Skip links

CompTIA Cybersecurity Analyst (CySA+) CS0-002


CompTIA Cybersecurity Analyst (CySA+) CS0-002

CompTIA Cybersecurity Analyst (CySA+) is an intermediate-level certification that validates your cybersecurity analyst skills and demonstrates the importance of risk mitigation of combating threats to networks and devices through continuous security monitoring. It is the only intermediate high-stakes cybersecurity analyst certification with both hands-on, performance-based questions and multiple-choice to prove you have the most up to date security analyst skills.



Access Length

12 Months




Course Overview

On course completion, you will be able to:
  • Collect and use cybersecurity intelligence and threat data.
  • Identify modern cybersecurity threat actors types and tactics, techniques, and procedures.
  • Analyze data collected from security and event logs and network packet captures.
  • Respond to and investigate cybersecurity incidents using forensic analysis techniques.
  • Assess information security risk in computing and network environments.
  • Implement a vulnerability management program.
  • Address security issues with an organization‘s network architecture.
  • Understand the importance of data governance controls.
  • Address security issues with an organization‘s software development life cycle.
  • Address security issues with an organization‘s use of cloud and service-oriented architecture

This course includes FREE access for 12 months to a cloud based lab platform to assist students develop the practical information technology (IT) skills necessary to succeed in high in demand IT jobs.  This cloud based lab solution uses real equipment that enables our students to execute each practical task in a safe environment that is accessible from anywhere without needing to buy their own hardware or risk damage to their own system.

Along with providing the necessary hardware in a virtual environment, students gain access to high quality practical exercises that cover many of the exam topics they will encounter on their certifying exams.

This course prepares students to take the CompTIA Cybersecurity Analyst (CySA+) CS0-002 certification exam.

Course Outline:

Lesson 1: Explaining the Importance of Security Controls and Security Intelligence

As a new or recently practicing cybersecurity analyst, you must be able to demonstrate the importance of security intelligence and threat intelligence. As understanding of threat types and actors grows, those threat actors change their tactics and procedures to escape detection. Consequently, identifying and updating robust intelligence sources and setting up effective information sharing systems is a critical part of the role of a cybersecurity analyst. Threat intelligence feeds into the selection and configuration of distinct types of security controls. It is important that you be able to classify the function and operation of different control types.

Lesson 2: Utilizing Threat Data and Intelligence

Cybersecurity is a mature discipline with well-established terminology and procedures. Part of this terminology concerns the identification of threats and threat actors, and of attack frameworks and indicators. You must be able to use threat intelligence and attack frameworks to model likely risks to your organization and perform threat hunting to proactively determine that your systems have not already been compromised. This commitment to proactive defense is at the heart of the CySA+ approach to security assurance.

Lesson 3: Analyzing Security Monitoring Data

Security information derives from network packet captures, traffic monitoring, and logs from security appliances and network application services. A monitoring tool is software that collects this data from hosts and network appliances for analysis and is the basis for an alerting system. These tools can be used to identify ongoing cybersecurity attacks and perform forensic analysis of past attacks. As a cybersecurity analyst, you must be able to analyze these data sources to identify threats and implement appropriate configuration changes in response. You should also be able to analyze email messages to detect malicious links and attachments, and to verify security properties, such as digital signatures and sender policy frameworks.

Lesson 4: Collecting and Querying Security Monitoring Data

Security monitoring depends to a great extent on the use of data captured in network traces, log files, and host-based scanners. Collecting this data into a single repository for analysis—a security information and event management (SIEM) system—will be a core part of your role as a cybersecurity analyst.

Lesson 5: Utilizing Digital Forensics and Indicator Analysis Techniques

Digital forensics is used to gather evidence to respond effectively to security incidents and to use to prosecute attackers. Forensics techniques are also used in threat hunting as a source of threat intelligence and to identify adversary tactics and procedures. As a cybersecurity analyst, you will need to be able to apply digital forensics techniques and tools to analyze indicators of compromise from data gathered from network traffic, hosts/endpoints, and applications.

Lesson 6: Applying Incident Response Procedures

CySA+ professionals are a core part of the team responsible for incident response planning and operations. You must be able to explain the importance of incident response, especially in terms of communications, coordinating response efforts, and protecting critical data assets. You must also be able to apply appropriate response procedures at each phase of the incident life cycle.

Lesson 7: Applying Risk Mitigation and Security Frameworks

Risk management supplies the context for the tools and procedures deployed for security monitoring. As a CySA+ professional, you must be able to apply security concepts to identify and prioritize risks, and use training and exercises to develop and test capabilities. You should also be able to explain the importance of policies and procedures in shaping secure organizational behaviors.

Lesson 8: Performing Vulnerability Management

Vulnerability scanning and management is a critical security task. As a CySA+ professional, you must be able to not only configure and operate vulnerability management activities, but also perform detailed analysis of the output from scans and advise on appropriate remediation and mitigation techniques. By managing vulnerabilities in the organization, you can more effectively identify where your organization is at risk and how to fix any security weaknesses that could lead to an incident.

Lesson 9: Applying Security Solutions for Infrastructure Management

Threat research, incident response, and analysis represent some of the core job functions for a cybersecurity analyst, but you will also have a role to play in applying security solutions for infrastructure management. This can involve use of identity and access management controls, network architecture and segmentation, and secure configuration of computing host hardware and specialized systems.

Lesson 10: Understanding Data Privacy and Protection

Business networks are put in place to perform processing and storage of data. As a security analyst, you must be familiar with the methods of identifying and classifying confidential and personal data. You must also understand the importance of technical and non-technical controls deployed to ensure data privacy and protection.

Lesson 11: Applying Security Solutions for Software Assurance

Few companies can operate with off-the-shelf software alone. Even if the business of a company is not software development, the use of code in websites and mobile apps, bespoke Line of Business applications, and network automation requires security oversight and monitoring. You must be able to explain software assurance best practices and implement controls to mitigate common attacks against software vulnerabilities and token-based authentication and authorization mechanisms. You must also be able to analyze the output from web application scanners and software assessment tools.

Lesson 12: Applying Security Solutions for Cloud and Automation

It is a long time since business IT operations consisted solely of server and workstation computers operating within a single local network. Web-based services and the use of mobile devices means that business networks have no easily defined edge, and that security operations extend across third-party networks and services. These facts raise complex issues that security professionals must be equipped to deal with. As a cybersecurity analyst, you must be able to explain the threats and vulnerabilities associated with operating in the cloud and analyze output from cloud infrastructure assessment tools.

All necessary course materials are included.


This course prepares students to take the CompTIA Cybersecurity Analyst (CySA+) CS0-002 certification exam.

Get Trained. Get Hired.

This program includes unparalleled training, career support, and coaching. It’s a faster, cheaper alternative to traditional schooling.

Begin your training right now.

Complete your training on your own terms.

Prepare to take certification exams.

Program Support

Focus and target your audience through the right channels.

Career Resources

Focus and target your audience through the right channels.

Payment Plans

Focus and target your audience through the right channels.

MyCAA Grants

Focus and target your audience through the right channels.