In this article, we cover whether the CompTIA CySA+ is worth your time and effort. We also have a comparison of the CySA+ to the PenTest+.
When considering any professional certification, an individual will usually ask if the certification is worth their time and effort needed to pass the exam. Since the CompTIA Cybersecurity Analyst+ (CySA+) is a newer exam, many potential test takers have asked if the CySA+ is really worth it.
Ready to Start Your Cybersecurity Career?
Get my FREE 5-part series "Strategies for New Cyber Careers". These strategies can help you get your cyber career started. I'll also send you my weekly newsletter every Wednesday with resources that every cyber professional needs to know.
So, is the CompTIA CySA+ worth it? If you are currently working or trying to apply for a position in the cybersecurity field and want a well-respected professional certification to add to your resume, while at the same time expanding upon your existing cybersecurity knowledge, the CompTIA CySA+ may be a good option for you.
While this answer may seem straightforward, you may wonder what makes the CompTIA CySA+ worth the time and effort. Let’s take an in-depth look at a few of the reasons why the CompTIA CySA+ is considered to be a highly recommended professional certification.
CySA+ Required Experience
Most of today’s technical certifications will have a recommended amount of experience you should have before trying to pass an exam. The CompTIA CySA+ is not an exception to this rule. Some of the other higher-level exams will require you to apply to take the test, request your professional background and work experience, and some even require you to have a certified sponsor who has already passed the exam. For the CompTIA+ CySA+, there are no prerequisites as previously mentioned, anyone can take the exam, no matter what your existing experience level is. However, CompTIA does recommend that you have, at a minimum, 3-4 years of relevant hands-on experience in the information security field or have successfully passed the CompTIA Network+ and Security+ certifications.
The CySA+ Exam Is Not Overly Expensive
For someone just starting a career in the Cybersecurity field, a big concern that you may have is the actual cost of the exam. The current price of the CySA+ exam is $349, which is considered somewhat cheaper than other intermediate level certifications which can easily cost over $600. In actuality, the cost of the exam, in the long run, will be more than worth it if you decide to pursue a job in the Cybersecurity career field, considering the benefits that the certification can apply to your career.
CySA+ is Approved by the Department of Defense (DoD) as an 8570 Baseline Certification
The DoD developed the 8570 Directive which provides guidance for the training, certification, and management of the DoD workforce. When a certification is recognized by the DoD, it means that the DoD recognizes its value and validity. The DoD has approved the CompTIA CySA+ as a DoD 8570 baseline certification in 5 different profession categories. Four of these categories are for various Cybersecurity Service Provider (CSSP) jobs and one is for a level two Information Assurance Technical (IAT) job.
CySA+ Doesn’t Take Very Long to Learn
How long will it take you to prepare for the CySA+? This depends on many factors, including how long you have been in the Cybersecurity field, if at all, how familiar you already are with the subject matter, and how much free time you have in order to successfully prepare for the exam. CompTIA has an authorized partner program where you can search for hands-on training classes. These courses are much more expensive than the exam itself, however, the course materials are concentrated which reduces the overall course duration down to five 8-hour days of instructor taught, classroom learning. As an additional means of study, you can also read exam cram books and study guides that cover, in great detail, the CompTIA CySA+ exam and complete practice problems online to reinforce your knowledge of the subject matter prior to scheduling your exam. The bottom line is, the more study materials you review, the better chance you have of passing this exam. Setting aside a few hours a day for approximately two months should be ample time for studying. Again, this also depends on your level of information retention and existing knowledge of the subject matter.
CySA+ is Becoming Well Known
Whenever you look at professional certifications, you want to know if it is well-known and respected in the field. The CompTIA CySA+ was released in early 2017 but has since gained a lot of respect in the field. The CompTIA CySA+ is a vendor-neutral certification which allows it to hold more value across a variety of job categories. It is also one of the DoD 8570 baseline certifications, which further increases its respect and validity in the field. The CompTIA CySA+ has become very popular across the Cybersecurity workforce.
