CompTIA's New Cybersecurity Analyst (CSA+) Certification

In August I had the opportunity to take the CompTIA Cybersecurity Analyst+ (CompTIA CSA+) beta certification exam. CompTIA intends this to be a new vendor-neutral certification path between CompTIA's Security+ and the CompTIA Advanced Security Practitioner (CASP). Similar to other CompTIA exams, this exam consists of both multiple choice and performance-based questions. My exam had a total of 103 questions and 5 of the questions were performance based. The total test time allotted for the beta exam was 165 minutes. CompTIA plans to release the final exam on February 15, 2017, so the makeup may be slightly altered when the exam is released to the public.The performance based questions rely on the test taker's ability to analyze snippets of log files and using that information to determine what is occurring within the network or with an external source. You could be faced with questions to review a scan and answer the questions (e.g. determine false positives and scan type), review network traffic/workstation/server logs to determine the host containing malware and the infected process. These are more detailed than the CompTIA Security+ performance based questions so prepare yourself and budget your time.The multiple choice questions have the typical CompTIA wording flavor. The questions are to the point but remember to look for the specific keywords that are essential to answering the with the best answer. The multiple choice questions included but limited to Incident Response Management, Security Information and Event Management (SIEM), choose the correct open source tool invocation to perform a task, identify what has occurred based on a snippet of network traffic. The tools in the exam and log files are based on common open source software tools available to security analysts. CompTIA's examples from their website include:

• Open Source Software Description URL
• Wireshark
• Bro and/or Snort
• AlienVault Open Source SIEM (OSSIM) with Open Threat Exchange [OTX])

We will need to wait and see if  CSA+ will be identified in the DoD 8570 or DoD 8140 Approved Certification list but ultimately it will be in CompTIA's best interest if it is included. Security+ and CASP have IAT and IAM levels well covered so maybe it will fall in with the  CND-SP certifications.This certification is intended for professionals with a couple of years of cyber analyst experience and hands-on tool experience. I found the beta exam to be refreshing and if the final is similar to the beta exam then I believe that CompTIA will have a decent exam for Cyber Security Analysts. Based on the beta exam, I recommend keeping eyes open for the release of the final exam when it is released in February 2017.