO CFRCertifying
organization
CompTIA (nonprofit
association)
Logical Operations (for-profit
association)
Industry recognized
(see description
above)
Professional Development
Qualifying Credential
Professional Development
Qualifying Credential
Vendor-neutral Yes Yes
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M In review: IAT II, CSSP-
Analyst, CSSP-IS, CSSP-IR,
CSSP-Auditor
CSSP-Analyst, CSSP-IR
Target audience Intermediate-level
cybersecurity professionals
Intermediate-level cybersecurity
professionals
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CSA+ and Logical Operations CyberSec First Responder (CFR)
40
Feature CompTIA CSA+ LO CFR
Exam topics Security analyst knowledge,
application and analysis; includes
Incident response
Incident response knowledge
Prerequisites No required prerequisites; CompTIA
Network+ and Security+
recommended
None
Performance-based
questions
Yes No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CSA+ instead of CFR?
41
Reason #1 The CSA+ exam focuses on the unique skills of a security analyst. These include the ability to place, configure, manage, and interpret a Security Information and Event Management (SIEM) tool, interpret packet captures, logs, and other readouts from network, endpoint, and server devices, conduct effective vulnerability assessments and penetration tests, as well as respond properly to incidents.
Reason #2 Only 30% of the topics are similar, mostly covering incident response
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CSA+ instead of CFR?
42
Reason #3 CSA+ is an intermediate-level certification; CFR is closer to entry-level Security+ skills. Most CSA+ objectives cover scenarios and applying skills. Most CFR objectives explain concepts.
Reason #4 The CSA+ exam assesses hands-on skills through performance-based questions and closed-response questions
• The CFR exam has no performance-based questions, only closed-response questions
• The CFR exam only assesses knowledge and comprehension of skills. CSA+ assesses knowledge, comprehension, application and analysis of skills
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of Logical Operations
43
Reason #1 CompTIA certifications are more widely adopted by the industry: Over 2,000,000 CompTIA certifications have been issued versus very few LO certifications (July 2017)
Reason #2 LO is primarily a small publishing company that has gotten into the certification business recently. CompTIA has been an industry IT certification heavyweight for over 25 years.
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 46
Where does CISSP fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CASP and (ISC)2
Certified Information Systems Security Professional (CISSP)
47
Feature CompTIA CASP (ISC)2 CISSPCertifying
organization
CompTIA (nonprofit
association)
(ISC)2 Information Systems Security
Certification Consortium (nonprofit
association)
Industry recognized
(see description on
first page)
Professional Development
Qualifying Credential
Professional Development
Qualifying Credential
Vendor-neutral Yes Yes
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M IAT III, IAM II, IASAE I & II IAT III, IAM II & III, IASAE I, II & III,
CSSP Manager
Target audience Cybersecurity practitioners Cybersecurity managers
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 48
Feature CompTIA CASP (ISC)2 CISSPExam topics Enterprise cybersecurity
architecture, tools and system
resilience
Enterprise cybersecurity
management knowledge
Prerequisites No required prerequisites;
CompTIA Security+
recommended
Requires proof of five years of
cybersecurity-related experience
and an endorsement. Candidates
can also pass the exam, become an
associate and get the experience
later
Performance-based
questions (PBQs)
Yes No
CompTIA CASP and (ISC)2 Certified Information Systems Security Professional (CISSP)
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CASP instead of CISSP?
49
Reason #1 It depends on the audience:
• CompTIA CASP is the ideal certification for advanced practitioners of cybersecurity. CASP is intended for those technical professionals who wish to remain immersed in technology as opposed to managing cybersecurity policy and frameworks. CASP is also highly technical in nature. Instead of focusing on theoretical risk management, CASP requires hands-on, practical knowledge of risk management practices.
• (ISC)2 CISSP is the ideal certification for those in cybersecurity management. CISSP is intended for technical and non-technical candidates that manage cybersecurity policy and frameworks
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CASP instead of CISSP?
