CySA+
CompTIA Cybersecurity Analyst+
SOC analyst skills: triage, log analysis, vulnerability management basics.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Market signals
public, citable inputs to the recognition score› Built for these roles
› Exam format
Up to 85 questions, 165 minutes. Mix of multiple-choice and performance-based items — log triage, alert review, scoping a vuln scan. Pearson VUE in person or online proctored.
Immediate first retake; 14-day wait between subsequent attempts.
› Recertification
60 CompTIA CEUs over the three-year cycle (avg 20/yr) plus the $50/yr Continuing Education Program fee. Higher-tier CompTIA certs auto-renew CySA+.
› 3-year cost of ownership
Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.
SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.
CTI lifecycle, MITRE ATT&CK, IOCs/TTPs, threat modeling (STRIDE, PASTA), STIX/TAXII.
› Also touched
Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.
IR playbooks, memory/disk/network forensics, chain of custody, malware analysis.
External attack-surface management (EASM), cyber asset attack-surface management (CAASM), continuous threat exposure management (CTEM), attack-path analysis, validation, and remediation orchestration.
› Prerequisites
Three to four years of hands-on experience in an information-security or related role recommended.
- Security+ level knowledge
- Log analysis and SIEM basics
- Vulnerability management concepts
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
› Study materials
Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.
- CompTIA CySA+ Study Guide (CS0-003) by Mike Chapple — Sybex
- CompTIA CySA+ Cert Guide (CS0-003) — Pearson IT Certification
- CompTIA CertMaster Learn + Labs
- Jason Dion CySA+ (Udemy)
- Boson ExSim-Max for CySA+ CS0-003
- Jason Dion Practice Exams (Udemy)
› Version & lifecycle
CS0-002 retired 2024-12. Performance-based questions test SOC analyst skills.
› Salary signal
SOC analyst tier 2 / threat hunter, US, 2–5 years.
Robert Half Salary Guide + Glassdoor 'SOC Analyst' aggregations · 2024 · US base only · p25–p75 range
› How it compares
Hands-on incident-response depth (GCIH) vs CySA+'s broader SOC analyst coverage.
↔ Compare side-by-side› Careers that commonly pursue this cert
Monitor, detect, and respond to security threats in a Security Operations Center. The front line of cyber defense.
Owns the end-to-end find → prioritize → fix → verify loop at scale, now increasingly AI-driven.
External-first role: inventories what an attacker can see, tracks what's new, and drives closure through the org. The outside-in counterpart to vuln management.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.