The CompTIA CySA+ training and certification course is designed for individuals who are keen to delve into the stimulating world of cyber security. It serves as the perfect stepping stone for those aiming to build a prosperous career in this rapidly growing field, especially for individuals who are already working in IT and wish to transition towards cyber security.
For those who are new to the IT industry, we recommend a structured learning journey. Commence with the CompTIA A+ to familiarise yourself with the foundational concepts, progress to the CompTIA Network+ to gain valuable networking skills, and then move on to the CompTIA Security+ to understand essential security principles. Once you have mastered these areas, ideally with some experience in the field, you are then sufficiently equipped to take on the CySA+ course, which will amplify your understanding and application of cyber security techniques.
The CompTIA CySA+ certification opens doors to a range of rewarding job roles in Cyber Security.
Each role involves unique responsibilities, and salaries vary depending on experience and expertise.
Here are some potential job roles, from entry-level to senior positions, along with their average UK salaries*:
IT Technician: An entry-level role involving basic IT support tasks. Average salary: £20,000 to £30,000 per annum.
Cyber Security Analyst: This role involves protecting IT infrastructure through threat analysis and mitigation. Average salary: £30,000 to £50,000 per annum.
Information Security Analyst: This position involves planning and implementing security measures. Average salary: £35,000 to £55,000 per annum.
Network Security Specialist: This role involves protecting an organisation's network from threats. Average salary: £45,000 to £65,000 per annum.
Cyber Security Engineer: This role involves designing, implementing, and managing secure IT systems. Average salary: £50,000 to £80,000 per annum.
Cyber Security Manager: A leadership role, overseeing an organisation's cyber security strategy and team. Average salary: £60,000 to £100,000 per annum.
Chief Information Security Officer (CISO): A senior leadership role, responsible for an organisation's information and data security. Average salary: £80,000 to £150,000 per annum.
Our CompTIA CySA+ Cyber Security Analyst course syllabus is comprehensive, covering a range of topics and concepts essential to the role of a Cyber Security Analyst. When you enrol on our course, you can expect to learn:
Security Analytics: Understanding and applying the principles of security analytics, and using these to identify potential threats and vulnerabilities.
Threat Management: Learning to identify, assess, and manage threats to IT infrastructure.
Appropriate Tools: Selecting and utilising the right tools for threat detection, vulnerability management, and cyber incident responses.
Identity and Access Management: Implementing effective identity and access management strategies to safeguard sensitive information.
Software Development Lifecycle: Understanding the software development lifecycle and how security considerations should be integrated at each stage.
Threat Detection Tools: Gaining competencies in using threat detection tools to identify and mitigate cyber threats.
Appropriate Forensics Tools: Picking and using the appropriate forensics tools to investigate and analyse cyber incidents.
Review Security Architecture: Reviewing and enhancing security architecture to improve overall security posture.
Performance Data Analysis: Analysing performance data to identify potential security issues and improve systems' resilience.
Security Issues Related: Identifying and addressing security issues related to networking, applications, and systems.
Post Incident Response Process: Learning to effectively manage the post-incident response process, including documentation, analysis, and implementation of preventative measures.
Network Vulnerabilities and Access Management: Identifying network vulnerabilities and implementing appropriate access management measures to maintain security.
Structured Threat Information eXpression (STIX)
Trusted Automated eXchange of Indicator Information (TAXII)
Known threat vs unknown threat
Advanced persistent threat
Information sharing and analysis communities
The Diamond Model of Intrusion Analysis
Indicator of compromise (IoC)
Standard vulnerability scoring system (CVSS)
Threat modelling methodologies
Total attack surface
Threat intelligence sharing with supported functions
Detection and monitoring
Active vs passive scanning
False positive - True negative
Verification of mitigation
Scanning parameters and criteria
Risks associated with scanning activities
Credentialed vs non-credentialed
Server-based vs agent-based
Internal vs external
Types of data
Intrusion prevention system (IPS), intrusion detection system (IDS), and firewall settings
Inhibitors to remediation
Memorandum of understanding (MOU)
Service-level agreement (SLA)
Business process interruption
Web application scanner
OWASP Zed Attack Proxy (ZAP)
Infrastructure vulnerability scanner
Software assessment tools and techniques
Active vs passive
Wireless assessment tools
Cloud Infrastructure assessment tools
Internet of Things (IoT)
Real-time operating system (RTOS)
Field programmable gate array (FPGA)
Physical access control
Building automation systems
Vehicles and drones
Workflow and process automation systems
Industrial control system
Supervisory control and data acquisition (SCADA)
Cloud service models
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Cloud deployment models
Function as a Service (FaaS)/ serverless architecture
Infrastructure as code (IaC)
Insecure application programming interface (API)
Improper key management
Logging and monitoring
Insufficient logging and monitoring
Inability to access
Extensible markup language (XML) attack
Structured query language (SQL) injection
Remote code execution
Document object model (DOM)
Improper error handling
Insecure object reference
Sensitive data exposure
Insecure components - Insufficient logging and monitoring - Weak or default configurations - Use of insecure functions - strcpy
Cloud vs on-premises
Virtual private cloud (VPC)
Virtual private network (VPN)
Virtual desktop infrastructure (VDI)
Identity and access management
Multifactor authentication (MFA)
Single sign-on (SSO)
Cloud access security broker (CASB)
