CySA+: History and relevance

November 18, 2020 by Fakhar Imam


As the volume of cybersecurity threats and attacks has risen by leaps and bounds, organizations face a future that is fraught with many risks — financial, reputational and compliance-based in nature. To navigate these dark waters, organizations look for security professionals who are well-versed in up-to-the-minute security techniques and cutting-edge cybersecurity concepts such as threat and vulnerability management, software and systems security, security operations and monitoring, incident response and compliance and assessment.

The CySA+ certification provides candidates the right set of skills and knowledge required to effectively prevent and proactively search through systems and networks to detect and isolate cybersecurity threats that evade the existing cybersecurity controls. After being CySA+-certified, the cybersecurity analyst acts as a security guard or gatekeeper of information systems and networks.

This article will explore CySA+, including what CySA+ is, its history and current exam details. This will also detail how CySA+ is one of the most relevant certifications available to cybersecurity professionals today.

What is the CySA+ certification?

CompTIA’s CySA+ is the intermediate IT workforce certification. Learners acquire it to prevent and combat cyberattacks in the face of an organization’s network and devices. CySA+-certified professionals can apply behavioral analytics to networks to beef up security through identifying and dealing with malware and Advanced Persistent Threats (APTs). This certification also supports the role of a threat hunter who proactively finds and stops malicious activities.

Enterprises face various contractual, statutory, regulatory and legal compliance standards, including PCI DSS and GDPR. Complying with these standards is indispensable to thwart regulatory issues. The last domain of the CySA+ exam objectives specifically shed light on compliance that further defines the importance of frameworks, policies, procedures and controls.

This certification also covers digital forensic techniques. It also incorporates endpoint scanning, mobile, cloud, virtualization and so forth.

The CySA+ exam follows government regulations under the Federal Information Security Management Act (FISMA). Besides, it meets the ISO 17024 and is approved by the US Department of Defense (DOD) to fulfill the requirements of Directive 8570.01-M.

CySA+ history

The first version of the CySA+ exam was released on February 15, 2017, with exam code CS0-001. It was originally known as CSA+ but CompTIA had to change the name due to an undisclosed copyright issue. However, the content of the exam remained unchanged.

Why was CySA+ created? The digital world has been showing a gloomy picture of cybersecurity strength since 2016. The National Crime Agency reported over 2.46 million cyberattacks in 2016 alone. Below are some major attacks that occurred in 2016:

  • In October 2016, the Dyn DDoS attack compromised thousands of endpoint IoT devices. This was staggering for its size, at one time measuring close to 1 Tbps.
  • On November 6, 2016, BBC reported that thousands of Tesco Bank’s customers had been targeted by hackers. As a result, Tesco had to pay out an estimated £2.5 million to 9,000 customers after the cyberattack.
  • In September 2016, 500 million Yahoo users were affected by a data breach, reportedly the largest publicly disclosed cyber-breach in history.

Since cybersecurity threats were accelerating significantly, CompTIA opted to create its first cybersecurity analyst certification. At that time, although CompTIA had Security+, it was inadequate to serve alone but not yet up to the heady level of the CompTIA’s CASP.

CompTIA has released the second version of the CySA+ exam with the exam code CS0-002 on April 21, 2020, and this exam is now available. Please note: The CompTIA CySA+ CS0-001 English language exam will retire on October 21, 2020.

CySA+ certification exam details

The CySA+ exam involves both hands-on, performance-based questions and multiple-choice questions. Unlike the traditional multiple-choice questions that ask a student to click on one or more correct answers to a particular question, performance-based questions require him to complete a task in the simulated IT environment. These questions are based on real-world computer scenarios.

Before applying for the CySA+ exam, the CompTIA requires candidates who have previously earned either Network+, Security+ or equivalent knowledge. A minimum of four years of hands-on experience in the information security realm or related experience is also required.

Below is the list of some vital information regarding the CySA+ exam:

  • Number of questions: Maximum of 85 questions
  • Length of the test: 165 minutes
  • Passing score: 750 on a scale of 100-900
  • Language: Japanese, English. Others — TBD
  • Testing provider: Pearson VUE

The following table details the five knowledge domains of the CySA+ exam.

Domains Exam Percentage
1.0 Threat and Vulnerability Management 22%
2.0 Software and Systems Security 18%
3.0 Security Operations and Monitoring 25%
4.0 Incident Response 22%
5.0 Compliance and Assessment 13%
Total 100%

CySA+ relevance in today’s digital world

The cybersecurity landscape is constantly evolving, and it becomes increasingly challenging for security professionals to deal with fast and sophisticated cyberthreats. However, the CySA+ exam equips you with all necessary cybersecurity controls and solutions to combat cybersecurity threats and attacks.

Today’s cybercriminals are well aware of the traditional signature-based detections (e.g., firewalls and antivirus software) that are used to identify known malware. Unfortunately, this type of detection cannot recognize the new version of malware because it is based on the signature of known viruses which have been added to the program’s database. Nowadays, new cyberattacks occur very quickly. According to the University of Maryland, “Hackers attack every 39 seconds … on average 2,244 times a day.” Therefore, updating their signature quickly enough is out of the question. 

To deal with this nightmare, organizations must need an analytics-based approach within their Security Operation Centers (SOC). The CySA+ applies behavioral analytics to devices and networks to combat every newly generated malware promptly. Unlike signature-based solutions, behavior-based approaches can detect previously unknown malicious patterns at the earliest stages of execution.

Effective cyberdefense today requires cybersecurity analysts to proactively search through networks to identify and isolate advanced threats that can lead to data breaches. This proactive approach allows you to execute before the occurrence of a cyber incident, unlike a reactive approach that acts after the occurrence of the cyber incident. The CySA+ incorporates a very crucial security approach, known as threat hunting. Using this technique, security analysts can proactively search for threats that are lurking undetected in the network.

Cybersecurity analysts must understand the regulatory standards available today, such as GDPR or PCI DSS. Noncompliant security professionals and organizations can bear the brunt of heavy penalties and reputational damage. 

The CySA+ covers the compliance standards whose understanding is indispensable for both individuals and businesses today. According to Patrick Lane, product director for CompTIA CySA+, “Cybersecurity pros have to understand what those regulatory standards are and how to comply with them,” He added: “If you can be held responsible for compliance, you need to understand it.”

Conclusion (the bottom line)

After taking a deep dive into this article, we can conclude that CompTIA’s CySA+ certification is one of the most relevant certifications today for cybersecurity professionals. The knowledge domains of this certification cover very important subjects such as behavior analytics, threat hunting, software security, compliance and more. 

If you want to boost your career in cybersecurity and work in the more proactive aspects of the work, this certification should be considered essential.



CompTIA CySA+: EXAM CODE CS0-001 & CS0-002, CompTIA

The 10 biggest security incidents of 2016, We Live Security by ESET

An Introduction to Cyber Security Risks and Responsibilities, Virtual College

Tesco Bank customers lose money to ‘fraudsters,’ BBC News

Tesco Bank pays out £2.5 million to customers after ‘unprecedented’ cyber attack, INDEPENDENT

Yahoo ‘state’ hackers stole data from 500 million users, BBC News

Study: Hackers Attack Every 39 Seconds, The University of Maryland

Advanced Malware Detection – Signatures vs. Behavior Analysis, Information Security Magazine

CompTIA Newsroom, CompTIA

Posted: November 18, 2020
Fakhar Imam
View Profile

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.