How Does the CySA+ Compare to the PenTest+ and Similar Exams?
You may be wondering how the CySA+ compares to similar Cybersecurity exams regarding difficulty and material. The CySA+ exam is meant to be combined with PenTest+ to bridge the gap between the CompTIA Security+ exam, which is more generalized and a step-down, and the CompTIA Advanced Security Practitioner (CASP+), which is the highest-level certification that CompTIA offers within the Cybersecurity pathway. The CySA+ cannot be compared to the PenTest+ because they are complete opposites. In a nutshell, the CySA+ certification focuses on defense or “blue team” techniques and skill sets, while the PenTest+ focuses on the attack or “red team” techniques and skillsets.
If you compare the CompTIA CySA+ to the EC Council’s Certified Ethical Hacker (CEH) exam, the CySA+ is both better and worse than CEH. The CompTIA CySA+ is more affordable, in-depth and hands-on than the CEH. The CEH, however, is more well-known and respected by employers. While both exams share similar exam objectives, the CySA+ has some hands-on simulations/problems where the CEH is multiple choice. The main difference between the two is how the exams are viewed as far as complexity. The CEH is more well-known and respected amongst employers during the hiring process while the CompTIA+ CySA+ is more respected within the technical community itself.
What to Expect on the CySA+
When preparing for an exam, you should take an in-depth look at the exam objectives. These are easy to find with a quick Google search. The exam objectives for the CompTIA CySA+ certification exam includes threat management, cyber incident response, vulnerability, and security architecture and tool sets. There are a few recommended tools that you should familiarize yourself, prior to taking the exam, those primarily being Wireshark, Bro and/or Snort, at the very minimum.
How Difficult is the CySA+ Exam?
When going for an exam, you want to consider what the test encompasses and the difficulty level overall. The CompTIA CySA+ consists of several simulation style questions, in addition to the standard multiple-choice questions. This adds to the difficulty of the test. A sizeable portion of the test is relating to logging files and attack recognition techniques. With that being said, the exam is not easy, but it is not entirely difficult either. Again, using study guides, taking practice exams, and familiarizing yourself with the tools of the trade is the key to successful completion of any technical exam.
What Salary Can a CySA+ Expect?
When it comes to figuring out how much a certification is really worth, it is important to look at how much it could increase your salary over the long-term. The average technical professional, with an active CompTIA CySA+ certification, can earn roughly between $80,000 to $90,000 salary per year. That number will fluctuate based on your level of experience, in that people just starting out in the field tend to make slightly less than people with more years of experience in the same technical field. While having a CompTIA CySA+ certification may not increase your salary directly, it will provide you with more career pathways to choose from. Having a CompTIA CySA+ certification will also make you more marketable to employers and give you the edge over other individuals vying for the same position.
What is the Retake Policy for the CySA+?
The CompTIA CySA+ retake policy is simple. After the first attempt, there is no required wait period between your next exam. Any attempts after that will require a 14-day wait period before your next attempt.
How Long is the CySA+ Certification Good For?
Like most CompTIA certifications, the CySA+ is good for three (3) years after the completion date of your initial exam.
What Does It Take It To Recertify the CySA+?
The CySA+ requires 60 Continuing Education Units (CEUs) for recertification. These CEUs can be acquired through activities and training related to the certification. You will also have to pay a fee for your continuing education. For the CompTIA CySA+, you will need to pay $50 each year to be able to submit your completed events/training for CEUs. You will have to pay that $50 fee based on the time since your exam date, not the calendar year. You can also retake the latest release of the exam, pass a higher-level CompTIA certification or complete a CompTIA CertMaster course to meet the recertification requirements. While CompTIA does not currently have a CertMaster course for CySA+, they may offer one in the future. If you currently have any lower-level CompTIA certifications, they will also be renewed once you renew your highest-level certification.
How come when I search for the CySA+ it gives me results about CSA+? The CySA+ was originally called the CSA+, prior to 2018, when it underwent a name change because of copyright issues. Both names are referring to the CompTIA Cyber Security Analyst certification.