CompTIA CySA+ — What It Is, Who It's For, and Is It Worth It? (2026)

⚡ Quick Answer

CySA+ is the intermediate cybersecurity analyst certification that comes after Security+. Where Security+ proves you understand security concepts, CySA+ proves you can apply them in a SOC or analyst role — threat detection, log analysis, vulnerability management, and incident response. It's the right next step if you're working toward a cybersecurity analyst career.

What is CompTIA CySA+?

CompTIA CySA+ (Cybersecurity Analyst) is an intermediate-level certification focused on the skills used daily by security analysts. The current version is CS0-003, released in 2023. It sits between Security+ and advanced certifications like CASP+ in the CompTIA cybersecurity track.

Where Security+ covers security concepts broadly — cryptography, IAM, architecture, governance — CySA+ goes deep on what happens after a threat enters the environment. Threat intelligence, log analysis, SIEM use, vulnerability scanning, and incident response are the core of the exam. This is the certification that demonstrates you can actually work a SOC shift, not just describe what a SOC does.

Cybersecurity Analyst Track

CompTIA CySA+ (CS0-003)

Exam code CS0-003

Questions Up to 85 questions + PBQs

Exam cost ~$404

Passing score 750 / 900

Exam time 165 minutes

Recommended before Security+ or 4 years hands-on experience

Renewal Every 3 years (CEUs or retake)

DoD 8570/8140 CSSP Analyst, CSSP Incident Responder

CySA+ exam domains (CS0-003)

The CS0-003 exam covers four domains. The weighting matters — threat management and vulnerability management together make up over half the exam.

Domain 1

33%

Security Operations

SOC workflows and analyst roles

Log analysis and SIEM tools

Threat intelligence concepts

Network and endpoint monitoring

Email and web attack analysis

Domain 2

30%

Vulnerability Management

Vulnerability scanning tools and output

CVSS scoring and prioritization

Remediation workflows

Asset and patch management

Cloud and container vulnerabilities

Domain 3

22%

Incident Response & Management

IR lifecycle and playbooks

Digital forensics and evidence handling

Containment and eradication

Post-incident analysis

Legal and regulatory considerations

Domain 4

15%

Reporting & Communication

Vulnerability report writing

Communicating findings to stakeholders

Metrics and KPIs for security programs

Compliance reporting

Inhibitors to remediation

How CySA+ compares to Security+

Security+ and CySA+ cover some overlapping territory — both include threat identification, incident response, and vulnerability concepts. The difference is depth and application. Security+ asks you to recognize what a concept is. CySA+ asks you to work with it in a realistic scenario.

Category	Security+	CySA+
Level	Entry-intermediate	Intermediate
Focus	Broad security concepts and controls	Applied threat detection and analyst workflows
Exam code	SY0-701	CS0-003
Cost	~$404	~$404
Questions	Up to 90 + PBQs	Up to 85 + PBQs
Passing score	750 / 900	750 / 900
SIEM / log analysis	Conceptual overview	Deep — reading and interpreting real alerts
Vulnerability management	Brief introduction	Full domain — CVSS, scanning, remediation
Threat intelligence	Basic concepts	Threat actor TTPs, IOCs, threat hunting
Target role	Security admin, IT generalist	SOC analyst, cybersecurity analyst
DoD 8570	IAT Level II, IAM Level I	CSSP Analyst, CSSP Incident Responder
Leads toward	CySA+, CEH, entry-level security roles	CASP+, CISSP, senior SOC roles

Is CySA+ hard?

CySA+ is harder than Security+ for most candidates. The performance-based questions require you to actually analyze log output, interpret vulnerability scan results, and make triage decisions — not just identify definitions. Candidates who passed Security+ through memorization often underestimate CySA+ because the same approach doesn't work.

The exam also tests tool familiarity. You don't need to be an expert in any specific product, but you should understand how SIEMs work, what a vulnerability scanner output looks like, and how to read network traffic for indicators of compromise. Hands-on lab practice matters significantly more for CySA+ than for most CompTIA exams.

⚠️ Common CySA+ study mistake

Don't study CySA+ the same way you studied Security+. CySA+ PBQs are more involved — you'll be given SIEM dashboards, packet captures, or vulnerability scan reports and asked to analyze them. Practice with tools like Splunk Free, Nessus Essentials, or Wireshark before your exam date. Reading about these tools is not the same as using them.

CySA+ salary and job roles

CySA+ is recognized by employers looking to hire proven analysts, not just people with theoretical security knowledge. Common job titles that list CySA+ as preferred or required include:

Job Title	Typical Salary Range (US)
SOC Analyst (Tier 2/3)	$65,000 – $95,000
Cybersecurity Analyst	$70,000 – $100,000
Threat Intelligence Analyst	$75,000 – $110,000
Vulnerability Analyst	$70,000 – $105,000
Incident Responder	$75,000 – $115,000
Security Engineer (entry)	$80,000 – $120,000

CySA+ also satisfies DoD 8570/8140 requirements for CSSP Analyst and CSSP Incident Responder roles — which means government contractors and federal agencies actively require it for certain positions. If federal IT work is your target, CySA+ opens doors that Security+ alone does not.

Who should take CySA+?

🔍

You passed Security+ and want to work in a SOC

CySA+ is your next cert Take CySA+

CySA+ is specifically designed for analysts working in security operations. It validates the skills SOC employers actually test for in interviews — log analysis, SIEM use, and threat triage.

🏛️

You're targeting government or DoD cybersecurity roles

CySA+ satisfies CSSP requirements Take CySA+

DoD 8570/8140 lists CySA+ for CSSP Analyst and Incident Responder roles. Many federal contractor positions require it explicitly — Security+ alone won't qualify you for these positions.

📈

You're a Security+ holder looking to increase your salary

CySA+ adds clear salary leverage Worth It

The jump from Security+ to CySA+ typically corresponds to moving from entry-level security positions into mid-level analyst roles with a meaningful salary increase. The investment is usually under $500 all-in.

🚀

You want to eventually get CISSP or CASP+

CySA+ is the right stepping stone Good Path

CySA+ builds the applied security analyst skills that CASP+ and CISSP assume you already have. It's a natural intermediate step that strengthens your practical knowledge before tackling advanced certifications.

Where CySA+ fits in the CompTIA path

The CompTIA cybersecurity certification path is well-defined. CySA+ sits firmly in the middle — after Security+ and before CASP+. Most candidates pursue it 6–18 months after passing Security+, ideally while working in an IT or security role where they can apply what they're learning.

🗺️ CompTIA cybersecurity path

A+ → Network+ → Security+ → CySA+ → CASP+

You don't need every cert in sequence — Security+ is the real prerequisite for CySA+. But candidates who have also passed Network+ tend to find CySA+'s network traffic analysis content easier because they already understand the underlying protocols being analyzed.

Ready to study for CySA+?

The most widely recommended resources for CS0-003 are Jason Dion's practice exams and Mike Chapple's study guide. Practice exams are especially important for CySA+ given the heavy PBQ component.

🔍

Best CySA+ Study Resources

See the recommended study guide, practice exams, and free resources for the CS0-003 exam — including honest pros and cons for each.

See Cybersecurity Resources →

CompTIA CySA+ Explained