I posted this ALREADY,BUT this MAY help here too/MAYBE SOMEONE could shine a light on SOME of this/break this down/separate things/put ALL of this, in different compartments, BUT I'm going to be honest, from my experience, it ALL goes together/ I don't have the luxury/I kind of don't want it either,BUT I don't have multiple departments to consult/like I said,even if I did,I wouldn't want to have to waste time asking people how to figure something out,so you NEED to know ALL of this/it ALL goes together. I don't know what people mean when they say IT anymore. Is that the A+, does that include, the Network+,as well,have they gone as far as the Security+/CEH,does IT require/mean SOME computer Science/programing now days? Back in the day, that would mean the A+ and MAYBE the Network+/MAYBE/an even bigger maybe, the Security+,BUT now days, more is required,so I don't really know what IT means anymore/for an example, I have my A+,Linux+,Network+,RHCE,CCNA,Security+,PenTest+,CEH,CySA+,CASP+,CCISO, CISSP,BUT I ALSO know JavaScript/jQuery,HTML,CSS,PHP,Python,Java,C,C++ and other programing languages. Does that mean I'm in IT, Cyber Security, Computer Science OR electronics/Robotics, because I also do that as well? TECHNICALLY its ALL IT. I maintain servers/ traffic/approve and autotomize Network Traffic, but I also handle, patches/security patches,Pen Testing/patching/upgrading/adjusting server settings/BASICALLY EVERYTHING,BUT I don't maintain hardware,right now,I can and have,but I just remote access servers/computers/hardware currently. I would ASSUME EVENTUALLY, once you get past a certain cert/level of experience, then you graduate to Security,BUT I think IT means/COULD/SHOULD mean more than it used to/that could be the A+ side of thing,BUT ALSO high levels of Networking,THEN security. When people say IT, I don't know EXACTLY what they mean anymore/they could be someone that works at Bestbuy/the GeekSquad,I guess technician levels, COULD help with this,BUT IT just seems like a vague statement now days. I think the main dilemma I'm having with this, is when I started,what I do now,was like 4 different majors/bachelor degrees,were STILL kind of there/to get computer science and robotics/electronics into the equation/I also know how to solder and I deal with electronics/components/electrical type things as well, you NEED a few different bachelor degrees for this/some of the info you learn transfers over, to each field, but they all require a few extra classes as well, a bachelors degree in Cyber Security,gets you a long way/eliminates a LOT,BUT you also need electronics/MAYBE computer Science,IF thats not included,which it MAY be,to what extent, I don't know, along with robotics, also a lot more math is needed, than people realize/you need Statistics/R programing CAN kind of go into that/give you a way to really apply statistics, to what your doing, also,Algorithms,Algebra,Calculus,Probability,Geometry and so on and you can't just go with computer engineering, because that, from what I've seen,pertains to hardware and software engineering, which doesn't get you all the way there either. Anyway I just think now days IT can mean a LOT.

Yep absolutely agree and thank you for sharing!

As a CISSP holder, I'm somewhat intrigued to take the CASP+

@@jdhan3349 you could just take it now then I imagine if you already have your cissp

Like a lot of certifications, the situation can determine which one you choose.

