CySA+ certification: Overview and career path [updated 2021]

February 18, 2021 by Greg Belding

If you are currently are or plan to be a cybersecurity analyst and do not yet have a certification, you may want to consider CySA+. This vendor-neutral certification is considered intermediate to mid-career and will prove to organizations that you have the knowledge and skills needed to spearhead cybersecurity operations, either as a standalone information security professional or as part of a security team.

The article you are about to read will explore the CySA+ certification. We’ll look at the different domains of knowledge the certification exam will cover, who is looking for professionals with this certification and what you can expect from the certification renewal process. We’ll also take a look at some of the recent changes to this certification exam.

What is the CySA+ certification?

The Cyber Security Analyst certification, hosted by CompTIA, is currently on its second certification exam version (CS0-002). This certification validates the certification holder’s competency with the following:

  • Performing data analysis with the ability to identify vulnerabilities, risks and threats
  • Configuring, managing and using threat-detection tools
  • Securing and protecting organization systems and applications
  • Up-to-date security analyst skills including upcoming cybersecurity analyst and related roles’ job skills

The CySA+ certification exam is composed of up to 85 questions. Candidates have a maximum of 165 minutes to complete the exam and must earn at least a score of 750 out of 900 to pass the exam. Candidates will be expected to have earned at least Security+, Network+ or equivalent and to have at least three to four years’ professional experience in information security. This certification lasts for three years.

Although the format of the certification exam is unchanged, some of the exam content is — after restructuring the domains of knowledge, CS0-002 presents certification candidates with five domains as opposed to the four in CS0-001. It should also be noted that the recommended years of hands-on experience has slightly increased, from three-to-four years to a minimum of four.

CySA+ domains of knowledge

The CySA+ certification exam covers five domains of knowledge. This is one more domain than CS0-001 and you may notice that some of the previous domains have combined with each other to form one domain. Below are the current domains and the percentage of the exam they represent:

  • Threat and Vulnerability Management 22%
  • Software and Systems Security 18%
  • Security Operations and Monitoring 25%
  • Incident Response 22%
  • Compliance and Assessment 13%

Domain 1.0: Threat and vulnerability management

This domain is made up of the following topics:

  • Explain the importance of threat data and intelligence
  • Given a scenario, use threat intelligence to support organizational security
  • Given a scenario, perform vulnerability management activities
  • Given a scenario, analyze the output from common vulnerability assessment tools
  • Explain the threats and vulnerabilities associated with specialized technology
  • Explain the threats and vulnerabilities associated with operating in the cloud
  • Given a scenario, implement controls to mitigate attacks and software vulnerabilities

Domain 2.0: Software and systems security

  • Given a scenario, apply security solutions for infrastructure management
  • Explain software assurance best practices
  • Explain hardware assurance best practices

Domain 3.0: Security operations and monitoring

  • Given a scenario, analyze data as part of security monitoring activities
  • Given a scenario, implement configuration changes to existing controls to improve security
  • Explain the importance of proactive threat hunting
  • Compare and contrast automation concepts and technologies

Domain 4.0: Incident response

  • Explain the importance of the incident response process
  • Given a scenario, apply the appropriate incident response procedure
  • Given an incident, analyze potential indicators of compromise
  • Given a scenario, utilize basic digital forensics techniques

Domain 5.0 Compliance and assessment

  • Understand the importance of data privacy and protection
  • Given a scenario, apply security concepts in support of organizational risk mitigation
  • Explain the importance of frameworks, policies, procedures, and controls

Who is looking for CySA+ certification holders?

Simply put, organizations that use cybersecurity analysts or have security teams with a spot for a cybersecurity analyst will be looking for CySA+ certification holders. Another way to put it is organizations that have an environment that is plagued by vulnerabilities will be looking for these certification holders.

What roles require or prefer candidates with CySA+?

The first role that may cross your mind is cybersecurity analyst, which is true. However, that is not the only role that is looking for those with the knowledge and skills that CySA+ verifies. Below are some others that require or prefer candidates to have a CySA+ certification:

  • Security analyst
  • Security engineer
  • Incident response or handler
  • Threat intelligence analyst
  • Threat hunter
  • Application security analyst
  • Compliance analyst

What can you expect from the renewal process?

The renewal process is relatively easy and straightforward. To renew, certification holders have three years to accumulate at least 60 Continuing Education Units (CEUs). Once earned, candidates need to upload them to their CompTIA certification account. This will automatically renew your CySA+ certification for another three-year period.


The CySA+ certification is a intermediate to mid-level cert that is the only one in its proverbial class to require hands on experience working with cybersecurity analysis on the job. Being that this is a moderate to mid-level certification, four years of this experience is required. 

There have been some significant changes made to the certification exam since CS0-001, such as the addition of a new domain of knowledge. This increases the standard that certification candidates are held to as cybersecurity grows as a field.


Posted: February 18, 2021
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.

Leave a Reply

Your email address will not be published.