CompTIA has been pushing their new Cybersecurity Analyst+ (CSA+) certification for a few months now. The CSA+ is a vendor-neutral approach to validating candidates have the critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats. These skills include the ability to:
- Configure, validate, and use various security tools
- Analyze logs, packets, and other system outputs in order to uncover threats
- Interpret the output of tools to assess vulnerabilities, scope, and risk
These skills are critical since Information Security Analysts are projected to be one of the fastest growing occupations through 2024 (see chart below).
It seemed interesting, so I signed up as a beta tester, and was satisfied with the exam questions. Unfortunately, my exam crashed after submitting my exam, so I was refunded my beta cost of $50.
As one of the leads for an Cyber Incident Response SOC (Security Operations Center) I’m always on the lookout for new credentials that will help our SOC analysts get to the next level. Despite my crashed beta test, I went ahead and registered for the official certification exam in the first month it was available.
Overall, the exam is a great way to validate the skills of newer SOC/Vulnerability analysts since it takes on a practical approach to testing. The exam included several scenario-based questions which requires some critical thinking. Many of the questions included screenshots from real tools that challenge your analysis and interpretation skills. The exam was was relatively light on concept-level things like OSI Model, CIA triad, ratings of various cables, wireless technologies specification, etc which is a nice contrast to the concept-heavy Network+ and Security+ exams.
My thoughts are probably best answered in FAQ format, so here you go!
- How did you prepare for the exam?
I didn’t actually prepare for this exam, having seen the beta exam I felt confident enough to take the official exam. I’ve spent 5+ years in a cybersecurity operations role and my overall cybersecurity experience goes back 7+ years, so all the technologies were familiar to me.
- What would you recommend to others interested in this exam?
I would recommend others to spend hands-on time with vulnerability analysis tools (like tenable), intrusion detection systems (like Snort, Sourcefire, Bro), scanning tools (like NMAP), native OS commands (like netstat, ipconfig), and SIEM technologies (like Spunk, OSSIM). Additionally, I would challenge yourself with creating a PowerPoint to help teach/cover the exam objectives here: comptia-cybersecurity-analyst-(cs0-001). Studies have found studying with the expectation of teaching is more effective that traditional studying, other general study tips are available here: The 9 BEST Scientific Study Tips.
- Was the exam easy?
In technology circles, guys are so quick to dismiss something as “easy” which intimidates those completely new to the field, so I wouldn’t say it’s easy. It’s a well-structured exam that is an appropriate challenge to anyone who’s spent the hours using all the tools listed in CompTIA’s exam objectives. Any real-world SOC analyst would probably view this exam being best suited for entry-level analysts.
- What was the hardest part of the exam?
Since my brain tends to overthink everything I’ve always had a challenge with “best answer” questions when multiple answers sound totally plausible. I did pretty well, but this aspect of the exam was probably the most annoying/difficult.
- Was the exam a good alternative to the Network+ and Security+ exams? It seems like a fusion of both.
Honestly, I think the CSA+ is a complement to those two. I consider the Network+ and Security+ to be the basic requirements for anyone trying to enter the cybersecurity field, not that these certifications are required… but I wouldn’t hire someone for anything above intern/entry-level unless they understand the concepts covered under the Network+ and Security+. The CSA+ is a nice validation for those who have been in a hands-on role for a 1-2 years already.
- What makes the CSA+ a credible credential?
CompTIA definitely tries to make the CSA+ credible. It’s ISO/ANSI 17024 accredited and has been submitted to the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements. Additionally, CompTIA held workshops with professionals around the industry to craft this exam, their technical SME’s (Subject Matter Experts) include individuals from organizations like the U.S. Navy, FireEye, Amazon, Target, Tenable, Booz Allen, Tripwire, and several others.
For anyone with “imposter syndrome” (a psychological phenomenon in which people are unable to see themselves as knowledgeable or credible in their own field) the CSA+ is certainly worth the investment!
Plus, learning is always fun and if you can tie a certification to it, why not?