I posted this ALREADY,BUT this MAY help here too; I don't know what people mean when they say IT anymore. Is that the A+, does that include, the Network+,as well,have they gone as far as the Security+/CEH,does IT require/mean SOME computer Science/programing now days? Back in the day, that would mean the A+ and MAYBE the Network+/MAYBE/an even bigger maybe, the Security+,BUT now days, more is required,so I don't really know what IT means anymore/for an example, I have my A+,Linux+,Network+,RHCE,CCNA,Security+,PenTest+,CEH,CySA+,CASP+,CCISO, CISSP,BUT I ALSO know JavaScript/jQuery,HTML,CSS,PHP,Python,Java,C,C++ and other programing languages. Does that mean I'm in IT, Cyber Security, Computer Science OR electronics/Robotics, because I also do that as well? TECHNICALLY its ALL IT. I maintain servers/ traffic/approve and autotomize Network Traffic, but I also handle, patches/security patches,Pen Testing/patching/upgrading/adjusting server settings/BASICALLY EVERYTHING,BUT I don't maintain hardware,right now,I can and have,but I just remote access servers/computers/hardware currently. I would ASSUME EVENTUALLY, once you get past a certain cert/level of experience, then you graduate to Security,BUT I think IT means/COULD/SHOULD mean more than it used to/that could be the A+ side of thing,BUT ALSO high levels of Networking,THEN security. When people say IT, I don't know EXACTLY what they mean anymore/they could be someone that works at Bestbuy/the GeekSquad,I guess technician levels, COULD help with this,BUT IT just seems like a vague statement now days. I think the main dilemma I'm having with this, is when I started,what I do now,was like 4 different majors/bachelor degrees,were STILL kind of there/to get computer science and robotics/electronics into the equation/I also know how to solder and I deal with electronics/components/electrical type things as well, you NEED a few different bachelor degrees for this/some of the info you learn transfers over, to each field, but they all require a few extra classes as well, a bachelors degree in Cyber Security,gets you a long way/eliminates a LOT,BUT you also need electronics/MAYBE computer Science,IF thats not included,which it MAY be,to what extent, I don't know, along with robotics, also a lot more math is needed, than people realize/you need Statistics/R programing CAN kind of go into that/give you a way to really apply statistics, to what your doing, also,Algorithms,Algebra,Calculus,Probability,Geometry and so on and you can't just go with computer engineering, because that, from what I've seen,pertains to hardware and software engineering, which doesn't get you all the way there either. Anyway I just think now days IT can mean a LOT.

Please explain

I'm glad that I could help provide you the information that you needed!

Awesome! The CISSP is especially useful in that environment.

I don't know what people mean when they say IT anymore. Is that the A+, does that include, the Network+,as well,have they gone as far as the Security+/CEH,does IT require/mean SOME computer Science/programing now days? Back in the day, that would mean the A+ and MAYBE the Network+/MAYBE/an even bigger maybe, the Security+,BUT now days, more is required,so I don't really know what IT means anymore/for an example, I have my A+,Linux+,Network+,RHCE,CCNA,Security+,PenTest+,CEH,CySA+,CASP+,CCISO, CISSP,BUT I ALSO know JavaScript/jQuery,HTML,CSS,PHP,Python,Java,C,C++ and other programing languages. Does that mean I'm in IT, Cyber Security, Computer Science OR electronics/Robotics, because I also do that as well? TECHNICALLY its ALL IT. I maintain servers/ traffic/approve and autotomize Network Traffic, but I also handle, patches/security patches,Pen Testing/patching/upgrading/adjusting server settings/BASICALLY EVERYTHING,BUT I don't maintain hardware,right now,I can and have,but I just remote access servers/computers/hardware currently. I would ASSUME EVENTUALLY, once you get past a certain cert/level of experience, then you graduate to Security,BUT I think IT means/COULD/SHOULD mean more than it used to/that could be the A+ side of thing,BUT ALSO high levels of Networking,THEN security. When people say IT, I don't know EXACTLY what they mean anymore/they could be someone that works at Bestbuy/the GeekSquad,I guess technician levels, COULD help with this,BUT IT just seems like a vague statement now days. I think the main dilemma I'm having with this, is when I started,what I do now,was like 4 different majors/bachelor degrees,were STILL kind of there/to get computer science and robotics/electronics into the equation/I also know how to solder and I deal with electronics/components/electrical type things as well, you NEED a few different bachelor degrees for this/some of the info you learn transfers over, to each field, but they all require a few extra classes as well, a bachelors degree in Cyber Security,gets you a long way/eliminates a LOT,BUT you also need electronics/MAYBE computer Science,IF thats not included,which it MAY be,to what extent, I don't know, along with robotics, also a lot more math is needed, than people realize/you need Statistics/R programing CAN kind of go into that/give you a way to really apply statistics, to what your doing, also,Algorithms,Algebra,Calculus,Probability,Geometry and so on and you can't just go with computer engineering, because that, from what I've seen,pertains to hardware and software engineering, which doesn't get you all the way there either. Anyway I just think now days IT can mean a LOT.

@@JonGoodCyber do you need pentesting certs before getting casp and cissp or could you get security+ and go for the cissp and casp right after the security+

@@JonGoodCyber that's dumb saying you need experience. Recommending it is one thing. Some people learn faster. If someone can pass it with no job experience then they should be given a cert. I'm kinda against the cissp for that reason. If they learned the knowledge then they deserve it. Fair is fair. That's the point of certs compared to college. If someone can learn it faster then they get it faster.

