CompTIA to Release New CySA+

In 2019, the CompTIA CySA+ exam underwent significant changes to better align with the evolving cybersecurity landscape. With a 35% difference from its original 2017 version (CS0-002), it now addresses the latest industry priorities.

CompTIA's Cybersecurity Analyst (CySA+) certification, positioned at an intermediate level, applies advanced behavioral analytics to combat contemporary cyber threats. It follows CompTIA Network+ and Security+ certifications, complementing PenTest+ with a focus on "blue team" defensive operations.

The exam comprises a maximum of 85 questions, encompassing multiple-choice and performance-based formats, with a duration of 165 minutes. A passing score of 750 out of 900 is required, and the exam fee is now $404.

Because CySA+ meets the ISO 17024 standard and is approved by the U.S. Department of Defense to fulfill DoD 8570.01-M requirements, certified professionals have in-demand skills in a growing industry.

Note: CompTIA CySA+ (CS0-002) retired on December 5, 2023. Vouchers for the CS0-002 version had to be used, and exams had to be taken by this date. If you missed it, you will no longer be able to use the vouchers.

Expect a Harder CySA+ Test

Due to the ever-changing nature of the security landscape, the industry asks CompTIA to update their certification exams every three years so that employers can be sure that their hires have the requisite skills for the job.

All indications lead us to believe that this version is more difficult than the last iteration. After sitting the beta exam, Jason Dion explains that version two is harder because it takes a much more in-depth approach to reading logs, doing analysis on the fly, and making recommendations. His experience was that objectives went much deeper and that the simulations were likewise more in-depth.

Along the same lines, Christine Smoley found that "more knowledge was required of the options and combinations available for any given command." Accordingly, she concluded that this exam more closely "aligned with what I see on the job. Much of the exam material will likely be familiar to anyone responsible for performing log or terminal output analysis."

This increased difficulty was intentional. CompTIA now recommends four years of relevant experience rather than the previous three years recommended. Because the exam is more challenging, they explain, professionals need more foundational knowledge before moving on to security analytics.

This leads us to two important questions. First, what changes did they make? Second, why did they make these changes?

Let's find out.

Change #1: Software Security

Since the previous test's release the industry has come to realize that software vulnerabilities pose major risks to workstations, networks, and underlying infrastructure alike. With software vulnerabilities on the rise, gone are the days when security analysts could just focus on hardware and infrastructure.

The industry is adapting by increasing attention to security during the software development lifecycle and by providing additional security education to developers. In the meantime, organizations need to rely on security analysts to figure out if the software is secure.

This led to the creation of a new job title: application security analyst, a position dedicated to mitigating software vulnerabilities and ensuring adherence to best practices for coding. The CySA+ supports this secondary role in the software security domain. This domain covers best practices for secure development and operations with a focus on building security from the start as a required functionality.

Change #2: Security Operations Center Monitoring

Another expansion in the exam that correlates closely to real-world practices is security operations center (SOC) monitoring. Essentially, this means that analysts now need to take defense on the offense. This requires security analysts to go outside the perimeters of what they normally monitor to find incidents, breaches, and abnormal behavior.

Through proactive monitoring, SOC teams can work intentionally towards detecting malicious actors before they lead to substantial harm. To use a public health analogy, they are the vaccines of the cybersecurity world.

CompTIA expanded this content to accommodate two more secondary roles. This includes the threat hunter position, a security professional who proactively and iteratively detects, isolates, and neutralizes advanced threats that evade automated security solutions alongside the threat analyst role, which is responsible for conducting analysis, providing assessments to discovered threats and vulnerabilities and identifying policy violations.

Change #3: Incident Response

CompTIA also further expanded incident response in the new version because these skills are becoming increasingly important. Especially when we consider IoT and other embedded devices that aren't built with security in mind, finding ways to secure and respond to the risks that these devices pose is crucial.

The adoption of IoT devices is poised for significant growth. According to Statista, the global count of IoT devices is expected to nearly double from 15.1 billion in 2020 to surpass 29 billion by 2030, with China leading with approximately 8 billion consumer devices.

Despite this widespread adoption, IoT security is not keeping pace with the threat landscape, thus creating unprecedented opportunities for bad actors. That's why security analysts are further tasked to understand these risks and find novel ways to mitigate them.

To this end, the CySA+ exam now supports another secondary role: the incident response handler. As the IT equivalent of a firefighter, this job rapidly addresses incidents and threats as they arise.

Change #4: Compliance

Government regulatory measures saw a drastic uptick in recent years, and this means that compliance concerns now affect the day-to-day work of cybersecurity analysts. Regulations like GDPR, HIPAA, and PCI-DSS require companies to follow strict protocols and demand regular audits. Much of this burden falls to security analysts.

Recognizing this burgeoning job requirement, CompTIA decided to create an entirely new domain for the CySA+ exam. The compliance domain requires professionals to understand these regulations and how to apply them to their daily jobs.

Lastly, this increased attention spawned yet another supported secondary role, the Compliance Analyst. This employee performs the company's internal audits as well as risk management and regulation monitoring.

Final Thoughts

At the end of the day, CySA+ is expanding its scope and becoming more rigorous because of the rapidly changing and growing cybersecurity field and the expanding duties of cybersecurity analysts.

This next iteration is harder because it reflects the reality of challenges that security analysts face daily. Essentially, today's analysts need more skills because they must confront more sophisticated advanced persistent threats (APTs).

For professionals who want to protect organizations against these dangers and who have the wherewithal to do so, the CySA+ provides an opportunity to further one's career in this direction.

Because 92% of employers agree that IT certifications help ensure the credibility of IT employees, those who demonstrate their commitment to excellence in the field set themselves apart from the pack while simultaneously staying up to date with the current threat landscape.

The CySA+ exam is changing because it had to. The changes that we've outlined above correspond closely to the latest advances in the cybersecurity profession. By expanding accordingly, CompTIA ensures that the CySA+ exam remains relevant to employers and professionals alike.