Get Started

SecurityX

SecurityX is an advanced cybersecurity certification for security architects and senior security engineers. It proves you have the skills to design, build, and implement secure solutions across complex environments. You’ll also show you can support a resilient enterprise while addressing governance, risk, and compliance needs.

Skills you'll learn

Design, implement, and integrate secure solutions across complex environments to support a resilient enterprise in security architecture and engineering.

Use automation, monitoring, detection, and incident response to proactively support ongoing security operations.

Apply security practices to cloud, on-premises, and hybrid environments to ensure enterprise-wide protection.

Utilize cryptographic technologies and techniques while evaluating the impact of emerging trends, such as artificial intelligence, on information security.

Implement governance, compliance, risk management, and threat modeling strategies across the enterprise.

Validate advanced, hands-on skills in security architecture and senior security engineering within live environments.

Exam Details

Exam version: V5

Exam series code: CAS-005

Launch date: December 17, 2024

Number of questions: maximum of 90, a mix of multiple-choice and performance-based questions

Retirement: usually three years after launch (estimated 2027)

Duration: maximum of 165 minutes

Passing score: pass/fail only; no scaled score

Languages: English, with other languages to be determined

Recommended experience: minimum of 10 years of general hands-on IT experience, including 5 years of hands-on security, with Network+, Security+, CySA+, Cloud+, and PenTest+ or equivalent knowledge

NICE and DoD 8140 work roles: security architect, systems requirements planner, security control assessor, research and development specialist, and more

SecurityX (V5) exam objectives summary

  • Security program documentationpolicies, procedures, standards, and guidelines.
  • Program managementtraining (phishing, security, privacy), communication, reporting, and RACI matrix.
  • FrameworksCOBIT, ITIL, etc.
  • Configuration managementasset life cycle, CMDB, and inventory.
  • GRC tools: mapping, automation, and compliance tracking.
  • Data governanceproduction, development, testing, and QA.
  • Risk managementimpact analysis, risk assessment (quantitative vs. qualitative), third-party risk, confidentiality, integrity, and availability.
  • Threat modelingactor characteristics, attack patterns, and frameworks (ATT&CK, CAPEC, STRIDE).
  • Attack surfacearchitecture reviews, data flows, and trust boundaries.
  • Compliance strategies: industry-specific standards (PCI DSS, ISO/IEC 27000).
  • Security frameworks: NIST, CSF, CSA, and others.

  • Cloud capabilitiesCASB (API-based, proxy-based), shadow IT detection, shared responsibility model, CI/CD pipeline, Terraform, Ansible, container security, orchestration, and serverless workloads.
  • Cloud data securitydata exposure, leakage, remanence, insecure storage, and encryption keys.
  • Cloud control strategiesproactive, detective, and preventative controls; customer-to-cloud connectivity, service integration, and continuous authorization.
  • Network architecturesegmentation, microsegmentation, VPN, always-on VPN, and API integration.
  • Security boundariesasset identification, management, attestation, data perimeters, and secure zones.
  • DeperimeterizationSASE, SD-WAN, and software-defined networking.
  • Zero trust conceptsdefining subject-object relationships.

  • Automationscripting (PowerShell, Bash, Python), event triggers, IaC, cloud APIs, generative AI, containerization, patching, SOAR, and workflow automation.
  • Vulnerability management: scanning, reporting, and SCAP (OVAL, XCCDF, CPE, CVE, CVSS).
  • Advanced cryptographyPQC, key stretching, homomorphic encryption, forward secrecy, and hardware acceleration.
  • Cryptographic use casesdata at rest, in transit, and in use; secure email, blockchain, privacy, compliance, and certificate-based authentication.
  • Cryptographic techniquestokenization, code signing, cryptographic erase, digital signatures, hashing, and symmetric/asymmetric cryptography.

  • Monitoring and data analysisSIEM (event parsing, retention, false positives/negatives), aggregate analysis (correlation, prioritization, trends), and behavior baselines (network, systems, users).
  • Vulnerabilities and attack surface: injection, XSS, insecure configurations, outdated software, and weak ciphers; mitigations include input validation, patching, encryption, and defense-in-depth.
  • Threat hunting:  internal intelligence (honeypots, UBA), external intelligence (OSINT, dark web, ISACs), TIPs, IoC sharing (STIX, TAXII), and rule-based languages (Sigma, YARA, Snort).
  • Incident response: malware analysis (sandboxing, IoC extraction, code stylometry), reverse engineering, metadata analysis, data recovery, and root cause analysis.

Contact Us For More Enquiries

Ready to take the next step? Fill out the form below to get started, and our team will reach out to guide you through the enrollment process. We’re excited to help you begin your journey!

Contact Us Form
Shopping Basket