@@mattmatt2417 dude not commenting on your IT rant(maybe you are having a rough day) but that aside, the amount of skill and knowledge you possess is kind of enviable, i am also trying my hand on every technology i can get my hands on ,though i am only tapping the software and slight computer hardware realm, but with time i am gonna go hardcore into robotics and stuff, though the main challenge for me is that i kinda skipped the electricity classes at my high school so i have little to no idea about capacitors, inductors, transformers, how to connect on bread boards, how to design circuits and all.....that was just some of my ranting, if you would reply with some resources/playlist links or just some advice in general, it would be fecking sweeeeeeet. well anyways, good day to you :D

You're welcome!

Glad it was helpful!

You're welcome!

You'll have to compare the actual work that you've done to the CISSP domains and see if what you've done fits. If something feels like a stretch then it very well could be and you will want to ask ISC2 for an official ruling. With all that being said, if you have at least 3+ years of experience that easily matches then it shouldn't matter much by the time you study and pass the exam because you'll be close or past the requirement anyways.

Honestly, the difficulty of the material between the two isn't that significant, which is why it wasn't a factor. The reason the CISSP is considered more difficult is because it covers a lot more information where if you at least have experience in an area then you can fall back to that instead of just forgetting the information altogether. My path took my to the CISSP quicker than most so the CASP+ wouldn't have been as impactful. I was also being strategic using the DoD 8570 but that's a story for another time.

The cyber security career field is all about learning and every certification will give you a little more knowledge. Don't think of the CASP or the CISSP as the end of the road, however the more knowledge you pick up along the way, the easier it will be to get the more advanced certifications.

I posted this ALREADY,BUT this MAY help here too; I don't know what people mean when they say IT anymore. Is that the A+, does that include, the Network+,as well,have they gone as far as the Security+/CEH,does IT require/mean SOME computer Science/programing now days? Back in the day, that would mean the A+ and MAYBE the Network+/MAYBE/an even bigger maybe, the Security+,BUT now days, more is required,so I don't really know what IT means anymore/for an example, I have my A+,Linux+,Network+,RHCE,CCNA,Security+,PenTest+,CEH,CySA+,CASP+,CCISO, CISSP,BUT I ALSO know JavaScript/jQuery,HTML,CSS,PHP,Python,Java,C,C++ and other programing languages. Does that mean I'm in IT, Cyber Security, Computer Science OR electronics/Robotics, because I also do that as well? TECHNICALLY its ALL IT. I maintain servers/ traffic/approve and autotomize Network Traffic, but I also handle, patches/security patches,Pen Testing/patching/upgrading/adjusting server settings/BASICALLY EVERYTHING,BUT I don't maintain hardware,right now,I can and have,but I just remote access servers/computers/hardware currently. I would ASSUME EVENTUALLY, once you get past a certain cert/level of experience, then you graduate to Security,BUT I think IT means/COULD/SHOULD mean more than it used to/that could be the A+ side of thing,BUT ALSO high levels of Networking,THEN security. When people say IT, I don't know EXACTLY what they mean anymore/they could be someone that works at Bestbuy/the GeekSquad,I guess technician levels, COULD help with this,BUT IT just seems like a vague statement now days. I think the main dilemma I'm having with this, is when I started,what I do now,was like 4 different majors/bachelor degrees,were STILL kind of there/to get computer science and robotics/electronics into the equation/I also know how to solder and I deal with electronics/components/electrical type things as well, you NEED a few different bachelor degrees for this/some of the info you learn transfers over, to each field, but they all require a few extra classes as well, a bachelors degree in Cyber Security,gets you a long way/eliminates a LOT,BUT you also need electronics/MAYBE computer Science,IF thats not included,which it MAY be,to what extent, I don't know, along with robotics, also a lot more math is needed, than people realize/you need Statistics/R programing CAN kind of go into that/give you a way to really apply statistics, to what your doing, also,Algorithms,Algebra,Calculus,Probability,Geometry and so on and you can't just go with computer engineering, because that, from what I've seen,pertains to hardware and software engineering, which doesn't get you all the way there either. Anyway I just think now days IT can mean a LOT.

ISACA certifications are very well known especially the CISM and CISA. Typically you will see ISACA certification holders in similar roles to ISC2 such as management level and the material tends to be non-technical. I personally am a CISA holder.

The CASP+ should not be your very first certification as it will be more advanced and technical than you're ready for if you have no prior experience. I recommend checking out my free eBook ( jongood.com/getstarted/ ) where I provide a roadmap to follow. Also I have a video ( kzbin.info/www/bejne/fX-5c5Z9r86Gb6s ) giving my opinion on taking the CISSP before having the required experience that's worth a watch.

