SecProve
ProfessionalVendor-neutralISACA· issued from US

CCOA

Certified Cybersecurity Operations Analyst

ISACA certification for SOC analysts with hybrid exam of multiple choice and performance-based questions. Focus on incident detection, response, and threat analysis. New since 2024.

Official page at ISACA↔ Compare with another cert
Exam fee
$575
Ongoing
$45/yr AMF · 20 CPE/yr
Study time
60–120 hrs
Delivery
Test center
Validity
3 yrs (renewal cycle)

› Quality score

21.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
ISACA's cybersecurity operations associate — newer, blueprint still maturing.
7.0/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
Includes performance-based items and lab-style scenarios.
4.0/10
Currency & upkeep
How aggressively content is kept current with the field.
Refreshes track ISACA's SOC practice content.
6.0/10
Market recognition
How often this signal actually moves a hiring decision.
New (2024); recognition still building.
4.0/10

› Built for these roles

SOC AnalystsSecurity AnalystsIncident Response Analysts

› Exam format

Hybrid: 115 MC + 25 performance-based, 4 hours, 450/800

Passing score
450/800 (scaled)
Retake policy
Fee: $575 per attempt
Wait: 30d between attempts
Cap: 4 attempts/year

ISACA member $575 / non-member $760. 4 attempts per rolling 12-month window.

› Recertification

CPEs per ISACA policy, $45/$85 AMF

› 3-year cost of ownership

Exam (1×)
$575
AMF (3×)
$135@$45/yr
Total
$710

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-001PD-WRL-003
Recognition
Global
Exam languages
en

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A10Security Operations

SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.

A11Detection Engineering & Threat Hunting

SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.

› Prerequisites

Experience

2-3 years cybersecurity experience recommended

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides
Training providers
  • ISACA Official CCOA Online Course
Practice tests
  • ISACA CCOA QAE
Free / community

› Version & lifecycle

Current version
Launched 2024
Released
2024-04

ISACA's first technical-tier hands-on cert. Includes performance-based items.

› Salary signal

SOC analyst tier 2 / threat hunter, US, 2-5 years.

$95K$145K
median $115K

ISACA Salary Survey + Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

vs
CySA+

Both target SOC analyst tracks — CCOA carries ISACA brand weight; CySA+ has broader hiring-manager familiarity.

↔ Compare side-by-side
vs
GCIH

GCIH goes deeper at higher cost; CCOA is mid-tier with stronger management-track signaling.

↔ Compare side-by-side

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications