Connect with us

Hi, what are you looking for?


Incident Response

CompTIA Offers New Security Analyst Certification

An ISACA survey released during RSA week sought to illustrate the state of cyber security workforce development and its current trends. The results would surprise no-one in the industry: recruiting security talent is hard.

An ISACA survey released during RSA week sought to illustrate the state of cyber security workforce development and its current trends. The results would surprise no-one in the industry: recruiting security talent is hard.

But the ISACA survey makes two particularly interesting statements: firstly, that 70% of enterprises “require a security certification for open cyber security positions”; and secondly, that for 55% of enterprises, “practical hands-on experience is the most important cyber security candidate qualification.” Since a candidate cannot get experience without first getting a position, new candidates for open cyber security jobs need as much help with other ‘qualifications’ as possible.

Today, CompTIA has announced a new security qualification: CSA+. It sits between Security+ (covering essential principles for network security and risk management), and CASP (the CompTIA Advanced Security Practitioner, which certifies critical thinking and judgment across a broad spectrum of security disciplines).

CSA+ focuses on the skills required for the use of threat detection tools, data analysis and the interpretation of results to identify vulnerabilities, threats and risks. It certifies a proficiency in data driven security.

“By placing greater emphasis on data analytics, we get a real-time, holistic view of the behavior of the network, its users and their devices to identify potential vulnerabilities and strengthen them before an intrusion happens,” explained CompTIA’s senior director for products, James Stanger.

This is perhaps the most critical area of the overall cyber security skills gap, and one that is growing faster than most. The Bureau of Labor Statistics states, “Employment of information security analysts is projected to grow 18 percent from 2014 to 2024, much faster than the average for all occupations. Demand for information security analysts is expected to be very high, as these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or causing problems for computer networks.”

“Data analytics is key,” says Jim Lucari, senior manager of certification at HP Enterprise. “Everybody in technology should have this CSA+. It should be mandatory if you’re going to stay in IT over the coming decade.” The CSA+ qualification could help potential employers gauge candidates’ aptitude and skill level for this critical area.

Advertisement. Scroll to continue reading.

CSA+ exams are available globally via Pearson VUE Testing centers. However, it is not an entry-level security qualification. Although private individuals could use it as part of a project to get into cyber security, it might better suit career advancement than career entry. “Because of the advanced nature of CompTIA CSA+,” Stanger told SecurityWeek, “we recommend that candidates for the certification have a minimum of three to four years of hands-on information security or related experience; and hold CompTIA Network+ and Security+ certifications.”

One of the recommendations from the ISACA survey suggests that employers should “Groom employees with tangential skills — such as application specialists and network specialists — to move into cyber security positions.”

Putting such staff through the CSA+ certification could provide a cost-effective approach to filling the cyber analyst security gap. “We recommend a minimum of five days of intensive ‘boot camp’ style training,” said Sanger; “or a quarter or semester of academic instruction.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...