CompTIA cysa+ certification changes: Everything you need to know

Meet your
speakers
Patrick Lane
Guest speaker
Director, Certiﬁcation Product Management
CompTIA

Announcement
https://www.comptia.org
https://home.pearsonvue.com/comptia/onvue

Agenda
● Why did CompTIA create CySA+?
○ Analyst approach needed
○ Job demand
● Cybersecurity career pathway
● CySA+ CS0-002 updates
● CySA+ CS0-002 certiﬁcation details
● Q&A

Lessons learned after 2013-2014 attacks
We must apply behavioral analytics to cybersecurity to improve
the overall state of cybersecurity
● We must focus on network behavior in an organization’s interior
network
● We must identify network anomalies that indicate bad behavior
We must train IT security professionals security analyst skills,
which include:
● Leverage intelligence and threat detection techniques
● Analyze and interpret data
● Identify and address vulnerabilities
● Suggest preventative measures
● Eﬀectively respond to and recover from incidents

COVID-19 security risks
Cybersecurity-related headlines in the last 2 weeks!
● Phishing emails sent to sign into your account to get a free bottle
of hand sanitizer, open an attachment from your employer on tips
to prevent infection or schemes against taxpayers
● Cybercriminals impersonating IT help desks
● Malware used to wipe everything off a computer or corrupt master
boot record of Windows machines so the hard drive is unusable –
with no financial gain
● Targeting of vulnerabilities in VPN devices and gateway appliances
to breach a network
● Attackers will increasingly leverage lures tailored to the new
stimulus bill and related recovery efforts, as well as targeting
home delivery food apps
● Hackers are disrupting routers’ Domain Name System (DNS)
settings as telework surges around the world

CompTIA Cybersecurity Analyst (CySA+)
Created to address the industry need for IT security analysts.
As attackers have learned to evade traditional
signature-based solutions, an analytics-based
approach has become extremely important. CySA+
applies behavioral analytics to IT security to improve
the overall state of cybersecurity through continuous
security monitoring.

Job growth indicators
Information security analyst jobs will grow
much faster than average, with 28% growth
between 2016 and 2026.
8 in 10 hiring managers indicate that IT security
certiﬁcations are valuable for validating
cybersecurity-related knowledge/skills or
evaluating job candidates.*
The U.S. Bureau of Labor Statistics (BLS)
classiﬁes CySA+ under Information Security
Analysts, which includes:
• 2018 median pay: $98,350 annual per year
• Number of jobs available: 100,000*
* Latest pay info from U.S. Bureau of Labor Statistics; Job openings and hiring manager info derived from CompTIA international research reports.

Reason for the update: Industry changes
Security analyst core job functions remain the same, but additional
functions are needed. The job role is a moving target as newer
technologies and regulations aﬀect it.
● Core function remains the same: continuous security monitoring
● More focus on software security
● Growing trend of “going on the oﬀense with defense”
● Emphasis on incident response
● Increased IT regulatory environment

How industry changes affected job roles
New CS0-002 Previous CS0-002
Security analyst
- Tier II SOC analyst
- Security monitoring
Security analyst
Security operations center (SOC) analyst
Security engineer Security engineer
Threat intelligence analyst Threat intelligence analyst
Threat hunter* --
Application security analyst* --
Incident response or handler* --
Compliance analyst* --
-- Cybersecurity specialist
-- Vulnerability analyst (now in PenTest+)
Primary job titles remain similar, while secondary job titles are changing along with the industry
*Secondary job titles indicate job roles that require security analyst skills but aren’t full-time security analysts

How industry changes affected job roles
Primary job roles remain the same:
● Continuous security monitoring (security analyst, security engineer
and threat intelligence analyst)
Secondary job roles are changing along with the industry:
● More focus on software security (application security analyst)
● Growing trend of “Going on the oﬀense with defense” (threat
hunter)
● Emphasis on incident response (incident response or handler)
● Increased IT regulatory environments (compliance analyst)

How changes affected exam domains
CS0-002 domains % of exam Equivalent CS0-001 domains % of exam
1.0 Threat and vulnerability
management
22%
1.0 Threat management
2.0 Vulnerability management
27%
26%
2.0 Software and vulnerability
management
18% -- --
3.0 Security operations and monitoring 25% 4.0 Security architecture and tool sets 24%
4.0 Incident response 22% 3.0 Cyber incident response 23%
5.0 Compliance and assessment 13% -- --
There are six main changes between the previous CySA+ CS0-001 exam domains and the new
CS0-002 exam domains.

Six changes to exam domains
1. The Threat Management and Vulnerability Management exam
domains have combined into one because many of these skills are now
covered in Security+, which is earlier in the CompTIA cybersecurity
career pathway.
2. Software security grew into an exam domain. As networks become
more secure across the globe, software risks have grown. The
application security analyst job role is now a covered job role in CySA+.
3. The Security Architecture and Tool Sets domain was distributed
throughout the new domains, as they are applicable to most topics.
Tools are now distributed by topic, instead of all tools listed in one
domain. It is an instructional design improvement.

Six changes to exam domains
4. The Security Operations and Monitoring domain covers how to go
on the offense with defense. Growing job roles such as threat hunter
bring new techniques for finding incidents outside of the security
operations center (SOC).
5. The Incident Response domain has been updated to include more
cloud security environments, embedded/IoT devices and automation.
Job roles such as incident response or handler are included in the
growing list of job roles covered by CySA+.
6. The Compliance and Assessment domain was added because
security analysts must understand how to help their employers comply
to and maintain regulatory compliance to avoid fines. Growing job
roles such as compliance analyst demonstrates the important of
regulatory compliance.

