ProfessionalVendor-neutralOffSec· issued from US

OSDA

Offensive Security Defense Analyst

Official page at OffSec ↔ Compare with another cert

Exam fee

$1,649

Ongoing

$0/yr AMF

Study time

200–400 hrs

Delivery

Online proctored

Validity

3 yrs (renewal cycle)

› Quality score

28.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

OffSec Defense Analyst ECO covers SOC triage, hunting, IR.

7.5/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

Hands-on lab against a synthetic SOC environment.

8.5/10

Currency & upkeep

How aggressively content is kept current with the field.

Refreshed alongside OffSec defensive track.

7.0/10

Market recognition

How often this signal actually moves a hiring decision.

Growing recognition in MSSP / SOC hiring.

5.5/10

› Exam format

Practice-based: 23 hours 45 min. hands-on exam (SOC Analyst, log analysis, threat detection) + report. Proctored.

Passing score

Lab points-based with report

Retake policy

Fee: $249 per attempt

Wait: 0d between attempts

Retake voucher $249 separately. No wait period beyond exam scheduling availability.

› Recertification

Valid indefinitely. No renewal required.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-001PD-WRL-003

Recognition

Global

Exam languages

› Core domains covered

The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A10Security Operations

SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.

A11Detection Engineering & Threat Hunting

SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.

A7Incident Response & Forensics

IR playbooks, memory/disk/network forensics, chain of custody, malware analysis.

› Prerequisites

Experience

No formal prerequisites. SOC-200 course recommended. Basic SOC knowledge required.

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (1)

Security+CompTIA

OSDA

OffSec

Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides

SOC-200 Course — included with bundle — OffSec

Training providers

OffSec SOC-200 Foundational Security Operations & Defensive Analysis

Practice tests

OffSec Proving Grounds Practice

Free / community

r/oscp (course threads)

› Version & lifecycle

Current version

SOC-200 (2024)

Released

2024-04

› Salary signal

SOC analyst / blue team operator, US, 2-4 years.

$95K–$145K

median $115K

Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

CySA+

OSDA is hands-on lab-graded SOC analyst; CySA+ is multiple-choice + scenario.

↔ Compare side-by-side

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications