The CompTIA CySA+ certification is gaining recognition in the cyber security industry and has many potential pursuers curious about what earning this certification could mean to them. If you’re curious about CompTIA’s self-proclaimed intermediate cyber security certification, you’re in the right place.
Let’s dive in together on what CySA+ is and what impact it might have on your cyber security career. We’ll discuss what the certification covers, what types of employment opportunities might open up to certification holders, and the potential CySA+ salary ranges you might qualify for after achieving this certification.
Overview of CompTIA CySA+
CompTIA Cybersecurity Analyst (CySA+) is CompTIA’s second-level of cyber security certification, sitting beside Pentest+. CySA+ focuses on the critical role of cyber security analysts in protecting organizations from cyber threats.
CySA+ attempts to validate the knowledge and skills required to work in security operations centers (SOCs), incident response teams, and other defensive security-related roles. Key topics covered by the CySA+ certification include:
- Threat Detection and Analysis
- Intrusion Detection and Prevention
- Network Monitoring
- Security Data Analysis
- Vulnerability Assessment.
The certification exam consists of a maximum of 85 questions mixed between both multiple-choice and performance-based scenarios. The exam has a length of 165 minutes and is scored on a scale of 100-900, with a passing score of 750. The most current exam revision is the CSO-003, launched in June of 2023.
What Does CompTIA CySA+ Prepare You For?
CompTIA describes CySA+ as a certification for “professionals tasked with incident detection, prevention, and response through continuous security monitoring.” This shows that CompTIA aims to make CySA+ an intermediate-level certification directed towards individuals already in cyber security roles who want to deepen their proficiencies. However, we at StationX consider CySA+ to be closer to a beginner-level cyber security certification.
CompTIA lists common job titles for a CySA+ certified professional as Security Operations Center (SOC) Analyst, Vulnerability Analyst, Threat Intelligence Analyst, and Security Engineer. These positions often require several years of experience in the industry, thus furthering the idea of CySA+ being an intermediate-level certification compared to Security+.
This does look correct when looking for jobs that refer to the CySA+ on popular job sites. In fact, Indeed lists job titles such as “Security Analyst I” and “Cybersecurity Analyst” when searching for CySA+ in the United States.
Security Analyst I
A Security Analyst I is most commonly associated with a level one analyst within a Security Operations Center, also known as a SOC. SOC analysts are tasked with front-line security tasks defending their organization. This includes alert triage and log analysis, often within a SIEM product like Splunk or ArcSight, as well as working with security products like firewalls.
Security Operations Analyst
In many cases, a Security Operations Analyst is virtually indistinguishable from a Security Analyst I and works within a SOC. However, there are some cases where a Security Operations Analyst has a bit of a wider breadth of responsibility within an organization. The additional responsibilities can include basic vulnerability scanning and management with commercial tools, or exposure to more specific security areas like email or identity access management.
Incident Response Analyst
Incident Response Analysts are tasked with handling true positive security incidents within an organization. This can include root cause analysis, forensic examination, and security device or rule change management. Incident responders are often more experienced in the cyber security field and are often considered intermediate to advanced.
CompTIA CySA+ Salary and Job Opportunities
CompTIA reports the potential CySA+ salary range to be from $72,130 USD for the 25th percentile to $153,090 USD for the 90th percentile annually.
However, third-party sites report different numbers. ZipRecruiter reports the national average for the United States to be $54,791 USD annually, with the 90th percentile making roughly $100,000 USD annually.
InfoSec Institute reports the average salary to be around $78,000 USD annually, however, it is important to consider that InfoSec also offers their own CySA+ training course. HowToNetwork.com reports a similar average salary for CySA+ as ZipRecruiter, landing at or around the $60,000 USD mark annually. This data was provided to them via Payscale.com.
When searching for any job advertisement featuring the CySA+ certification on Indeed.com, we see almost 1,500 job postings. Upon initial glance there are advertised salaries in the $60,000 range all the way up to well over $120,000 range. This echos the wide range in numbers advertised by the different outlets we’ve discussed, however many of these jobs have many years of experience required as well as many more certifications listed.
Considering that CySA+ is more fitting for an entry-level professional, we can filter these results to only be for ‘entry-level’ postings as well. This opens up more realistic salary ranges for CySA+ holders. The very first being a Cybersecurity Analyst I position requiring one year of security experience and the CySA+ listed in preferred qualifications. The advertised salary range for this position is between $55,000 and $70,000 USD annually.
This seems much more realistic than the close-to or even above $100,000 annual salary that CompTIA advertises. However, there were indeed some job postings advertising that salary. So where does the confusion lie?
A prime example of this confusion can be found in a Cyber Security Analyst posting by Shvender LLC. This job shows off an impressive $100,000-$110,000 annual salary and does indeed include the CompTIA CySA+ certification in preferred certifications. However, the only other two certifications listed are top of the line security certifications in the form of the CISSP and CISM, arguably expert or managerial certifications!
The position also requests over 10 years of overall IT experience with five of which being security-focused. This is clearly not the job that CompTIA bases CySA+ towards fulfilling.
For a final example, we found a Security Analyst I advertisement posted on GlassDoor. This position listed a preference of the CySA+ and 1-2 years of experience, and came with a salary of $60,000 USD annually.
When continuing to investigate job postings listing CySA+, this common theme was found across all major job posting boards. Consisting of entry-level or low experience required, postings with salaries ranging from $55,000-$75,000 USD annually, as well as intermediate-experienced postings with more than three years of experience required and salaries often above $100,000 USD annually.
The discrepancy here is believed to be that hiring managers looking for intermediate-experienced professionals often list a wide range of certifications in order to appear on as many job search results as possible. This causes CySA+ to appear next to additional certifications like the CISSP and CASP+, two of the more advanced certifications on the market.
This opens up the interesting question of what type of impact CySA+ might have on a holder’s career. As stated before, the exam lists four distinct knowledge domains that students are tested against, including Security Operations, Vulnerability Management, Incident Response Management, and Reporting and Communication. Let’s look at what roles in cyber security these domains point towards.
The most common cyber security role that includes these domains within duty scope is the Cyber Security Incident Responders. This is great news, as LinkedIn reports over 1,000 Incident Response postings in the United States alone.
ZipRecruiter reports an average salary of $128,870 USD annually for cyber security Incident Responders. It also reported lower percentiles being closer to $100,000 and higher percentiles above $150,000.
Another great pathway a CySA+ holder might consider is that of a Threat Hunter. These security professionals search for evil within networks before a security incident has even been declared. ZipRecruiter shows a national average salary of $132,962 USD annually here in the United States for qualified threat hunters.
CompTIA’s listed domains of knowledge within the CySA+ certification identify critical cyber security areas that can lead to a healthy and rewarding career path. However, these positions will most definitely require several more years of industry experience before they can be fully achievable.
Overall, the CompTIA CySA+ certification offers a viable pathway for individuals seeking to advance their careers in the cyber security industry. By focusing on incident detection, prevention, and response, CySA+ exposes professionals to critical skills needed to excel in roles such as Security Operations Center (SOC) Analysts, Vulnerability Analysts, and Threat Intelligence Analysts.
Although the CySA+ certification is self-proclaimed to be an intermediate-level certification, it seems to be most commonly viewed as entry-level in recent job postings. Salary ranges associated with CySA+ can vary depending on experience, with third-party sources offering estimates ranging from $54,791 to $100,000 or more annually.
In essence, the CompTIA CySA+ certification serves as a stepping stone to a promising career in cyber security, potentially offering a strong foundation of skills and knowledge to advance into further positions.