Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-cysa-certification-changes-everything-you-need-to-know/
Information security analyst is one of the fastest-growing job categories in the U.S., with 35 percent overall growth expected by 2031. CompTIA’s Cybersecurity Analyst+ (CySA+) is one of the most popular certifications related to the role — and it’s getting an update in 2023 to align with the most in-demand knowledge and skills requested by employers.
Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn everything you need to know about the latest CySA+ certification and exam (CS0-003) updates, including:
- Evolving security analyst job skills
- Common job roles for CySA+ holders
- What’s changed from CS0-002 to CS0-003
- Tips to pass the updated CySA+ exam
- Plus CySA+ questions from live viewers
6. What is CompTIA CySA+?
⮚ CompTIA Cybersecurity Analyst (CySA+) is an IT workforce certification
that assesses the security analyst and incident response analyst
skills needed to prevent, detect and respond to cybersecurity threats
on networks and devices.
⮚ Individuals who pass the exam prove their ability to perform the
intermediate-level duties of a security analyst and incident response
analyst.
⮚ CySA+ focuses on the candidates’ ability to proactively identify,
monitor and respond to security incidents, but also emphasizes
software and application security, automation, threat hunting,
reporting and communication.
⮚ CySA+ covers the most up-to-date security analyst skills used by
incident response analysts, SOC analysts, vulnerability management
analysts, security engineers and threat hunters.
⮚ The latest version (CS0-003) is scheduled for public release June 2023.
7. CompTIA CySA+ certification
Detect and analyze indicators of malicious activity
Understand threat hunting and threat intelligence concepts
Use appropriate tools and methods to manage, prioritize, and respond to attacks
and vulnerabilities
Perform incident response processes
Understand reporting and communication concepts related to vulnerability
management and incident response activities
The CompTIA CySA+ certification exam will verify the successful candidate has the knowledge
and skills required to:
8. CySA+ job roles
Primary job roles
➢ Security analyst
➢ Security Operations Center (SOC) analyst
➢ Incident response analyst
Secondary job roles
➢ Vulnerability management analyst
➢ Security engineer
➢ Threat hunter
Recommended experience
➢ Network+, Security+ or
equivalent knowledge.
➢ Minimum of 4 years of hands-on
experience as an incident
response analyst or security
operations center (SOC) analyst,
or equivalent experience.
9. CompTIA career pathway
CompTIA certifications align with the skill sets needed to support and manage IT
infrastructure. Enter where appropriate for you. Consider your experience and existing
certifications or course of study.
11. Newer CySA+ skills
Updated tools: Security analyst tools, such as enterprise Security Information and
Event Management (SIEM) systems have matured to include more automated
features, such as Security Orchestration and Automated Response (SOAR), to help
get the job done. Other security analyst tools, such as EDR/XDR, provide
monitoring and response and easily integrate across SIEMs.
Cloud and mobile: Expanded coverage of cloud, mobile, and zero trust indicators
of compromise.
Threat intelligence: More emphasis on threat hunting topics, threat feeds vs.
threat reports; automation of intel (e.g., automated threat feed); how to prioritize
alerts for better incident response.
20% of exam objectives were updated to include:
12. CS0-003 exam objectives
➢ One less exam domain (4 vs. 5) with rearranged topics. Previous Domain 2.0
Software and Systems Security was integrated into first two domains of new version.
➢ 15 exam objectives versus 21 to focus on key tasks of security operations,
vulnerability management, incident response management and
reporting/communication.
➢ 12 pages versus 15 to align topics and terms with newer, more focused work tasks.
80% of topics are similar.
Exam purpose and audience are similar (003 vs 002):
13. CySA+ exam domains: What's new?
CS0-003 CS0-002
Exam domains % Equivalent exam domains %
1.0 Security Operations 33% 3.0 Security Operations and Monitoring 25%
2.0 Software and Systems Security 18%
2.0 Vulnerability Management 30% 1.0 Threat and Vulnerability Management 22%
3.0 Incident Response Management 20% 3.0 Incident Response 22%
4.0 Reporting and Communication 17% 5.0 Compliance and Assessment 13%
15. 1.0 Security Operations
CS0-003 Updated objectives
1.1 Explain the importance of system and network architecture concepts in security operations.
1.2 Given a scenario, analyze indicators of potentially malicious activity.
1.3 Given a scenario, use appropriate tools or techniques to determine malicious activity.
1.4 Compare and contrast threat-intelligence and threat-hunting concepts.
1.5 Explain the importance of efficiency and process improvement in security operations.
16. 2.0 Vulnerability Management
CS0-003 Updated objectives
2.1 Given a scenario, implement vulnerability scanning methods and concepts.
2.2 Given a scenario, analyze output from vulnerability assessment tools.
2.3 Given a scenario, analyze data to prioritize vulnerabilities.
2.4 Given a scenario, recommend controls to mitigate attacks and software vulnerabilities.
2.5 Explain concepts related to vulnerability response, handling, and management.
17. 3.0 Incident Response and Management
CS0-003 Updated objectives
3.1 Explain concepts related to attack methodology frameworks.
3.2 Given a scenario, perform incident response activities.
3.3 Explain the preparation and post-incident activity phases of the incident management life
cycle.
18. 4.0 Reporting and Communication
CS0-003 Updated objectives
4.1 Explain the importance of vulnerability management reporting and communication.
4.2 Explain the importance of incident response reporting and communication.
20. CySA+ CS0-003 exam details
Item Description
Exam code CS0-003
Launch date June 6, 2023
Availability Worldwide
Retail price $392 USD
Testing Provider Pearson VUE Testing Centers, OnVUE
Question types Performance based and multiple choice
# of questions Maximum of 85 questions
Length of exam 165 minutes
Passing score 750 (on a scale of 100-900)
Languages English, with Japanese, Portuguese and Spanish to follow
Recommended
experience
Network+, Security+ or equivalent knowledge. Minimum of 4 years of hands-on experience as an incident
response analyst or security operations center (SOC) analyst, or equivalent experience.
Exam retirement CS0-002 to retire December 5, 2023 (English) with Japanese to follow
24. About us
Infosec puts people at the center of
cybersecurity through role-guided
training that’s accessible and engaging.
We help IT and security professionals
advance their careers with skills
development and certifications while
empowering all employees with security
awareness and phishing training to stay
cyber-safe at work and home.
www.infosecinstitute.com