CySA+
CompTIA Cybersecurity Analyst+
SOC analyst skills: triage, log analysis, vulnerability management basics.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Market signals
public, citable inputs to the recognition score› Built for these roles
› Exam format
Up to 85 questions, 165 minutes. Mix of multiple-choice and performance-based items — log triage, alert review, scoping a vuln scan. Pearson VUE in person or online proctored.
Immediate first retake; 14-day wait between subsequent attempts.
› Recertification
60 CompTIA CEUs over the three-year cycle (avg 20/yr) plus the $50/yr Continuing Education Program fee. Higher-tier CompTIA certs auto-renew CySA+.
› 3-year cost of ownership
Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.
SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.
CTI lifecycle, MITRE ATT&CK, IOCs/TTPs, threat modeling (STRIDE, PASTA), STIX/TAXII.
› Also touched
Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.
IR playbooks, memory/disk/network forensics, chain of custody, malware analysis.
External attack-surface management (EASM), cyber asset attack-surface management (CAASM), continuous threat exposure management (CTEM), attack-path analysis, validation, and remediation orchestration.
› Prerequisites
Three to four years of hands-on experience in an information-security or related role recommended.
- Security+ level knowledge
- Log analysis and SIEM basics
- Vulnerability management concepts
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
› Study materials
Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.
- CompTIA CySA+ Study Guide (CS0-003) by Mike Chapple — Sybex
- CompTIA CySA+ Cert Guide (CS0-003) — Pearson IT Certification
- CompTIA CertMaster Learn + Labs
- Jason Dion CySA+ (Udemy)
- Boson ExSim-Max for CySA+ CS0-003
- Jason Dion Practice Exams (Udemy)
› Version & lifecycle
CS0-002 retired 2024-12. Performance-based questions test SOC analyst skills.
› Salary signal
SOC analyst tier 2 / threat hunter, US, 2–5 years.
Robert Half Salary Guide + Glassdoor 'SOC Analyst' aggregations · 2024 · US base only · p25–p75 range
› How it compares
Hands-on incident-response depth (GCIH) vs CySA+'s broader SOC analyst coverage.
↔ Compare side-by-side› Careers that commonly pursue this cert
Monitor, detect, and respond to security threats in a Security Operations Center. The front line of cyber defense.
Owns the end-to-end find → prioritize → fix → verify loop at scale, now increasingly AI-driven.
External-first role: inventories what an attacker can see, tracks what's new, and drives closure through the org. The outside-in counterpart to vuln management.
› Common exam traps to study
Cybersecurity cert exams reuse the same 25 distractor patterns over and over — category confusion, RTO vs RPO, IDS vs IPS, MD5 vs SHA-256, and more. Once you can name the trap, you stop falling for it. Each archetype page covers what it is, the specific pairs candidates confuse, and how to avoid it.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.