About NetCom Learning

• Founded: 1998• Trained over 90% of the Fortune 500• Serviced over 50,000 professionals• Authorized Vendor Training: over 20 leading technology

vendors– Microsoft, Cisco, CompTIA, PMI, Autodesk, Citrix...

• Custom training solutions at client locations & live online training

• CompTIA Platinum Training Partner• Microsoft Worldwide Partner of the Year• Inc. 5000 Fastest Growing Private Companies in US

www.netcomlearning.com

GoToWebinar Controls

2

v1.1

CASP Certification

What is the “CASP”?

• A technical security certification for the technical “lead” in an enterprise organization

• The focus is on technical, and on enterprise• Vendor neutral• Targets at least 5 years of technical security

experience• Intended for the security professional who loves the

application of security, and who is good enough, and senior enough, to be thinking about the business as a whole, and the security impact of business decisions

4

Identifying the Need for an Advanced Security Certification

5

6

2008 2010 2012

19%

7% 5%

46% 47%

33%35%

47%

62%

Lower Half Priority

Middle Priority

Upper Half Priority

Source: CompTIA’s 8th Annual Information Security Trends study Base: 1,400 IT and business executives responsible for security

Growing Global Importance of Security

7

The Rising Cost of Human Error

59%

41%

Human Error

Technology Error

Cause of security incidents / breaches

50% of respondents believe human error will

increase significantly or moderately as a factor over next two years.

Primary Sources of Human Error:- Failure to comply with

company security policies

- Lack of security expertise

- Lack of security training- Lack of resources

8

Improving the IT Security Workforce

More instructor-led training

More vendor-neutral security training

Having more IT staff complete a security certification

More recognition/financial rewards for IT staff that complete a security certification

More frequent training

More technology-specific training

59%

58%

52%

63%

62%

59%

17%

18%

24%

18%

23%

32% 91%

Net

76%

85%

81%

76%

76%

DefinitelyProbably

Key Findings – Advanced Security

9

Acceptance of the exam depends on Government general acceptance of the new certification and

applicability to 8570.

The advanced security exam should concentrate on new technologies that demand a concentration in

security aspects, such as IPv6, VoIP, and SaaS.

The exam should be part of a vendor certification (as an elective).

The exam should be performance-based.

An advanced level security exam would be good to pursue.

POLLS

10

CASP Development

The Next Step for Technical Security Professionals on the Path to CISSP/Product-Specific Certification.

The First in CompTIA’s Mastery Series of Exams

Primary market: U.SSecondary markets: Germany, Malaysia, Japan

11

Targeted at IA Technical Level III and IA Management Level II of the US

DoD Directive 8570.1-M

Designed for the Technical Security Lead in Large, Multi-location 0rganizations

Target Audience and Job Roles

12

Information Systems Security Engineer

Network Security Engineer

Security Architect

Security Consultant

Security Assessor

Security Manager or Information

Assurance Manager (IAM)

Security Analyst

ISSO, IASO (Information Systems Security Officer/Information Assurance

Security Officer)

Target Audience IT security professionals with a

minimum of 10 years experience in IT administration and at least 5

years of hands-on technical security experience

13

IT Security Job Role Major Responsibilities

Information Systems Security Engineer• Detailed design and build of security programs, systems engineering with a security perspective. • Security systems design. • Interprets security requirements to non-security staff.

Network Security Engineer• Detailed design and build of network security devices, security network programs, network engineering with a security perspective. •Security network design. Interprets network security requirements to non-security staff.

Security Architect•Creates, conceptualizes, and builds security systems to meet business drivers. •Includes application level, network level, and systems level security. •Provides end-to-end traceability between business drivers and security solutions.

Security Consultant •Provides advice and guidance related to interpreting, implementing and complying with security best practices, while addressing complex situations and issues.

Security Assessor •Evaluates compliance and assesses vulnerabilities.

