CySA+: History

August 21, 2019 by Greg Belding


Sometimes the best way to understand something is to use the lens of history. By looking back, it’s possible to get a better idea of what why something was done or the environment in which something emerged. 

Surprisingly, this also applies to certification exams. CySA+ is literally a product of its time — addressing a need that has been paramount to the business world in recent years. 

This article will detail the CySA+ exam’s history: where it came from, where it has been and where it is today. This is a relatively new information security certification, and understanding its history will point us to where it’s going in the future.

What is CySA+?

The Cyber Security Analyst, or CySA+ certification, is hosted by CompTIA and is considered an intermediate professional IT workforce certification. CySA+ is a vendor-neutral certification and falls somewhere between Security+ and CASP. This certification verifies a professional level of proficiency in detecting, preventing and combating cyberattacks against an organization’s network and devices. 

Examples on a more micro level of what CySA+ certifies include performing data analysis to identify vulnerabilities, threats and risks, configuring and using threat detection tools, and securing organization systems and applications.

When CySA+ was born

This relatively recent certification first appeared on the scene in early 2017. To fully understand why CySA+ was created, it will help to look at how the way things were leading up to 2017. Frankly, the world was in worse shape in terms of cybersecurity than ever before. Between the Dyn DDoS attack, ransomware and what was called the “largest data breach in history” to strike Yahoo, things were looking bleak on the information security front.

Thus, in the midst of the worst information security landscape in history, CompTIA premiered its CySA+ certification in February 2017. This was the first cybersecurity analyst certification for CompTIA — which was inadequately served by the Security+ certification alone but not yet up to the heady level of the Advanced Security Professional (CASP). 

Naming controversy

CySA+ was originally referred to as CSA+ when it premiered in 2017. Due to an undisclosed copyright issue, CompTIA was changed the name of the certification acronym to CySA+. Despite this change in acronym, the material of the certification exam has not changed at all. 

Where CySA+ is at today

Currently, CySA+ is still on its first version of the certification exam, CS0-001. The life of this certification is three years in duration, so it is not likely that we will see another version of this exam until 2020. 

As of the time of writing, CompTIA has not announced when the next version of the certification exam will be released. This means that when current certification holders are due to renew their certification, the option of taking the new version of the certification exam will not be available to them. Instead, they will have to opt for earning continuing education credits to renew the certification. 

Where will CySA+ go from here?

If the future of CySA+ is anything like its inception, we can expect to see the next version of CySA+ be responsive to the current cyberattack environment and to present novel cyberattacks and the methods required to appropriately respond to them. 

CompTIA typically releases new exam versions to reflect these recent changes and they are not expected to act differently anytime soon. In the unlikely event of the cyberattack environment not changing much in the years to come, then we may not see a new version for some time. 

The impact of CySA+ so far

The good news for CySA+ holders is that life for them has been pretty great so far. First, according to PayScale (which sampled over 7000 CySA+ certification holders for this survey), certification holders rate their satisfaction level as being “extremely satisfied” with a 5 out of 5 score. 

OK, so you’re more of a number person. The numbers support this very positive outlook. The average salary for a CySA+ certification holder is $72,000, which is near the national average for all cybersecurity analysts. Being that most CySA+ holders have around five years of experience, this is on pace with about where they should be in terms of pay. 

While this figure may not place them in the high end of the cybersecurity analyst pay scale, sometimes happiness follows being where you are supposed to be as opposed to where you want to be. For some, these may be sage words.


Like many  products of their times, the CySA+ certification came about in response to the time itself. Information security continues to be among the most important issues of our time, and this will not change anytime soon. 

This certification motivates cybersecurity professionals to increase, sharpen and enhance their cybersecurity skills, which translates into a better-skilled workforce to face down cyberattacks. 



  1. Average Cyber Security Analyst Salary, PayScale
  2. An overview of CompTIA’s CySA+ certification, Certification Magazine
  3. CompTIA CySA+, CompTIA
Posted: August 21, 2019
Articles Author
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.

Leave a Reply

Your email address will not be published. Required fields are marked *