CompTIA to Release New CySA+ (CS0-002) in 2020

The CySA+ exam is undergoing a major overhaul. CompTIA estimates a 35% difference between the exam's original release from 2017 and the upcoming CS0-002 version. These alterations more closely match the exam's priorities to the skills demanded of today's cybersecurity workforce. That's why analysts need to know what to expect from the updated version.

CompTIA Cybersecurity Analyst (CySA+) is an intermediate-level workforce certification that, according to the official website, "applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats." It generally follows the entry-level CompTIA Network+ and Security+ certifications, and CySA+ runs parallel to PenTest+. The latter focuses on offensive "red team," while the former is for defensive "blue team" operations.

Although the new version will come out in April 2020 to replace the previous one, CompTIA allows a six-month grace period for the transition. So, those who already started preparing for the current version will have until October to pass the original exam.

The test contains a maximum of 85 questions, spread between multiple choice and performance-based questions. The length is 165 minutes and passing requires a score of 750 on a scale of 100-900. It costs $359 USD.

Because CySA+ meets the ISO 17024 standard and is approved by the U.S. Department of Defense to fulfill DoD 8570.01-M requirements, certified professionals have in-demand skills in a growing industry.

Expect a Harder CySA+ Test

Due to the ever changing nature of the security landscape, the industry asks CompTIA to update their certification exams every three years so that employers can be sure that their hires have the requisite skills for the job. To this end, the company recently ran a beta test to prepare for the coming launch of the 2020 version.

All indications lead us to believe that this version is more difficult than the last iteration. After sitting the beta exam, Jason Dion explains that version two is harder because it takes a much more in-depth approach to reading logs, doing analysis on the fly, and making recommendations. His experience was that objectives went much deeper and that the simulations were likewise more in-depth.

Along the same lines, Christine Smoley found that "more knowledge was required of the options and combinations available for any given command." Accordingly, she concluded that this exam more closely "aligned with what I see on the job. Much of the exam material will likely be familiar to anyone who's responsible for performing log or terminal output analysis."

This increased difficulty was intentional. CompTIA now recommends four years of relevant experience rather than the previous three years recommended. Because the exam is more challenging, they explain, professionals need more foundational knowledge before moving on to security analytics.

These leads us to two important questions. First, what changes did they make? Second, why did they make these changes?

Let's find out.

Change #1: Software Security

Since the previous test's release in 2017, the industry came to realize that software vulnerabilities pose major risks to workstations, networks, and underlying infrastructure alike. With software vulnerabilities on the rise, gone are the days when security analysts could just focus on hardware and infrastructure.

The industry is adapting by increased attention to security during the software development lifecycle and by providing additional security education to developers. In the meantime, organizations need to rely on security analysts to figure out if software is secure.

This led to the creation of a new job title: application security analyst, a position dedicated to mitigating software vulnerabilities and ensuring adherence to best practices for coding. The CySA+ supports this secondary role with the software security domain. This domain covers best practices for secure development and operations with a focus on building in security from the start as a required functionality.

Change #2: Security Operations Center Monitoring

Another expansion in the exam that correlates closely to real-world practices is security operations center (SOC) monitoring. Essentially, this means that analysts now need to take defense on the offense. This requires security analysts to go outside the perimeters of what they normally monitor to find incidents, breaches, and abnormal behavior.

Through proactive monitoring, SOC teams can work intentionally towards detecting malicious actors before they lead to substantial harm. To use a public health analogy, they are the vaccines of the cybersecurity world.

CompTIA expanded this content to accommodate two more secondary roles. This includes the threat hunter position, a security professional who proactively and iteratively detects, isolates, and neutralized advanced threats that evade automated security solutions alongside the threat analyst role, which is responsible for conducting analysis, providing assessments to discovered threats and vulnerabilities, and identifying policy violations.

Change #3: Incident Response

CompTIA also further expanded incident response in the new version because these skills are becoming increasingly important. Especially when we consider IoT and other embedded devices that aren't built with security in mind, finding ways to secure and respond to the risks that these devices pose is crucial.

The number of businesses using IoT devices is around 25% today and expected to increase substantially in coming years. Despite this widespread adoption, IoT security is not keeping pace with the threat landscape, thus creating unprecedented opportunities for bad actors. That's why security analysts are further tasked to understand these risks and find novel ways to mitigate them.

To this end, the CySA+ exam now supports another secondary role: the incident response handler. As the IT equivalent of a firefighter, this job rapidly addresses incidents and threats as they arise.

Change #4: Compliance

Government regulatory measures saw a drastic uptick in recent years, and this means that compliance concerns now affect the day-to-day work of cybersecurity analysts. Regulations like GDPR, HIPAA, and PCI-DSS require companies to follow strict protocols and demand regular audits. Much of this burden falls to security analysts.

Recognizing this burgeoning job requirement, CompTIA decided to create an entirely new domain for the CySA+ exam. The compliance domain requires professionals to understand these regulations and how to apply them to their daily jobs.

Lastly, this increased attention spawned yet another supported secondary role, the Compliance Analyst. This employee performs the company's internal audits as well as risk management and regulation monitoring.

Final Thoughts

At the end of the day, the CySA+ is expanding its scope and becoming more rigorous because of the rapidly changing and growing cybersecurity field and the expanding duties of cybersecurity analysts. This next iteration is harder because it reflects the reality of challenges that security analysts face on a daily basis. Essentially, today's analysts need more skills because they must confront more sophisticated advanced persistent threats (APTs).

For professionals who want to protect organizations against these dangers and who have the wherewithal to do so, the CySA+ provides an opportunity to further one's career in this direction. Because 92% of employers agree that IT certifications help ensure credibility of IT employees, those who demonstrate their commitment to excellence in the field set themselves apart from the pack while simultaneously staying up to date with the current threat landscape.

The CySA+ exam is changing because it had to. The changes that we've outlined above correspond closely to the latest advances to the cybersecurity profession. By expanding accordingly, CompTIA ensures that the CySA+ exam remains relevant to employers and professionals alike.