Monitoring and logging
2.2 Explain software assurance best practices.
Software development life cycle (SDLC) integration
Software assessment methods
User acceptance testing
Stress test application
Security regression testing
Secure coding best practices
Static analysis tools
Dynamic analysis tools
Formal methods for verification of critical software
Security Assertions Markup Language (SAML)
Simple Object Access Protocol (SOAP)
Representational State Transfer (REST)
Hardware root of trust
Trusted platform module (TPM)
Hardware security module (HSM)
Unified Extensible Firmware Interface (UEFI)
Processor security extensions
Trusted firmware updates
Measured boot and attestation
System and application behaviour
User and entity behaviour analytics (UEBA)
Uniform Resource Locator (URL) and domain name system (DNS) analysis
Domain generation algorithm
Packet and protocol analysis
Web application firewall (WAF)
Intrusion detection system (IDS)/ Intrusion prevention system (IPS)
Organisational impact vs localised impact
Immediate vs total
Security information and event management (SIEM) review
Known-bad Internet protocol (IP)
Domain Keys Identified Mail (DKIM)
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Sender Policy Framework (SPF)
E-mail signature block
Intrusion prevention system (IPS) rules
Data loss prevention (DLP)
Endpoint detection and response (EDR)
Network access control (NAC)
Establishing a hypothesis
Profiling threat actors and activities
Threat hunting tactics
Executable process analysis
Reducing the attack surface area
Bundling critical assets
Improving detection capabilities
Security Orchestration, Automation, and Response (SOAR)
Application programming interface (API) integration
Automated malware signature creation
Threat feed combination
Use of automation protocols and standards
Security Content Automation Protocol (SCAP)
Limiting communication to trusted parties
Disclosing based on regulatory/ legislative requirements
Preventing inadvertent release of information
Using a secure method of communication
Response coordination with relevant entities
Legal Human resources
Internal and external
Factors contributing to data criticality
Personally identifiable information (PII)
Personal health information (PHI)
Sensitive personal information (SPI)
Documentation of procedures
Detection and analysis
Characteristics contributing to severity level classification
System process criticality
Eradication and Recovery
Restoration of permissions
Reconstitution of resources
Restoration of capabilities and services
Verification of logging/ communication to security monitoring
Lessons learned report
Change control process
Incident response plan update
Incident summary report
Irregular peer-to-peer communication
The rogue device on the network
Unusual traffic spike
Common protocol over a non-standard port
Drive capacity consumption
Abnormal OS process behaviour
File system change or anomaly
Registry change or anomaly
Unauthorised scheduled task
Introduction of new accounts
Unexpected outbound communication
Changes to binaries
Privacy vs security
A non-disclosure agreement (NDA)
Data loss prevention (DLP)
Digital rights management (DRM)?
Geographic access requirements
Business impact analysis
Risk identification process
Communication of risk factors
Security controls -
Documented compensating controls
Training and exercises
Supply chain assessment
Vendor due diligence
Hardware source authenticity
Policies and procedures
Code of conduct/ethics
Acceptable use policy (AUP)
Work product retention
Audits and assessments
Exam Code: CS0-003
Certification: CompTIA Cybersecurity Analyst (CySA+)
Exam Duration: 165 minutes
Number of Questions: Maximum of 85 questions
Question Type: Multiple Choice and Performance-Based
Passing Score: 750 (on a scale of 100-900)
Exam Purpose: The CySA+ exam verifies the successful candidate has the knowledge and skills required to apply threat detection techniques, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organisation with the end goal of securing and protecting applications and systems within an organisation.
Please note that CompTIA certification exams, policies and procedures are subject to change, so please check the official CompTIA website for the most current information before your exam.