CompTIA Cybersecurity Analyst (CySA+)
Domain % of exam
1.0 Threat and vulnerability management 22%
2.0 Software and vulnerability management 18%
3.0 Security operations and monitoring 25%
4.0 Incident response 22%
5.0 Compliance and assessment 13%
The CompTIA Cybersecurity Analyst (CySA+) CS0-002 vendor-neutral certiﬁcation exam will determine an IT pro’s
ability to proactively defend and continuously improve the security of an organization. It will verify the successful
candidate has the knowledge and skills required to:
● Leverage intelligence and threat detection techniques
● Analyze and interpret data
● Identify and address vulnerabilities
● Suggest preventive measures
● Eﬀectively respond to and recover from incidents
Job titles:
● Security analyst
○ Tier II SOC analyst
○ Security monitoring
● Threat intelligence analyst
● Security engineer
● Application security analyst
● Incident response or handler
● Compliance analyst
● Threat hunter

Organizations that assisted in CySA+ development
● RxSense
● Netﬂix
● Spohn Consulting, Inc.
● East Tennessee State University
● GEHA
● Johns Hopkins University Applied Physics Laboratory
● University of Maryland University College
● Kirkpatrick Price
● Paylocity
● Stonewatch Security
● Brotherhood Mutual
● Gemalto Canada Inc
● Cyber Strike Solutions, LLC
● DST Systems
● Target
● U.S. Department of Defense
● U.S. Department of Veterans Aﬀairs
● U.S. Navy
● U.S. Treasury Department
● Northrop Grumman
● RICOH USA
● Japan Business Systems (JBS)
● Federal Reserve Bank of Chicago
● Washington State Patrol
● KirkpatrickPrice
● Integra
● Dell SecureWorks
● Linux Professional Institute
● Boulder Community Health
● Western Governors University
● Summit Credit Union
Nearly 2,200 security analysts and/or IT pros assisted with the development of CySA+. Some of the
biggest contributors are listed below.

Performance-based assessment
Recommended free open source
software for training purposes*
Description URL
Wireshark Network protocol analyzer / packet
capture tool
https://www.wireshark.org
Zeek (formerly Bro) and/or Snort Network intrusion detection
systems (NIDS)
https://www.zeek.org
https://www.snort.org
AlienVault Open Source SIEM
(OSSIM) with Open Threat Exchange
(OTX)
Security Information and Event
Management (SIEM) software
https://cybersecurity.att.com/produ
cts/ossim
The CySA+ exam will include hands-on, performance-based simulations.
● To prepare for these performance-based assessments, trainers, educators and publishers
should emphasize open-source analytics tools and teamwork.

CySA+ CS0-002 exam details
Item Description
Exam code CS0-002
Launch Date April 21, 2020
Availability Worldwide
Pricing $359 USD
Testing Provider Pearson VUE Testing Centers
Question Types Performance based and multiple choice
No. of Questions Maximum of 85 questions
Length of Test 165 minutes
Passing Score 750 (on a scale of 100-900)
Languages English
Recommended Experience
Network+, Security+ or equivalent knowledge.
4 years of hands-on information security or related experience.
Exam retirement CS0-001 to retire in October 2020

Domain 1.0: Threat and vulnerability management
Exam objectives
1.1 Explain the importance of threat data and intelligence
1.2 Given a scenario, utilize threat intelligence to support organizational security
1.3 Given a scenario, perform vulnerability management activities
1.4 Given a scenario, analyze the output from common vulnerability assessment tools
1.5 Explain the threats and vulnerabilities associated with specialized technology
1.6 Explain the threats and vulnerabilities associated with operating in the cloud
1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities

Domain 2.0: Software and systems security
Exam objectives
2.1 Given a scenario, apply security solutions for infrastructure management
2.2 Explain software assurance best practices
2.3 Explain hardware assurance best practices

Domain 3.0: Security operations and monitoring
Exam objectives
3.1 Given a scenario, analyze data as part of security monitoring activities
3.2 Given a scenario, implement conﬁguration changes to existing controls to improve security
3.3 Explain the importance of proactive threat hunting
3.4 Compare and contrast automation concepts and technologies

Domain 4.0: Incident response
Exam objectives
4.1 Explain the importance of the incident response process
4.2 Given a scenario, apply the appropriate incident response procedure
4.3 Given an incident, analyze potential indicators of compromise
4.4 Given a scenario, utilize basic digital forensics techniques

Domain 5.0: Compliance and assessment
Exam objectives
5.1 Understand the importance of data privacy and protection
5.2 Given a scenario, apply security concepts in support of organizational risk mitigation
5.3 Explain the importance of frameworks, policies, procedures and controls

Free year of Infosec Skills
($299)
And the winner is ...

Everyone gets a free week
of Infosec Skills.
Then it’s just $34/month
infosecinstitute.com/skills

About us
At Infosec, we believe knowledge is the most
powerful tool in the ﬁght against cybercrime. We
provide the best certiﬁcation and skills
development training for IT and security
professionals, as well as employee security
awareness training and phishing simulations.
infosecinstitute.com
708.689.0131
33

CompTIA cysa+ certification changes: Everything you need to know

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to CompTIA cysa+ certification changes: Everything you need to know

Similar to CompTIA cysa+ certification changes: Everything you need to know (20)

More from Infosec

More from Infosec (20)

Recently uploaded

Recently uploaded (20)

CompTIA cysa+ certification changes: Everything you need to know