Skip to main content

V5

SecurityX

SecurityX is an advanced cybersecurity certification for security architects and senior security engineers. It proves you have the skills to design, build, and implement secure solutions across complex environments. You’ll also show you can support a resilient enterprise while addressing governance, risk, and compliance needs.

Xpert SecurityX Certification

SecurityX (V5) exam objectives

Governance, risk, and compliance (20%)

  • Security program documentation: policies, procedures, standards, and guidelines.
  • Program managementtraining (phishing, security, privacy), communication, reporting, and RACI matrix.
  • Frameworks: COBIT, ITIL, etc.
  • Configuration management: asset life cycle, CMDB, and inventory.
  • GRC tools: mapping, automation, and compliance tracking.
  • Data governance: production, development, testing, and QA.
  • Risk management: impact analysis, risk assessment (quantitative vs. qualitative), third-party risk, confidentiality, integrity, and availability.
  • Threat modeling: actor characteristics, attack patterns, and frameworks (ATT&CK, CAPEC, STRIDE).
  • Attack surface: architecture reviews, data flows, and trust boundaries.
  • Compliance strategies: industry-specific standards (PCI DSS, ISO/IEC 27000).
  • Security frameworks: NIST, CSF, CSA, and others.

Security architecture (27%)

  • Cloud capabilities: CASB (API-based, proxy-based), shadow IT detection, shared responsibility model, CI/CD pipeline, Terraform, Ansible, container security, orchestration, and serverless workloads.
  • Cloud data security: data exposure, leakage, remanence, insecure storage, and encryption keys.
  • Cloud control strategies: proactive, detective, and preventative controls; customer-to-cloud connectivity, service integration, and continuous authorization.
  • Network architecture: segmentation, microsegmentation, VPN, always-on VPN, and API integration.
  • Security boundaries: asset identification, management, attestation, data perimeters, and secure zones.
  • Deperimeterization: SASE, SD-WAN, and software-defined networking.
  • Zero trust concepts: defining subject-object relationships.

Security engineering (31%)

  • Automation: scripting (PowerShell, Bash, Python), event triggers, IaC, cloud APIs, generative AI, containerization, patching, SOAR, and workflow automation.
  • Vulnerability management: scanning, reporting, and SCAP (OVAL, XCCDF, CPE, CVE, CVSS).
  • Advanced cryptography: PQC, key stretching, homomorphic encryption, forward secrecy, and hardware acceleration.
  • Cryptographic use cases: data at rest, in transit, and in use; secure email, blockchain, privacy, compliance, and certificate-based authentication.
  • Cryptographic techniques: tokenization, code signing, cryptographic erase, digital signatures, hashing, and symmetric/asymmetric cryptography.

Security operations (22%)

  • Monitoring and data analysis: SIEM (event parsing, retention, false positives/negatives), aggregate analysis (correlation, prioritization, trends), and behavior baselines (network, systems, users).
  • Vulnerabilities and attack surface: injection, XSS, insecure configurations, outdated software, and weak ciphers; mitigations include input validation, patching, encryption, and defense-in-depth.
  • Threat hunting:  internal intelligence (honeypots, UBA), external intelligence (OSINT, dark web, ISACs), TIPs, IoC sharing (STIX, TAXII), and rule-based languages (Sigma, YARA, Snort).
  • Incident response: malware analysis (sandboxing, IoC extraction, code stylometry), reverse engineering, metadata analysis, data recovery, and root cause analysis.

Exam details

  • Exam version: V5

  • Exam series code: CAS-005

  • Launch date: December 17, 2024

  • Number of questions: maximum of 90 questions

  • Types of questions: multiple-choice and performance-based

  • Duration: maximum of 165 minutes

  • Passing score: pass/fail only; no scaled score

  • Languages: English, with other languages to be determined

  • Recommended experience: minimum of 10 years of general hands-on IT experience, including 5 years of hands-on security, with Network+, Security+, CySA+, Cloud+, and PenTest+ or equivalent knowledge

  • NICE and DoD 8140 work roles: security architect, systems requirements planner, security control assessor, research and development specialist, and more

Skills learned

  • Design, implement, and integrate secure solutions across complex environments to support a resilient enterprise in security architecture and engineering.

  • Use automation, monitoring, detection, and incident response to proactively support ongoing security operations.

  • Apply security practices to cloud, on-premises, and hybrid environments to ensure enterprise-wide protection.

  • Utilize cryptographic technologies and techniques while evaluating the impact of emerging trends, such as artificial intelligence, on information security.

  • Implement governance, compliance, risk management, and threat modeling strategies across the enterprise.

  • Validate advanced, hands-on skills in security architecture and senior security engineering within live environments.

Stay informed

Advance with confidence

Get updates, insights, and exclusive offers to support your learning journey and career growth.