The CompTIA Cybersecurity Analyst or CySA+ is a mid-level certificate that justifies a candidate’s expertise in combating security threats using security monitoring strategies. This is one of the best intermediate-level validations that combine performance-based, multiple-choice, and hands-on approaches to help candidates understand the challenges and benefits of working in the cybersecurity industry.

Targeted Audience and Test to Pass

This certification is meant for cybersecurity analysts willing to verify their skills in defending and improving the security systems of the organizations they work for. For that reason, it suits a wide range of job profiles including security analysts, application security analysts, threat intelligence analysts, security engineers, incident response handlers, threat hunters, and compliance analysts. Part of the qualification requirements for obtaining this certificate involves passing a certification exam coded CS0-002. This will form the basis of our discussion in the next paragraphs.

CompTIA CySA+ Exam Facts

The CS0-002 exam was launched on April 21, 2020, as the replacement for the CS0-001. This evaluation is all about improving the state of security operations through rapid identification and combating malware as well as persistent threats to the existing systems. Normally, this exam brings a total of 85 performance-based and multiple-choice items that must be done in 165 minutes. CompTIA uses a grading method on a scale of 100-900 to rank its candidates, where a score of 750 points and above will help you obtain the CySA+ certification. Like the previous version, such an evaluation costs $370 for every attempt even though it is currently offered in English and Japanese versions only.

CySA+ Content Outline

To help you get a clear picture of the CS0-002 exam, we will be highlighting the details of the course outline below;

1. Management of Threats and Vulnerabilities (22%)

The first topic revolves around the knowledge of explaining the significance of threat intelligence and data, using threat intelligence when supporting the security of your organization, and completing a wide range of tasks involving vulnerability management. What’s more, it will evaluate the skills of analyzing the output received from basic tools used to assess vulnerability, explaining the vulnerabilities & threats around specialized technology and the cloud, and implementing strategies for mitigating software glitches as well as attacks. In more detail, under such a topic, you’ll learn lots of concepts relating to intelligence cycle, commodity malware, the frameworks of attacks, scanning, enumeration, IoT, and FaaS just to mention a few.

2. Security for Software and Systems (18%)

This domain covers 3 key tasks including the application of security solutions associated with managing infrastructure, explaining the tools for assuring software and expounding on practices of assuring hardware. All in all, here, you’ll encounter such terms as on-premises vs. cloud, segmentation, virtualization, change management, honeypot, and encryption. After that, the candidates will be enlightened on how to define mobile, embedded, and web app platforms, secure best practices for codes and deal with DevSecOps. Finally, you will be familiar with how to operate with the hardware root of trust, eFuse, UEFI, and anti-tamper.

3. Security Processes and Monitoring (25%)

Such a topic revolves around the skills related to analyzing data for monitoring security, implementing configuration changes to the available controls in a bid to optimize security, explaining the significance of proactive threat hunting, and comparing as well as contrasting the technologies and concepts of automation. In particular, this area looks at the analysis of trends, endpoints, log reviews, networks, permissions, firewalls, sandboxing, the vectors of attacks, scripting, API integration, the enrichment of data, and the like.

4. Incident Response (22%)

The section of incident response is meant to certify the knowledge of the process of responding to an incident via a communication plan, data criticality, and response coordination, using the right procedures like preparation, analysis, detection, containment, etc. when responding to incidents, analyzing the network-related, host-related, and app-related pointers of compromise when you have an experimental incident, and finally, utilizing the basic techniques for digital forensics when you have an experimental case scenario, which sheds light on the mobile, cloud, legal hold, and carving among others.

5. Compliance and Assessment (13%)

To end, this exam will address the concepts of data protection and privacy, applying security concepts when supporting the risk mitigation of your organization, and explaining the significance of policies, frameworks, controls, and procedures. In all, a section like this requires the knowledge of DLP technical controls, prioritizing risk, assessing supply chain, risk-based as well as prescriptive frameworks, compliance & regulatory assessments and audits, AUP procedures & policies, and control types.

Your Job Prospects

On the employment front, many candidates who obtain the CompTIA CySA+ certification go on to fill the following roles at some point in their careers:

• Security Analyst

  On the whole, security analysts monitor security operations, assess security using penetration testing and risk analysis tools, and perform both external and internal audits on security platforms. What’s more, they are tasked with analyzing breaches in security operations to identify the probable causes and the fitting mitigation strategies. Generally speaking, security analysts will be expected to have an outstanding combination of creativity and communication skills to help them approach every task with the highest level of meticulousness it deserves. And there’s no better starting point than getting the CySA+ designation. To conclude, security analysts earn an average of $69,348 per year according to PayScale.

• Security Engineer

  Security engineers, on the other hand, test and screen software and security systems, monitor functional network systems to detect intrusions, and finally, resolve the same using industry-recognized strategies alongside best practices. It’s peculiar that they may work as independent professionals or as part of an IT department tasked with assessing risks, identifying vulnerabilities in network systems, designing firewalls, and configuring network systems by following the company’s standard practices and security strategies. Going by modern trends, security engineers earn an average salary of $93,704 per annum. That’s according to the latest estimates by the experts at the PayScale website.

• Incident Response Handler

  As the name suggests, incident response handlers are renowned for their key role in creating or designing security policies, procedures, and plans to secure an organization’s critical assets from security incidents. More so, these individuals not only respond to digital threats using risk analysis and security auditing but also plan, coordinate, manage, and communicate with the general staff to handle the results of such incidents. With that in mind, they are handsomely compensated with an average income of $95,269 annually according to ZipRecruiter.

Honorable Mentions

Aside from the technical roles we have mentioned above, the CompTIA CySA+ certificate is also a great option if you want to fill the following positions:

• Application Security Analyst ($74,793);
• Compliance Analyst ($59,256);
• Threat Intelligence Analyst ($75,000)

Note that the salaries for these roles mentioned in brackets are provided in accordance with the data taken from PayScale.com.

Certification Path

As you might know, CompTIA certifications are neatly arranged according to career levels. And even though a lower-level certificate may not directly qualify you for the next option on this ladder, it's easy to determine what follows after completing a specific exam. For instance, the CySA+ is a cybersecurity certification lying just below the higher-level PenTest+ and CASP+ designations. So, these should be the next step if you opt to go with a vendor-specific approach in cybersecurity.