CompTIA Cybersecurity Analyst (CySA+)

Prerequisites:

Minimum of 4 years of hands-on experience as an incident response analyst or security operations center (SOC) analyst or equivalent experience.

Target Audience:

Primary Job Roles

• Security Analyst
• Security Operations Center (SOC) Analyst

Secondary Job Roles

• Vulnerability Management Analyst
• Security Engineer
• Threat Hunter

Course Objectives:

The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to detect and analyze indicators of malicious activity, understand threat intelligence and threat management, respond to attacks and vulnerabilities, perform incident response, and report and communicate related activity.

Acquired Skills

• Security Operations – Improve processes in security operations and differentiate between threat intelligence and threat hunting concepts as well as identify and analyze malicious activity using the appropriate tools and techniques.
• Vulnerability Management – Implement and analyze vulnerability assessments, prioritize vulnerabilities, and make recommendations on mitigating attacks and vulnerability response.
• Incident Response and Management – Apply updated concepts of attack methodology frameworks, perform incident response activities, and understand the incident management lifecycle.
• Reporting and Communication – Apply communication best practices in vulnerability management and incident response as it relates to stakeholders, action plans, escalation, and metrics.

Course Outline:

Lesson 1: Understanding Vulnerability Response, Handling, and Management

• Understanding Cybersecurity Leadership Concepts
• Exploring Control Types and Methods
• Explaining Patch Management Concepts

Lesson 2: Exploring Threat Intelligence and Threat Hunting Concepts 

• Exploring Threat Actor Concepts
• Identifying Active Threats
• Exploring Threat-Hunting Concepts

Lesson 3: Explaining Important System and Network Architecture Concepts 

• Reviewing System and Network Architecture Concepts
• Exploring Identity and Access Management (IAM)
• Maintaining Operational Visibility

Lesson 4: Understanding Process Improvement in Security Operations

• Exploring Leadership in Security Operations
• Understanding Technology for Security Operations

Lesson 5: Implementing Vulnerability Scanning Methods

• Explaining Compliance Requirements
• Understanding Vulnerability Scanning Methods
• Exploring Special Considerations in Vulnerability Scanning

Lesson 6: Performing Vulnerability Analysis 

• Understanding Vulnerability Scoring Concepts
• Exploring Vulnerability Context Considerations

Lesson 7: Communicating Vulnerability Information 

• Explaining Effective Communication Concepts
• Understanding Vulnerability Reporting Outcomes and Action Plans

Lesson 8: Explaining Incident Response Activities 

• Exploring Incident Response Planning
• Performing Incident Response Activities

Lesson 9: Demonstrating Incident Response Communication 

• Understanding Incident Response Communication
• Analyzing Incident Response Activities

Lesson 10: Applying Tools to Identify Malicious Activity 

• Identifying Malicious Activity
• Explaining Attack Methodology Frameworks
• Explaining Techniques for Identifying Malicious Activity

Lesson 11: Analyzing Potentially Malicious Activity

• Exploring Network Attack Indicators
• Exploring Host Attack Indicators
• Exploring Vulnerability Assessment Tools

Lesson 12: Understanding Application Vulnerability Assessment 

• Analyzing Web Vulnerabilities
• Analyzing Cloud Vulnerabilities

Lesson 13: Exploring Scripting Tools and Analysis Concepts 

• Understanding Scripting Languages
• Identifying Malicious Activity Through Analysis

Lesson 14: Understanding Application Security and Attack Mitigation Best Practices

• Exploring Secure Software Development Practices
• Recommending Controls to Mitigate Successful Application Attacks
• Implementing Controls to Prevent Attacks