CySA+ Certification: Overview And Career Path
If you are currently are or plan to be a cybersecurity analyst and do not yet have a certification for this career path, there is now a certification that may give your career the boost you are looking for. This vendor-neutral certification is considered intermediate to mid-career and will prove to organizations that you have the knowledge and skills needed to spearhead cybersecurity operations, either as a standalone information security professional or as part of a security team.
The article you are about to read will explore the CySA+ certification. We’ll look at the different domains of knowledge the certification exam will cover, who is looking for professionals with this certification and what you can expect from the certification renewal process.
What is the CySA+ certification?
The Cyber Security Analyst certification, hosted by CompTIA, is one of the latest cybersecurity certifications available. With the first version of the test being released in 2017, this certification validates that the certification holder’s competency with the following:
- Performing data analysis with the ability to identify vulnerabilities, risks and threats
- Configuring, managing and using threat-detection tools
- Securing and protecting organization systems and applications
The CySA+ certification exam is comprised of 85 maximum questions and candidates have a maximum of 165 minutes to complete the exam. Candidates must earn at least a score of 750 out of 900 to pass the exam. Candidates will be expected to have earned at least Security+, Network+ or equivalent and to have at least three to four years’ professional experience in information security. When you earn this certification, it will last for three years.
CySA+ domains of knowledge
The CySA+ certification exam covers four domains of knowledge. These domains are:
- 1.0 Threat management
- 2.0 Vulnerability management
- 3.0 Cyber incident response
- 4.0 Security architecture and tool sets
Domain 1.0: Threat management
Representing 27% of the CySA+ certification exam, this domain is made up of the following topics:
- Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
- Given a scenario, analyze the results of a network reconnaissance
- Given a network-based threat, implement or recommend the appropriate response and countermeasure
- Explain the purposes of practices used to secure a corporate environment
This domain focuses on all aspects of threat management in use today. Candidates will be expected to be able to explain the procedures, variables and tools involved with environmental reconnaissance techniques as well as the methods and tools of analyzing information gathered in environmental reconnaissance.
Candidates will also have to be able to recommend appropriate responses and countermeasures for network-based threats including network segmentation, ACLs, hardening and network access control. The tail end of this domain requires explaining of the penetration testing, reverse engineering, training/exercises and risk evaluation used to secure corporate environments.
Domain 2.0: Vulnerability management
Representing 26% of the exam, the topics of this domain are:
- Given a scenario, implement an information security vulnerability management process
- Given a scenario, analyze the output resulting from a vulnerability scan
- Compare and contrast common vulnerabilities found in organization-based targets
Domain 2.0 delves into the vulnerability management process and details identification of requirements, establishing scanning frequency, configuring tools to specifications, remediation and ongoing scanning/monitoring.
Next, this domain explores the required analysis process for vulnerability scan results — including analysis, validation of results and correlating with other data points. Lastly, candidates will need a solid understanding of common vulnerabilities found in a wide array of targets within an organization — from endpoints and servers to ICS/SCADA systems.
Domain 3.0: Cyber incident response
Making up 23% of the certification exam, domain 3.0 contains the following topics:
- Given a scenario, distinguish threat data or behavior to determine the impact of an incident
- Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation
- Explain the importance of communication during the incident response process
- Given a scenario, analyze common symptoms to select the best course of action to support incident response
- Summarize the incident recovery and post-incident response process
This domain takes candidates through the higher level (non-tier 1) of cyberincident response. Candidates need to know how threat information will impact their organization environment, know which toolkits to implement in different scenarios and explain how communication with organization higher-ups can be the proverbial lifeblood of appropriate incident response.
Cybersecurity analysts mastering this domain need to also know how to respond to incident symptoms, as well as a full array of post-incident action.
Domain 4.0: Security architecture and tool sets
Picking up the last 24% of the certification material, this domain contains the most formidable content of them all. Its composite topics are:
- Explain the relationship between frameworks, common policies, controls and procedures
- Given a scenario, use data to recommend remediation of security issues related to identity and access management
- Given a scenario, review security architecture and make recommendations to implement compensating controls
- Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC)
- Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies
Aside from addressing concepts including regulatory frameworks, when to use certain controls and what you should know about identity management exploits, this domain closes out with a vendor-neutral, kitchen sink approach to cybersecurity tools. This is the crux of what many will be asking when they ask you what specific tools CySA+ will cover? While it is not every last tool the exam covers, it is an enormous start.
Who is looking for CySA+ certification holders?
Simply put, organizations that use cybersecurity analysts or have security teams with a spot for a cybersecurity analyst will be looking for CySA+ certification holders. Another way to put it is organizations that have an environment that is plagued by vulnerabilities will be looking for these certification holders.
What can you expect from the renewal process?
The renewal process is relatively easy and straightforward. To renew, certification holders have three years to accumulate at least 60 Continuing Education Units (CEUs). Once earned, candidates need to upload them to their CompTIA certification account. This will automatically renew your CySA+ certification for another three-year period.
The CompTIA CySA+ certification is a relatively new cybersecurity analyst certification that may give your cybersecurity resume the wings it needs.