Journey of a CASP+

Part 1: Pursuing the CompTIA CASP+ Certification

As the ball dropped on New Year’s Eve to signify our entry into 2024, I, as well as several billion other people, felt the promise and comfort of a clean slate. After the well wishes, champagne cheers, and The Honeymooners reruns, I took a few moments to sit down and write out what I wanted this new calendar year to be about. And while the story lines we started in 2023 do not just suddenly stop at 11:59PM, 12/31/2023, deciding on a theme or series of goals can be invigorating.

Looking back over the past few years since COVID, I could see general themes for each since moving cross-country. For me, 2020 was a “New Beginning” in a new state with the goal of finishing a degree in my new chosen career field. Getting my first true IT job in 2021 was “My Chance” at catching up on life. I was fortunate in that my first job exposed me to a wide variety of roles and responsibilities that traditional Level 1 Help Desk is typically never exposed to. And so 2022 was dedicated to “Growing” into those roles and responsibilities. That desire to grow led to last year being a year of “Advancement”, with 2023 seeing the attainment of my CCNA and Azure Administrator certifications and being given the opportunity to build out solutions both on premises and in the cloud.

So, what is the theme for 2024? I think it is going to be about “Confidence”; about overcoming the (sometimes) subtle fears born from Imposter Syndrome and feeling knowledgeable and competent enough to begin to lead and take point on increasingly complex projects. With this theme in mind I felt there was no better way to start the year than by attaining the CASP+, a certification that had been a long term goal of mine since passing the Network+.

The Pursuit Begins

After deciding on the CASP+ as my first goal of 2024, I decided to give myself a personal challenge to take advantage of the rush I felt going into the new year: get the CASP in one month. So immediately I began researching the best textbooks, courses, videos, etc. to help me pass the exam and I settled on three pieces of material:

1. Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide. Birmingham: Packt Publishing Ltd., 2022.
2. Tanner, Nadean H., and Jeff T. Parker. CompTIA CASP+ Study Guide. 4th ed. Hoboken, New Jersey: John Wiley & Sosn, Inc., 2023.
3. Jason Dion’s “CASP+ (CAS-004) Complete Course & Full-Length Practice Exam” on Udemy.com

My plan was simple math: one week per resource for the first three weeks and practice exams and gap study the final week leading up to the exam. Of course, putting this plan into practice was easier said than done as life would very often get in the way. Yet, I found myself blazing through the first book by Birch due to the structure, pacing, and presentation allowing the information to be easily digestible. Surprisingly, I finished on schedule, with me beginning my read-through of the second text by Tanner & Parker that first Sunday.

Sadly, it was pretty difficult maintaining that same tempo with the second book. This is personal preference of course but I found the wide variation in chapter size (some only 30–40 pages whereas others were over 100 pages) made it harder to divvy my time and concentration effectively. Additionally, I noticed multiple sections throughout the text that were copy-pasted from prior chapters with no real benefit. All-in-all, I found the Birch textbook to be the better of the two but personal mileage may vary.

By the time I was ready to move onto Jason Dion’s course, I had a little over a week to dedicate to the videos before buckling down the week-of. I have used Jason Dion’s courses for several other certifications and have only good things to say. Watching an hour or two of his videos to add an additional layer of context to my notes flew by and I was back on schedule for the final week of practice exams and gap-filling.

The last few days had my off-hours dedicated to taking all of the practice exams in both textbooks, Dion’s course, and an additional six-pack of exams from Dion that are also available through Udemy.com, until I could consistently average in the mid to high 80’s. Even though this was technically “failing” the exam, I believe Dion set the pass rate at 90% to be safe since the actual exam is Pass/Fail and the true threshold for passing isn’t known for certain.

The Moment of Truth — Exam Day

Personally, I always preferred taking my exams in a testing center. There is one reasonably close, and I only have to worry about showing up on time. After going through the check-in process and being seated, I jumped right into the test. The Performance-based Questions (PBQs) were surprisingly more hands-on than previous CompTIA exams, but if you’re comfortable with the CLI and various commands for Windows and Linux alike, you should be able to apply the lessons learned in the CASP+ course material to accomplish the tasks set in the PBQs.

The bulk of the exam is multiple choice, given a scenario and you have to choose the best answer. Shocking, I know. But constant reiteration of the CASP+ material will help you parse out the obvious-wrongs, and give you a gut feeling as to the correct answer. I would say this: think big picture and order of operations. Some solutions sound perfect in a vacuum, but if you give it a moment and consider what needs to come before it, or whether it truly fits the needs of an organization, you’ll find yourself changing answers in no time.

With all that being said, don’t fall victim to paralysis from analysis. If a few moments of using your CASP+ brain is causing more agony than clarity, mark the question for review and go back later for another look. After submitting my final question and the demographic information, I walked back to the check-out counter unsure of the outcome. The proctor even handed me my result paper face-down — not the most encouraging sign. And yet, I flipped the page over to see “Pass” and I was ecstatic, running on that post-exam high for the weekend.

So You Passed, Now What?

Finally, we have arrived at the core point of this writing. While I have taken the opportunity to indulge in a little self-congratulations, the main reason why I’ve begun writing this series is because after the high wore off I found myself thinking this sections title. I’ve attained the CASP+, a goal I set back in 2020, and can now append the badge to my resume and email signature. Great! But what else? It’s not the only certification I have, nor am I the only one to have it, and neither am I the only one in IT with a colorful collection of badges trailing behind my name. Far from it.

Attaining a certification in something is only as meaningful as the use you get from it, otherwise it is just a piece of paper, a set of pixels, a decorative title. With that philosophy in mind, I’ve set out to document via this series my personal and professional journey to develop the skills and experience I believe that makes a CASP+ practitioner. This series will be both a way to keep myself accountable for continuing to develop personally, and hopefully help others looking to pursue a career in the advanced security and GRC fields.

The next part of this series will be an overview of the CASP+ practitioner (roles, responsibilities, skills, etc.) and how it can bring value to an MSP/MSSP.