Which kind of jobs are you interested in? There isn't a path that is set in stone for everybody to follow so it depends on what you are interested in doing.

@@JonGoodCyber I want to focus on the technical side of security. That is why I am looking at the CASP+. But the prestige and recognition of the cert doesn't seem worth it in my opinion.

To be completely honest, recognition for blue team (defensive and technical) certifications hasn't been that great historically across the board outside of GIAC certifications. Have you looked at Security Blue Team ( securityblue.team/ )? eLearnSecurity also has some good certifications too ( elearnsecurity.com/ ) and you could also go after cloud certifications like AWS that have security specialties. Of course if you are interested in penetration testing / ethical hacking then there are several other options but you mentioned CASP+ so I'm assuming you are interested in defense. Specifically what areas of the technical side are you interested in or are you just looking for general technical abilities? I just dropped a video on the top certifications for 2022 so that might be a good place to start ( kzbin.info/www/bejne/hZOmo6GwpbiAj6M ).

@@JonGoodCyber Thank you very much Jon for your quick response. I am currently studying for AWS Certified Cloud Practitioner and I might do the security specialty after that.

Awesome and good luck!

You can find my latest study resource recommendations for the CASP+ on my website ( www.jongood.com/resources/certifications/comptia/caspplus/ ).

Awesome...are you starting to study soon or is that more of a goal?

Thanks for sharing! Are you going for the CASP+ at the request of an employer or is that a decision you made?

If you're already working towards the CISSP, I would probably just keep going that path. Long term, nearly all cybersecurity professionals should try to obtain the CISSP because when you get to say 15 to 20 years of experience, it looks a little strange if you don't have it.

You are partially correct in that you can take the exam without meeting the experience requirement, however if you pass they will grant you the title of "Associate of (ISC)2" with no distinction of the CISSP. In fact, (ISC)2 over the years has said you should not mention the CISSP if you are not fully endorsed and certified. In most situations there are far better uses of your time than going for the CISSP if you don't meet the experience requirement because you won't get any of the benefits until you have the certification in-hand.

I'm glad that you enjoyed the content! Sorry about that but fortunately I say the important information and of course you can always reference the actual websites too. Newer videos do not have the same issue.

@@JonGoodCyber Yes you really added a lot of important information , yes i will follow you on all your websites thank you so much for you kind help

It still has value and will for some time, however most companies don't need a ton of CCIEs on staff. One thing with network security is that it typically falls under the IT department in most companies so you'll likely have a different experience than somebody who goes into more of the cyber-based areas (security operations, penetration testing, GRC, etc.). Also the CCIE and network security are a very mature area, so if you are looking to rise in the ranks quickly...that's not the place to do it.

Thanks for sharing!

Check out my Getting Started page ( www.jongood.com/getstarted/ ) to start you off right!

@@JonGoodCyber can you tell me here bro

I have plenty of videos published that go into a lot of detail including roadmap videos ( kzbin.info/www/bejne/pJe4poJua7uIoM0 ). I would highly encourage checking the resources too.

That's awesome but remember that certifications are only part of the equation and always keep learning!

Awesome and thank you for sharing! Which topics did you find the most challenging?

@@JonGoodCyber yes for me it was cryptography and risk management. The way the questions were worded tripped me up. Also each question seemed Ike reading a mimi paragraph.

Longer questions can definitely be difficult on any exam because they tend to add information that distracts from the actual answer. Thank you for sharing!

@@JonGoodCyber EXACTLY. I utilized the entire exam time. Full disclosure I didn't pass the first time, but passed second time. There was one PBQ (red hat server)that I wasn't prepared for, but after a bit of time was able to figure it out. Funny thing is I just recently got my RHCSA cert given that I suspected CASP+ candidates needed to have some good knowledge on red hat OS based on that PBQ. I also recently renewed it 3 months ago. Definitely don't want to take that exam again. To brutal.

The good news is that you stuck with it and passed! It's very easy to get discouraged if you fail but the key is to stay persistent with most things in this career field, not just certifications.

First thing to do is grab a free copy of my eBook ( www.jongood.com/getting-started/ ) where I go into a lot of detail about an ideal path and if you choose a degree, which types of degree programs exist.

