CySA+: Hiring qualified professionals helps offset skill shortages

August 27, 2019 by Daniel Brecht

Introduction: The growing shortage of qualified CySA+ professionals

Today, there are literally thousands of jobs going unfilled because of the lack of qualified cybersecurity candidates. With a high demand for employees that can prove their knowledge and skills in this fast-growing IT sector, the importance of acquiring a certification is increasing as professionals use it to stand out in the crowd when applying for jobs and to boost their promotion potential in their current company. 

Employers recognize the benefits of not only filling roles with professionals with credentials but also of training their existing employees. This is important to build a skilled workforce and to boost employee retention.

More and more employers nowadays are looking for technically- and analytically-minded professionals to fill roles as cybersecurity analysts. These employers need professionals with experience and related qualifications and who have a track record of showing competencies that relate to the job. Adding a CompTIA’s CySA+ certification is sure to help a professional interested in this line of work to increase their chances of securing a good position in any organization.

CySA+ overview

The Computing Technology Industry Association (CompTIA) is a non-profit trade association that focuses on educating and certifying IT professionals. The Cybersecurity Analyst (CySA+) is one of the newer additions to the CompTIA certification portfolio, designed to meet the ever-growing need for experienced, qualified cyber- and information security analysts.

CompTIA certifications such as CySA+ can be mapped to the NICE framework. The National Initiative for Cybersecurity Education (NICE) Framework is a valuable source used in defining common ways to assess the workforce skills and helps IT security practitioners understand the knowledge, skills and abilities (KSAs) they will need for a successful career in the field and in each role comprised in the security realm. 

What’s more, NICE offers a roadmap for training programs and certifications from a variety of vendors for each of the specialty areas. These range from Systems Security Analysis to Computer Defense Analysis and Exploitation and Threat Analysis.

The CySA+ program is constantly reviewed to align with the current classification of cyberworkers provided by NICE and its description of each role. The CySA+ qualification is appropriate for employees who will be required to apply behavioral analytics to networks and devices in an effort to prevent, detect and combat internet-related attacks or threats. 

The test that professionals need to pass is based on knowledge of tools used for vulnerability discovery and threat detection, as well as methods for data analysis and interpretations, securing of applications and cyber-incident response. To make it as relevant as possible to the skills required in the real world, the test has been developed with the input of renowned companies and organizations such as Dell, Ricoh, the Linux Professional Institute and Northrop Grumman.

To earn a CySA+, candidates must pass an exam made of up to 85 performance-based and multiple-choice questions. Testers have 165 minutes and need a passing score of 750 in a 100 – 900 reference scale. Although this certification does not have mandatory prerequisites, being at an intermediate level, it is better faced by candidates that already have 3–4 years of related experience and Network+ and Security+ knowledge.

How does the CySA+ certification benefit me or my company? 

The CySA+ certification makes a job seeker much more marketable. In fact, it proves the professional has the ability to effectively use threat detection, behavioral analytics and secure applications, as well as the know-how in preventing, identifying and responding to vulnerabilities. Proving proficiency and competence, the CompTIA CySA+ credential can give employers and hiring managers a more detailed glimpse into the job applicant’s skill set and help them stand out in a competitive job market. It also demonstrates that the professional is keeping up to date in the field and is willing to invest in his or her own education.

Why would an employer want to hire a qualified CySA+ professional?

Employers can also benefit from hiring qualified professionals with the CySA+. In fact, hiring personnel already possessing this credential gives them assurance that the selected applicant has the required, up-to-date knowledge for the position offered. 

When it comes to managing the cybersecurity posture for the organization, highly skilled Cyber Security Analysts (CSAs) are the go-to specialist and a valuable asset to any business. This is because they engage in deep understanding of different types of online threats. They are capable of designing integrated security solutions with analytics tools that will detect and respond to incidents on networks.

Therefore, a professional analyst who can apply safeguards and countermeasures to eliminate vulnerabilities by implementing various processes, technologies and practices can certainly prove themselves as a valuable candidate for the job. An entry-level CSA that has the training and certification is a good fit for both the role and the organization, in order to help the company utilize the necessary security controls to keep its digital data safe and secure. 

Is there justification for my employees to get CySA+ certified?

While a CySA+ credential holder will be a competent employee who can fill a position with minimal guidance, an organization might want to also allocate time for its existing staff to engage in training and studying for such a certification. An employer could consider this option for its workers to keep abreast of the rapidly changing cybersecurity trends. Indeed, the power of investing in personnel is a key opportunity to ensure the labor force have the right skills required to perform their jobs to the best of their abilities. 

Recognizing the need to develop more qualified cybersecurity professionals can help resolve the hiring shortage. The gap is well shown by CyberSeek’s interactive supply and demand map, which notes there are many more open positions in the field than there are working professionals available to fill them. If a company is struggling to find qualified candidates, it is in their best interest to train existing staff. By helping them obtain a professional certification (CompTIA’s CySA+), they can fill a role as a CSA rather than needing to recruit other candidates.

Also, a training program that encourages existing employees to take courses and prepare for this qualification is not only skill-enhancing. The program can also give the employees the confidence and self-efficacy to succeed in specific situations or accomplish more advanced tasks, making them an even greater asset to their company. Training staff to develop their skills and provide personnel with certifications is a win/win situation for both the employees (because they want to be retained and/or vested in one specific role) and employers, who may have a talent scarcity and a need to fill positions.

What types of jobs would benefit from a CySA+?

Many professional figures can benefit from a CySA+ credential:

  • IT security analyst
  • Security Operations Center (SOC) analyst
  • Vulnerability analyst
  • Cybersecurity analyst or specialist
  • Threat intelligence analyst
  • Security engineer
  • Data security analyst

As you can see, obtaining such credentials can fit several roles and help a professional qualify for different positions even within the same company.


For businesses to succeed, a highly skilled, well-trained and experienced staff is needed. It might not be possible to find and employ several fully experienced professionals. As a result, gaps might occur, causing sub-optimal productivity and less-than-desirable IT assets and data protection by an existing workforce struggling to become skilled at properly securing an organizations applications and systems by using technological tools to detect new attack vectors. 

This means that during a time when employers look to close the cybersecurity shortages and retain IT security talent, staff members are being upskilled or trained in order to be certified for a particular duty within their job. Qualified employees with specific talents are an organization’s most valuable asset, and those who possess CompTIA’s CySA+ will have the edge over other individuals competing for the same position.

Certifications are playing a major role in hiring decisions today. In fact, acquiring talent with qualifications is becoming more important for recruiters. Those who possess CompTIA’s CySA+ are deemed highly qualified in analyzing security breaches to identify root causes. This means that a business that hires a qualified CySA+ professional will be confident and at ease knowing such a team member can overlook the company’s digital assets and keep it protected from unauthorized access.



  1. Become a Security Analyst, CyberDegrees
  2. What is a Security Analyst? Responsibilities, Qualifications, and More, Digital Guardian 
  3. Is the CompTIA CySA+ Worth It? Cost, Comparison, Benefits, StartACyberCareer
  4. CompTIA and NICE: Setting the standard for safe cyber practices, CompTIA
  5. CompTIA Certification Guide: Overview and Career Paths, Business News Daily
  6. Gap in cybersecurity knowledge creates challenges for organizations, CSO
Posted: August 27, 2019


We've encountered a new and totally unexpected error.

Get instant boot camp pricing

Thank you!

A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here.

Articles Author
Daniel Brecht
View Profile

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.