The document provides an overview of the CompTIA Cybersecurity Analyst (CySA+) certification, focusing on the latest version (CS0-003) which includes updated domains and exam objectives aimed at assessing security analyst skills. Key changes include a reduction in exam domains, emphasizing threat intelligence and vulnerability management, and a shift towards automated tools for incident response. Training resources and details about the exam format, including costs and availability, are also outlined.

2. Meet the
panel
Director, Certification Product Management
CompTIA
Jeff Peters
Director of Brand and Content Marketing
Infosec
Patrick Lane

3. Today’s
webcast
➢ CompTIA CySA+ (CS0-003) overview
➢ CySA+ CS0-003 changes
➢ CySA+ CS0-003 domains & exam
➢ Q&A

4. Free CySA+ resources
Free resources from Infosec
and CompTIA
⮚ CySA+ resource hub
⮚ CySA+ boot camp
⮚ CS0-002 vs CS0-003 guide
⮚ Infosec course catalog

5. CompTIA CySA+ overview

6. What is CompTIA CySA+?
⮚ CompTIA Cybersecurity Analyst (CySA+) is an IT workforce certification
that assesses the security analyst and incident response analyst
skills needed to prevent, detect and respond to cybersecurity threats
on networks and devices.
⮚ Individuals who pass the exam prove their ability to perform the
intermediate-level duties of a security analyst and incident response
analyst.
⮚ CySA+ focuses on the candidates’ ability to proactively identify,
monitor and respond to security incidents, but also emphasizes
software and application security, automation, threat hunting,
reporting and communication.
⮚ CySA+ covers the most up-to-date security analyst skills used by
incident response analysts, SOC analysts, vulnerability management
analysts, security engineers and threat hunters.
⮚ The latest version (CS0-003) is scheduled for public release June 2023.

7. CompTIA CySA+ certification
Detect and analyze indicators of malicious activity
Understand threat hunting and threat intelligence concepts
Use appropriate tools and methods to manage, prioritize, and respond to attacks
and vulnerabilities
Perform incident response processes
Understand reporting and communication concepts related to vulnerability
management and incident response activities
The CompTIA CySA+ certification exam will verify the successful candidate has the knowledge
and skills required to:

8. CySA+ job roles
Primary job roles
➢ Security analyst
➢ Security Operations Center (SOC) analyst
➢ Incident response analyst
Secondary job roles
➢ Vulnerability management analyst
➢ Security engineer
➢ Threat hunter
Recommended experience
➢ Network+, Security+ or
equivalent knowledge.
➢ Minimum of 4 years of hands-on
experience as an incident
response analyst or security
operations center (SOC) analyst,
or equivalent experience.

9. CompTIA career pathway
CompTIA certifications align with the skill sets needed to support and manage IT
infrastructure. Enter where appropriate for you. Consider your experience and existing
certifications or course of study.

10. CySA+ exam changes

11. Newer CySA+ skills
Updated tools: Security analyst tools, such as enterprise Security Information and
Event Management (SIEM) systems have matured to include more automated
features, such as Security Orchestration and Automated Response (SOAR), to help
get the job done. Other security analyst tools, such as EDR/XDR, provide
monitoring and response and easily integrate across SIEMs.
Cloud and mobile: Expanded coverage of cloud, mobile, and zero trust indicators
of compromise.
Threat intelligence: More emphasis on threat hunting topics, threat feeds vs.
threat reports; automation of intel (e.g., automated threat feed); how to prioritize
alerts for better incident response.
20% of exam objectives were updated to include:

12. CS0-003 exam objectives
➢ One less exam domain (4 vs. 5) with rearranged topics. Previous Domain 2.0
Software and Systems Security was integrated into first two domains of new version.
➢ 15 exam objectives versus 21 to focus on key tasks of security operations,
vulnerability management, incident response management and
reporting/communication.
➢ 12 pages versus 15 to align topics and terms with newer, more focused work tasks.
80% of topics are similar.
Exam purpose and audience are similar (003 vs 002):