Security Manager or Information Assurance Manager (IAM)

•Decision maker, has overall responsibility for maintaining security in his/her area of responsibility.

Security Analyst • Analyzes security practices, controls and operational security events. Configures and monitors security services.

ISSO, IASO (Information Systems Security Officer, Information Assurance Security

Officer)• Security generalist that performs auditing, security design, provides security advice/consulting, reviews change requests, and addresses operational security.

Job Roles and Responsibilities

CASP Exam Focus

15

Design and Build of Security

Solutions

Why Security

Measures are Taken

Security Impact of Business Decisions

Application rather than Definition

CASP Focus

CompTIA Exam Overview

Exam Coverage Enterprise Security Risk Mgmt, Policy/Procedure and Legal Research & AnalysisIntegration of Computing, Communications, and Business Disciplines

1 Blended ExamMultiple choiceScenario based

Performance based

ANSI/ISO Accreditated in Anticipation of 8570

Approval

16

CASP Knowledge and Skills

• The CASP exam will certify that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.

• The candidate applies critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers

Subjects includeIPV6 and VOIP. Address

SAAS in an objective that includes Security in SLA’s with vendors providing

services.

CASP Exam Information

17

• 1 exam, blended format

Exam Requirement

• Part Number: CAS-001• Number of Questions: Up to 80• Exam Length: 150 minutes

Exam Detail

• 5 years of technical security experience at the enterprise level.

Recommended Experience

• Introductory Price$329 Non-Member.

Price

• English initially

Languages

CASP Objectives

18

Domain Percent of Examination

Enterprise Security 40%

Risk Mgmt, Policy/Procedure and Legal 24%

Research & Analysis 14%

Integration of Computing, Communications, and Business Disciplines

22%

Total 100%

Performance Based Questions

19

•For performance based items, the CASP candidate will be given a scenario/problem, and will be prompted to push a button to launch a simulated environment that is created via software.

•The simulated environment should be familiar to a security professional with the level of experience recommended for the CASP exam.

•Once the simulation is launched, the candidate will need to perform whatever tasks s/he believes appropriate, based on the given scenario and the tools/information that are provided in the question.

Performance- Based Question

Description

Highlights

CASP Discussion Points

20

•The exam will have up to 80 questions. One of several “forms” of the exam is presented to each candidate. The number of questions may vary from one form to the next, up to 80.

•All forms are internally balanced for objective weight and question difficulty, but the number of questions may differ.

•For this reason, a single scaled score for the CASP exam is not workable, and a Pass or Fail score will be awarded.

•All candidates will receive a report showing the objective areas where questions were missed and further study or experience is needed.

Pass Fail Exam

Highlights

CASP certified – as of March 2012

• Global launch of the CASP, with courseware available, on February 21, 2012

• 219 CASP certified professionals (including beta participants)

• Early movers – security professionals from

– U.S. government contractors

• SAIC, Northrop Grumman, General Dynamics, Booz Allen

– U.S. Air Force, Army, Navy, Dept. of Homeland Security

– CenturyLink, Rackspace, Hewlett-Packard, Microsoft, IBM

21

CASP Testimonial

22

CASP learning

23

Printed courseware for Instructor and Student

CompTIA Platinum Training Partner

Authorized CASP Certification Training

• ComTIA Advanced Security Practitioner (CASP)– 5 days certification training– Books included– Testing center in the training facility– CompTIA Certified Instructors

• Class Dates– May 14th New York City (LOT compatible)– May 21st Las Vegas (LOT or Travel Package)– July 9th New York (LOT compatible)

24

World Innovation ForumNew York 2012

World Innovation Forum 2012 (www.netcomlearning.com/wif)

• June 20th – June 21st 2012, New York City Center• 11 world renowned experts and practitioners

www.netcomlearning.com

Q & A

26

v1.3

CASP Certification

For more information contact:

comptia@netcomlearning.com

www.netcomlearning.com