CompTIA Cybersecurity Analyst (CySA+)

Description

CompTIA Cybersecurity Analyst (CySA+) is an intermediate, vendor-neutral certification for cybersecurity professionals responsible for incident detection, prevention, and response through continuous security monitoring. It validates the hands-on skills needed to proactively defend an organization, manage vulnerabilities, and support incident response activities.

This course prepares learners for the CompTIA CySA+ CS0-004 (V4) exam. The V4 update applies behavioral analytics to combat modern threats through continuous monitoring, incident response, and vulnerability management. It introduces dedicated coverage of artificial intelligence (AI) use cases and risks, modern security architectures used in today’s Security Operations Centers (SOCs), and advanced vulnerability management practices such as SBOM and EPSS-based prioritization.
The CySA+ certification is also DoD 8570/8140 approved, making this course an excellent choice for military, civilian, and contractor personnel who require compliance with Department of Defense cybersecurity workforce standards.

Additional Course Information

Schedule and Pricing

Target Audience

This course is ideal for IT cybersecurity professionals with three to four years of hands-on information security or related experience, including:

  • Security analysts and SOC (Security Operations Center) analysts
  • Vulnerability analysts and threat intelligence analysts
  • Security engineers and security operations staff
  • Incident responders and incident response analysts
  • Application security analysts and compliance/risk analysts
Pre-Requisites
Approximately three to four years of hands-on information security or related experience. CompTIA Security+ (or equivalent knowledge and experience) is recommended prior to attending.
Objectives
  • Explain system and network architecture concepts that support secure operations, including logging, identity, encryption, and modern frameworks (ZTNA, SASE, cloud-native).
  • Detect and analyze indicators of potentially malicious activity across networks, endpoints, cloud, and identity systems.
  • Use industry-standard tools and methods—SIEM, EDR/XDR, packet analyzers, and threat intelligence platforms—to determine malicious activity.
  • Apply threat intelligence and threat-hunting concepts to proactively identify and investigate threats.
  • Run a vulnerability management program: scanning, analysis, prioritization (CVSS and EPSS), and risk-based remediation.
  • Execute the incident response lifecycle from detection through containment, eradication, recovery, and post-incident activities.
  • Summarize AI use cases, security risks, and governance considerations within security operations.
  • Produce clear vulnerability and incident response reporting that drives stakeholder decisions.
Course Delivery Modality
VILT
Duration in Hours
40
Credits Eligible
1
Course Vendor

Course Outline

Module 1 — System and Network Architecture Concepts

  • Logging concepts: ingestion, configuration, integrity and security, time synchronization, and retention
  • Operating system concepts, hardening, file structures, and critical processes
  • Infrastructure concepts: cloud-native, virtualization, containerization, and APIs
  • Network architecture: Zero Trust Network Access (ZTNA), SASE, and hybrid cloud
  • Identity and access management: PAM, authentication/authorization methods, and secrets management
  • Encryption, data protection, and OT/ICS/SCADA fundamentals
  • Security control types (physical, technical, administrative) and control functions

Module 2 — Analyzing Indicators of Potentially Malicious Activity

  • Network-based indicators: rogue devices, enumeration, and unexpected ports/traffic
  • Host-based indicators: resource spikes, unauthorized software, LOLBins, and file changes
  • Application- and cloud-based anomalies
  • Identity-based indicators: impossible travel and unauthorized access
  • Social engineering and Business Email Compromise (BEC)

Module 3 — Tools and Methods to Determine Malicious Activity

  • Packet capture and analysis (Wireshark, tcpdump) and IDS/IPS engines (Snort, Suricata, Zeek)
  • SIEM, EDR/XDR, and threat intelligence platforms (TIPs)
  • File and reputation analysis; common log and file formats (JSON, XML, YAML, EVTX)
  • Scripting for analysis with Python, PowerShell, and shell

Module 4 — Threat Intelligence and Threat Hunting

  • Threat actors, motivations, and TTPs; MITRE ATT&CK and the pyramid of pain
  • Indicators of compromise: collection, analysis, and application (atomic vs. behavioral)
  • Threat modeling (STRIDE), threat mapping, and cyber deception

Module 5 — Efficiency and Process Improvement

  • Standardized playbooks and runbooks; SOAR and automation/orchestration
  • Data enrichment, alert and rule tuning, and dashboards
  • Tool integration via APIs, webhooks, and plug-ins

Module 6 — Artificial Intelligence in Security Operations (New in V4)

  • AI use cases in the SOC: log analysis, event correlation, documentation, investigations, and automation
  • AI security risks: hallucinations, data exposure, model poisoning, and malicious prompts (prompt injection)
  • AI governance and oversight: usage policies and legal/regulatory considerations

Module 7 — Vulnerability Scanning Methods and Concepts

  • Asset discovery and inventory; scan planning for scope, sensitivity, segmentation, and regulatory needs
  • Internal vs. external, agent vs. agentless, credentialed vs. non-credentialed, active vs. passive scanning
  • Baseline and compliance scanning (PCI DSS, CIS, ISO 27000)

Module 8 — Analyzing and Prioritizing Vulnerabilities

  • Interpreting scanner output; validating, consolidating, and deduplicating findings
  • Risk scoring with CVSS plus context; prioritization using the Exploit Prediction Scoring System (EPSS)
  • Handling false positives and tracking exceptions
  • Software supply chain security and Software Bill of Materials (SBOM)

Module 9 — Vulnerability Response, Handling, and Mitigation

  • Controls to mitigate: patching, configuration changes, and compensating controls
  • Change windows, rollback planning, retesting, and remediation validation
  • Risk-based remediation planning and inhibitors to remediation

Module 10 — Attack Methodology Frameworks

  • Cyber kill chain, MITRE ATT&CK, and the Diamond Model of Intrusion Analysis
  • Testing guides and methodologies (OSSTMM, OWASP) for context

Module 11 — Performing Incident Response

  • Lifecycle: detection, analysis, containment, eradication, and recovery
  • Evidence acquisition and digital forensics fundamentals
  • Root-cause analysis

Module 12 — Preparedness and Post-Incident Activities

  • Incident response plans, tooling, and playbooks
  • Tabletop exercises and training; business continuity and disaster recovery alignment
  • Post-incident review and lessons learned

Module 13 — Vulnerability Management Reporting and Communication

  • Compliance reporting, action plans, and inhibitors to remediation
  • Metrics and KPIs; communicating risk to stakeholders

Module 14 — Incident Response Reporting and Communication

  • Incident declaration, escalation, and stakeholder identification
  • Incident reporting, root-cause summaries, and lessons-learned communication