The CySA+ Exam Information
2018 saw many jaw-dropping cybersecurity and data breaches, with major international brands like Facebook and Marriott suffering data record losses into the millions — 87 million and up to 500 million, respectively.
Just the magnitude of these cyberbreaches means unfortunate headlines for these global brands, but it also means ample opportunity for IT professionals looking to expand their employment possibilities. According to a report by the Center for Strategic and International Studies (CSIS), the number of cybersecurity job vacancies left unfilled in the United States stands at almost 314,000. This is an incredible figure, given there are only 769,000 cybersecurity professionals in today’s workforce.
The future looks equally grim for employers, with the same CSIS survey projecting the number of global vacancies to top 1.8 million by 2022. Ultimately, this has led to 71 percent of IT decision-makers reporting that this talent gap is causing direct and measurable damage to their organizations.
However, the scale of the opportunity for IT professionals has been widely known for years. This is especially true for those with the skills, experience and versatility held by cybersecurity analysts. Corporations rely on these professionals to help keep their data, employees and systems safe. In return, according to the Bureau of Labor Statistics, cybersecurity analysts can command a median salary of $99,960 a year in the United States.
Certification exam topics
As mentioned previously, the CompTIA CySA+ certification verifies that successful credential holders have the knowledge and skills to fulfill their roles. At a high level, CySA+ holders are required to configure and use threat detection tools, perform data analysis, and interpret the results in order to identify vulnerabilities and to communicate and mitigate threats and risks to an organization. Ultimately, this function serves the end goal of securing and protecting applications and systems within an organization.
However, what sets the CySA+ certification apart from the other certifications on the market is its emphasis on data analytics and behavioral analysis component in the security domain. Given the continued evolution of cyberthreats, the number of zero-day and customized attacks and potential gaps in antivirus detection capabilities, a CySA+ holder will be able to help an organization implement the tools, policies and rules to thwart attackers that may otherwise evade the usual signature-based solutions.
For example: From reviewing logs and system information, a cybersecurity analyst may be able to identify irregular system or user account activity that could point toward the beginning stages of a cyberattack or an advanced persistent threat.
Diving a little deeper into the certification exam objectives, CompTIA has identified the following knowledge domains covered within the CySA+ exam. In their words, these domains are:
- Threat Management
- Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
- Given a scenario, analyze the results of a network reconnaissance
- Given a network-based threat, implement or recommend the appropriate response and countermeasure
- Explain the purpose of practices used to secure a corporate environment
- Vulnerability Management
- Given a scenario, implement an information security vulnerability management process
- Given a scenario, analyze the output resulting from a vulnerability scan
- Compare and contrast common vulnerabilities found in the following targets within an organization
- Cyber Incident Response
- Given a scenario, distinguish threat data or behavior to determine the impact of an incident
- Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation
- Explain the importance of communication during the incident response process
- Given a scenario, analyze common symptoms to select the best course of action to support incident response
- Summarize the incident recovery and post-incident response process
- Security Architecture and Tool Sets
- Explain the relationship between frameworks, common policies, controls, and procedures
- Given a scenario, use data to recommend remediation of security issues related to identity and access management
- Given a scenario, review security architecture and make recommendations to implement compensating controls
- Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC)
- Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies
These descriptions are excerpted from the CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives document, found here.
CySA+ exam overview
The CySA+ exam is structured similarly to many others in their series of cybersecurity certifications. This means that the CySA+ exam comprises 85 questions presented in a multiple-choice and performance-based structure. Additionally, test takers have a maximum of 165 minutes to complete the exam, which requires a score of at least a 750 (on a scale of 100 – 900) to pass.
As with other CompTIA certification exams, the CySA+ includes performance-based questions, in which candidates are presented with several tasks to complete in a simulated IT environment. These tasks need to be done either in the right order or have all aspects of the challenge completed to earn full points, attempting to simulate real-world situations.
Diving deeper into the CySA+ exam, CompTIA has designed questions to align to industry trends. This means that candidates will be tested on their knowledge of threat detection, data analytics, and related tools. This includes the ability to how to set-up, configure, and use threat detection tools as well as how to interpret the outputs and make decisions based on the data presented to assess or identify risks to an organization.
Using the Certification Objectives as a guide, CompTIA has organized the certification exam questions to align nearly equally across the four knowledge domains:
- Threat management (27%)
- Vulnerability management (26%)
- Cyber incident response (23%)
- Security architecture and tool sets (24%)
CySA+ exam logistics
Once you believe you are ready to sit for the CySA+ certification exam, candidates will need to buy an exam voucher either from CompTIA directly or from a third-party provider as part of a training package. With a voucher in hand, you can schedule when and where to take your exam directly through the Pearson VUE website. This includes approved locations throughout the United States, around the world and even on U.S. military bases and stations.
You will need to create a Pearson VUE account and use it to select a testing center, time and date that fits your needs. You will have the choice on when to take the exam, but the exam must be completed within 165 minutes, including any breaks that you may choose to take. There may be other testing requirements or expectations at the testing center that you have selected.
Finally, the day of your certification exam, you’ll need to bring a copy of your Pearson VUE registration information along with additional information that you may need to provide to your select testing center. At the conclusion of your exam, you will immediately be provided with your score, notifying you if you reached at least the minimum 750 points required to pass. This information will also be updated in your Pearson VUE account as well as in your CompTIA profile.
After the exam
Upon receiving a passing score and achieving the CySA+ credential, CompTIA requires each certification holder to renew their credential every three years. Renewal requirements can be achieved in one of the following three ways:
- Pass the most current version of the CySA+ certification exam.
- Pass a higher-level CompTIA or non-CompTIA certification exam
- Earn continuing education units (CEUs) by participating in qualified activities such as publishing an article or whitepaper, obtaining another industry certification or attending a relevant conference or event.
Taking the next step
With the CySA+ exam, CompTIA succeeded in creating a “bridge” certification between the foundational Security+ credential and the advanced CASP. Therefore, if you are looking to jump-start your career, broaden your cybersecurity toolset, or set yourself apart in the industry by offering skill-set in analysis, the CySA+ is definitely a path to consider.
With more and more employers recognizing the importance of cybersecurity professionals and the role that analytics plays in establishing a comprehensive security posture, the salaries CySA+ holders can command speak for themselves.
- Occupational Employment Statistics, Bureau of Labor Statistics
- The Cybersecurity Workforce Gap, CSIS
- CompTIA CySA+, CompTIA
- CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives, CompTIA
- Cybersecurity labor crunch to hit 3.5 million unfilled jobs by 2021, CSO