50
Reason #2 CASP goes in-depth into advanced cybersecurity skills; in contrast, CISSP covers an extremely broad level of topics without going in-depth. Some people say CISSP is “six miles wide and two inches deep”
Reason #3 The CASP exam assesses hands-on skills through performance-based questions (and closed-response questions); the CISSP exam has no performance-based questions, only closed-response questions
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of (ISC)2
51
Reason #1 CompTIA certifications are more widely adopted by the industry: Over 2,000,000 CompTIA certifications have been issued versus approximately 130,000 (ISC)2 certifications (April 2017)
Reason #2 CISSP requires verification for five-years of cybersecurity-related work to certify, plus an endorsement, otherwise test takers become an “associate”
Reason #3 CASP assesses cybersecurity skills when the student sits for the exam; no proof of IT experience required because the hands-on skills are verified immediately at the testing center
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of (ISC)2
52
Reason #4 CASP is more cost-effective to assess entry-level cybersecurity skills
(USD $320 vs $599 retail)
Reason #5 The CompTIA continuing education program is far more simple, yet just as thorough as (ISC)2
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 54
Where does CISM fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CASP and ISACA Certified Information Security Manager (CISM)
55
Feature CompTIA CASP ISACA CISMCertifying
organization
CompTIA (nonprofit
association)
ISACA (nonprofit association)
Industry recognized
(see description on
first page)
Professional Development
Qualifying Credential
Professional Development
Qualifying Credential
Vendor-neutral Yes Yes
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M IAT III, IAM II, IASAE I & II IAM II & III, CSSP-M
Target audience Cybersecurity practitioners Cybersecurity managers
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CASP and ISACA Certified Information Security Manager (CISM)
56
Feature CompTIA CASP ISACA CISMExam topics Enterprise cybersecurity
architecture, tools and system
resilience
Enterprise cybersecurity
management knowledge
Prerequisites No required prerequisites;
CompTIA Security+
recommended
Requires verification of at least five
years of experience working in the
information security field
Performance-based
questions (PBQs)
Yes No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CASP instead of CISM?
57
Reason #1 It depends on the audience:
• CompTIA CASP is the ideal certification for advanced practitioners of cybersecurity. CASP is intended for those technical professionals who wish to remain immersed in technology as opposed to managing cybersecurity policy and frameworks
• ISACA CISM is a management-focused certification that promotes security practices and recognizes the individuals who manage, design, oversee and assess an enterprise’s information security
Reason #2 CASP goes in-depth into advanced cybersecurity topics and hands-on skills; CISM covers cybersecurity governance, compliance and management
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CASP instead of CISM?
58
Reason #3 CISM is highly respected, yet also quite theoretical. CASP is respected in the industry because it focuses on practical knowledge and security implementation
Reason #4 The CASP exam assesses hands-on skills through performance-based questions (and closed-response questions); the CISM exam has no performance-based questions, only closed-response questions
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of ISACA
59
Reason #1 CompTIA certifications are more widely adopted by the industry: Over 2,000,000 CompTIA certifications have been issued versus approximately 110,000 ISACA certifications
Reason #2 CISM requires verification of at least five years of experience working in the information security field
Reason #3 CASP assesses cybersecurity skills when the student sits for the exam; no proof of IT experience required because the hands-on skills are verified immediately at the testing center
Reason #4 CASP is more cost-effective to assess advanced cybersecurity skills (USD $320 vs $595 retail)
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 61
Where does GCED fit?
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CASP and GIAC Certified Enterprise Defender (GCED)
62
Feature CompTIA CASP GIAC GCEDCertifying
organization
CompTIA (nonprofit
association)
GIAC (Global Information Assurance
Certification) (for-profit
organization)
Industry recognized
(see description on
first page)
Professional Development
Qualifying Credential
Professional Development
Qualifying Credential
Vendor-neutral Yes Yes
ISO/ANSI 17024 and
Continuing
education
Yes Yes
DoD 8570.01-M IAT III, IAM II, IASAE I & II IAT III
Target audience Advanced cybersecurity
practitioners
Advanced cybersecurity
practitioners
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA CASP and GIAC Certified Enterprise Defender (GCED)
63
Feature CompTIA CASP GIAC GCEDExam topics Enterprise defense,
cybersecurity architecture,
tools and system resilience
Enterprise defense
Prerequisites No required prerequisites;
CompTIA Security+
recommended
None, no recommendations
Performance-based
questions (PBQs)
Yes No
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why CASP instead of GCED?
64
Reason #1 GCED covers only enterprise defense; CASP covers enterprise defense, plus cybersecurity architecture, tools and resilience techniques used to predict how the network will react when under attack
Reason #2 The CASP exam assesses hands-on cybersecurity skills through performance-based questions; GCED does not
Reason #3 CASP was developed for the industry in general, but also with a goal to help the United States Department of Defense secure its systems
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Reasons to work with CompTIA instead of GIAC
65
Reason #1 GIAC sells SANS 501 training; CompTIA can guide partners to less expensive training options
Reason #2 CASP is more cost-effective to assess entry-level cybersecurity skills (USD $320 vs $659 retail)
Reason #3 CompTIA certifications are more widely adopted by the industry: Over 2,000,000 CompTIA certifications have been issued versus 96,131 GIAC certifications (July 2017)
Reason #4 SANS training is highly-respected. But CASP training and certification provides hands-on understanding of risk management at less cost, with significant Return on Investment (ROI)