13. CySA+ exam domains: What's new?
CS0-003 CS0-002
Exam domains % Equivalent exam domains %
1.0 Security Operations 33% 3.0 Security Operations and Monitoring 25%
2.0 Software and Systems Security 18%
2.0 Vulnerability Management 30% 1.0 Threat and Vulnerability Management 22%
3.0 Incident Response Management 20% 3.0 Incident Response 22%
4.0 Reporting and Communication 17% 5.0 Compliance and Assessment 13%

14. CySA+ exam domains

15. 1.0 Security Operations
CS0-003 Updated objectives
1.1 Explain the importance of system and network architecture concepts in security operations.
1.2 Given a scenario, analyze indicators of potentially malicious activity.
1.3 Given a scenario, use appropriate tools or techniques to determine malicious activity.
1.4 Compare and contrast threat-intelligence and threat-hunting concepts.
1.5 Explain the importance of efficiency and process improvement in security operations.

16. 2.0 Vulnerability Management
CS0-003 Updated objectives
2.1 Given a scenario, implement vulnerability scanning methods and concepts.
2.2 Given a scenario, analyze output from vulnerability assessment tools.
2.3 Given a scenario, analyze data to prioritize vulnerabilities.
2.4 Given a scenario, recommend controls to mitigate attacks and software vulnerabilities.
2.5 Explain concepts related to vulnerability response, handling, and management.

17. 3.0 Incident Response and Management
CS0-003 Updated objectives
3.1 Explain concepts related to attack methodology frameworks.
3.2 Given a scenario, perform incident response activities.
3.3 Explain the preparation and post-incident activity phases of the incident management life
cycle.

18. 4.0 Reporting and Communication
CS0-003 Updated objectives
4.1 Explain the importance of vulnerability management reporting and communication.
4.2 Explain the importance of incident response reporting and communication.

19. CySA+ exam details

20. CySA+ CS0-003 exam details
Item Description
Exam code CS0-003
Launch date June 6, 2023
Availability Worldwide
Retail price $392 USD
Testing Provider Pearson VUE Testing Centers, OnVUE
Question types Performance based and multiple choice
# of questions Maximum of 85 questions
Length of exam 165 minutes
Passing score 750 (on a scale of 100-900)
Languages English, with Japanese, Portuguese and Spanish to follow
Recommended
experience
Network+, Security+ or equivalent knowledge. Minimum of 4 years of hands-on experience as an incident
response analyst or security operations center (SOC) analyst, or equivalent experience.
Exam retirement CS0-002 to retire December 5, 2023 (English) with Japanese to follow

21. CySA+ training resources

22. CompTIA Authorized Training Partner
Two ways to train for your CySA+ certification:
CySA+ Boot Camp
➢ 90-day extended access to Boot Camp
components, including class recordings
➢ 100% Satisfaction Guarantee
➢ Exam Pass Guarantee
➢ Exam voucher
➢ Free 90-day Infosec Skills subscription (access
to 1,400+ additional courses and labs)
➢ Hands-on cyber ranges and labs
➢ Knowledge Transfer Guarantee
➢ Onsite proctoring of exam
➢ Pre-study learning path
➢ Unlimited practice exam attempts
Infosec Skills subscription
➢ 190+ role-guided learning paths (e.g.,
CySA+, CISSP, Ethical Hacking)
➢ 100s of hands-on labs in cloud-hosted
cyber ranges
➢ Custom certification practice exams (e.g.,
CISSP, Security+)
➢ Skill assessments
➢ Infosec peer community support

23. Questions?

24. About us
Infosec puts people at the center of
cybersecurity through role-guided
training that’s accessible and engaging.
We help IT and security professionals
advance their careers with skills
development and certifications while
empowering all employees with security
awareness and phishing training to stay
cyber-safe at work and home.
www.infosecinstitute.com