@@JonGoodCyber There is no option to create a new account on your website, after submitting some process is not happening please help

The only way to create an account is at checkout when signing up for a membership. The membership is the only reason that you would need an account.

@@JonGoodCyber Brother did not understand anything, please help me, I have to read the book please

If you have specific questions feel free to ask them here or the Discord server ( www.jongood.com/discord ) is another great place to interact and ask specific questions. There is a lot of great resources on my Getting Started page though so make sure you check there first. I'm guessing you are talking about the eBook, which is linked on the Getting Started page and can be accessed once you submit your email address on the page.

Not really because that would essentially be like taking a step backwards.

Awesome!

Certainly you can take whichever certifications that you want but Cyber Security isn't a game of quantity as some trainings or paths will have a greater return on investment than others depending on your objectives.

@@JonGoodCyber I agree with you. Your video provides a great explanation and makes a great case for taking either one. I just happen to see them both as part of a progression in my career journey, with the CISSP as the final step in my chosen certification path. Thanks for the reply!

It's usually pretty obvious and unfortunate when somebody used a brain dump.

Nice and good luck!

(ISC)2 historically has the most security around their exams so even though it's possible for brain dumps to exist, I think it's a lot less likely than many other certifications and I've taken a bunch. One misconception with the CISSP is that people who pass it should be "experts" or they should know all the deep technical information but at the end of the day, that's just not the case. I expect that somebody who's passed the CISSP has a high-level understanding of domains but most importantly, they have experienced enough fires to know how to think things through and make management-level decisions. I'm a huge fan of SANS certifications in general but because of the cost, you'll never see that as the primary certification in DOD requirements because it would exclude to many candidates who in a lot of cases are more than qualified. Frankly the GSLC is closer aligned to the CISM than it is the CISSP because it covers a lot about managing the program versus the technical aspects. I think that having both is useful because the CISSP at least shows you have a baseline understanding of the technical information and then the GSLC or CISM show you know about actually running the programmatic aspects of Cyber Security. No certification is perfect and I can pick out pros and cons on every certification but as long as you have managers who are getting educated, that's what matters.

@@JonGoodCyber fair points. My experience with the CISSP duds, I'd asked each of them how they passed their CISSP certification, each replied that it was from a brain dump (or two). It's strange to me that so many CISSP holders, who have to be in the industry for 5+ years to qualify for the test are so weak on the technical arenas. Granted, I'm only interviewing people that are looking for technical positions, so I'm specifically looking for those skills, not the managerial aspects from the cert. Generally, I'm not a fan of certifications that can be obtained by rote memorization (largely because I suck at that), preferring tests that check to see if you understand the concepts. CEH is the most egregious of those (IMO), but since it also fits in so many blocks it's another one that's overly hyped (again, my opinion). I fully agree the SANS GIAC certs are priced outside of reasonableness (way outside of corporate edication reimbursement range), but when those certs are on someone's resume, I know that they know what's what.

I don't know the questions that you asked specifically but the reality is that as you branch into management you start to get further away from the technology and that's who the CISSP is really targeting. There's also a lot of non-technical positions where it's not surprising that somebody in the field for 5+ years might not be the strongest in certain aspects yet they can be an effective contributor to the larger program. I think it would be great if we can get more practical certifications in our industry. I think for certifications like the CISSP it would be difficult since there's so many variables to consider and those types of positions rely much more on experience in general, but the technical certifications should definitely all start to use practical assessments when possible. The CEH is an example of the early stages of these certifications and it's too bad they didn't evolve sooner because I think they've lost ground in an area where they held a monopoly for a long time. Yep...I love GIAC certifications and SANS training...and going in-person is an awesome networking opportunity. I personally have GSEC, GCIH, and GWAPT.

You have a point however SANs arent practical in terms of the price. Most companies arent paying for them.

Awesome and good luck!

Taking certifications for the sake of taking them isn't the most efficient or effective strategy for many reasons. Is it going to hurt you? Probably not, but if somebody is going to take both of them and not worry about it, then they probably aren't watching this video needing to make a decision. Regarding the cost for the two exams, assuming you pass the first time, you're talking about $1,250, so it's certainly not inexpensive, but everybody's situation is different. Also, why did you stop at "F" instead of going through "Z"?

The CASP+ definitely has value. Thank you for viewing!

There are pros and cons to each where there is never an "always do this" answer, which makes it very situationally dependent. With that being said, if you plan to go into management at some point, then the CISSP must be on your roadmap.