| certifications | comptia - Josh Burnett
Is the CySA+ Worth It?
Cybersecurity is arguably the most understaffed specialty in all of IT. Although there are a total of 700,000+ information security professionals employed in the United States, the fact that there are more than 300,000 unfilled cybersecurity jobs in America is shocking. The delta is growing, and by 2022, this specialty is projected to have nearly two million unfilled positions globally.
The driving force behind this is the increasing sophistication of black hat actors. They’ve learned ways to avoid traditional signature-based defenses like antivirus software and firewalls — and defending against these threats is the precise reason CompTIA's CySA+ certification was created. Let’s learn what the CySA+ is, what you need to do to earn it, and whether it’s the right call for you.
What is the CySA+?
CompTIA’s CySA+ certification isn’t very old, with the inaugural edition being released in 2017 and a subsequent revision in 2020. In that time, it’s managed to make quite a splash. One example is its appearance on the U.S. Department of Defense’s approved list to meet Directive 8570.01-M requirements. It complies with Federal Information Security Management Act (FISMA) regulations and is considered a baseline certification for five profession categories.
The initial certification in CompTIA’s cybersecurity certification path is the well-known Security+ accreditation. Prior to 2017, the next step up was the CompTIA Advanced Security Practitioner (CASP+), the highest level of security certification CompTIA offered. Recognizing the need for an intermediate accreditation between beginner and expert, the certifying organization created CySA+.
What Does the CySA+ Test?
Because of the advanced hacking trends mentioned earlier, CySA+ focuses on a candidate’s ability to apply “behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats through continuous security monitoring.”
The exam uses a combination of multiple-choice and performance-based questions to evaluate core cybersecurity analyst skills. CySA+ also emphasizes concepts like “software and application security, automation, threat hunting and IT regulatory compliance.”
Questions are divided across five domains:
- Compliance and Assessment
- Incident Response
- Software and Systems Security
- Security Operations and Monitoring
- Threat and Vulnerability Management
CompTIA states that their primary goal in certifying someone with a CySA+ is to reflect their abilities as a cybersecurity analyst who can monitor and identify vulnerabilities across a network, responding to and mitigating them regardless of the system attacked or the language used.
How Much Does the CySA+ Exam Cost?
A CySA+ voucher’s baseline cost is $359, although CompTIA offers numerous ways to bundle products and services to reduce this cost. The test itself takes 165 minutes, covering a maximum of 85 questions. A passing score is 750 on a 100-900-point scale.
What Experience Do You Need for the CySA+?
CompTIA recommends earning their Network+ and Security+ certifications as well as having four years of applied cybersecurity experience. These aren’t requirements, and they can be skipped, but it’s essential to understand CompTIA’s structure and look at your resume from an employer’s perspective.
CySA+ is a mid-level security certification that focuses on behavioral analytics across the network. It builds on the knowledge validated by Network+ and Security+ to confirm your baseline knowledge and higher-level experience. Although it’s certainly possible to earn a CySA+ without these other two certs in your back pocket, employers will likely and legitimately wonder if there are underlying skills gaps hidden by the lack of baseline certifications in CompTIA’s development pathway.
Security+ and Network+ are such well-established, widely recognized, and highly valued certifications that it doesn’t make much sense to skip them, anyway. Plus, CompTIA’s renewal policy automatically renews all lower-level certs when a higher difficulty accreditation is earned, so you’ll get a free renewal of both baseline certs when you pass CySA+.
Because of the comprehensive approach you’ll be using, CompTIA recommends being familiar with three broad categories of cybersecurity tools:
- Intrusion Detection System (IDS): Zeek and Snort
- Packet Capture: Wireshark
- Security Information and Event Management (SIEM): AT&T Cybersecurity/AlienVault OSSIM
Who Should Take the CySA+?
CySA+ would be valuable for any cybersecurity professional who isn’t already certified at a higher level. The complement to CySA+ is PenTest+, another CompTIA cybersecurity cert that’s focused on “red team,” or attack skill sets. Even if your career target is in the realm of white hat hacking, being certified in the most up to date “blue team” or defensive techniques can only make you better at your job.
Another popular certification in the information security arena is the EC Council’s Certified Ethical Hacker (CEH). Widely known and equally well respected, the CEH is the most commonly referenced penetration testing certification. There is a substantial degree of overlap in the material and techniques covered between the two, along with a few noticeable differences.
CySA+ focuses on hands-on application with practical problems, while the CEH is exclusively knowledge-based and uses a multiple-choice format. The CEH tends to be more preferred during the hiring process, while the CySA+ has quickly developed broad respect among the technical community.
CySA+ for Cybersecurity Analyst
Security analysts, also referred to as information security analysts, plan and implement security measures on an organization’s network. They perform regular checks to ensure that the network’s defenses are maintained and have not been breached. This job is often an entry-level job in the world of cybersecurity, but that isn’t to say it’s an entry-level job in IT.
Most security professionals have several years of experience under their belt before transitioning into an IT specialty. In these earlier positions, they were most likely to earn CompTIA’s Network+ and possibly Security+. Earning the CySA+ in a security analyst role firmly establishes your presence as an expert with a broad base of knowledge and experience.
CySA+ for Security Engineer
Security engineers design, develop, and oversee security systems. To do this effectively, they need to be intimately familiar with the most current offensive and defensive network techniques. As an engineer, you’re expected to have a substantial knowledge base from which to draw, and CySA+ validates that. This CompTIA certification should be considered all but mandatory for security engineers.
CySA+ for Threat Intelligence Analyst
Where cybersecurity analysts focused inward on a network’s defense, threat intelligence analysts look outward at possible attack vectors. To use a medieval example, security analysts are the troops regularly walking the castle walls while the threat analysts are scouts riding out to discover what the enemy is up to. These analysts use tools like adversary targeting, digital forensics, and all-source analyses. Knowing how your network is defended is critical to a working understanding of how black hat hackers might try to exploit it. A CySA+ would prove to be a valuable tool for a threat intelligence analyst.
Is the CySA+ Worth It?
In a word, yes. There are some exceptions to this: if you’ve already earned the CASP+ certification, there’s no need to go back and pursue a lower-level cert. Additionally, if you haven’t yet gotten Network+ and Security+ under your belt, you should seek those before signing up for the CySA+ exam. With those few caveats, any professional in the cybersecurity realm would benefit from having this affordable, well-respected badge from a well-known certifying organization like CompTIA.
Using CySA+ to Learn Skills
Preparing for the CySA+ is an excellent way to apply textbook knowledge. The hands-on, lab-based portion of the test can put seemingly black-and-white information into a more practical, living perspective. Establishing your skillset across all five of the domains that CySA+ covers will prepare you for the next step in an information security career.
Using CySA+ to Validate Skills
Having a CompTIA certification is proof positive that you’re qualified to work in that knowledge area. The organization made an excellent choice by establishing an intermediate security certification. In the short three years since its inception, it has developed a solid reputation among the IT community for accurately evaluating someone’s cybersecurity skills. Earning the CySA+ is an excellent way to validate your skill set.