Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

CySA+ Study Chronicles

So I embarked on a 14 week learning journey, with the CySA+ certification as the tangible end goal that started January 1, 2018. This post chronicles my choice of personal study resources and curriculum. It's an unproven curriculum as I haven't taken the exam yet. I do intend to score very highly on this exam though.

I've been working in information security for a bit over 2 years and have another year or so of information security related tasks experience from a job prior to that. Of the exam domain objectives, I'd say 90% of them are highly relevant to my day to day activities. I'm really amazed at how well the exam domains align with what I do at work.

As far as formal training, my degree is a generic information systems one and my formal information security training consists of the Security+ from a few years back, the eJPT, studying for the GCIH last year, and whatever I've picked up from various textbooks.

I estimate that right now I know probably 50-75% of the existing domain objectives on the CySA+ well enough to teach them. If I went into a testing center today, I might squeeze by with a pass as-is.

I don't want to squeeze by with a pass though. I have little need to obtain this cert for the piece of paper it represents from a career/resume perspective. The missing 25-50% in knowledge holes is what going after this cert is all about for me.

Initial Learning resources:
These might grow or shrink as I progress through my curriculum

The Sybex CySA+ Study guide by Mike Chapple
The material has been great so far. There are a few errors in the text and on the quiz questions. There is an errata page and I'd definitely suggest going through it with a pencil beforehand. Finding the Sybex/Wiley errata submission page is a complex adventure in patience. It's sort of here:

CySA+ Certification Exam objectives
This is my ?8th? cert. Reading and rereading and rereading and rereading the exam objectives is super important and I attribute much of that learning technique to why I was able to pass the GCIH when I took no index and no textbooks to the exam center last year. I'm only a couple of weeks in and I've probably read the exam objectives 20 times collectively so far. I printed the 13 pages out and it's within arm's reach at almost all times.

NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
This is the NIST pentesting guide. I might wait to read this closer to when I prep for OSCP or perhaps in CISSP preparation.

NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
There are a few other relevant NIST publications, but this one is probably the most relevant to the CySA+. I'm still not sure if I'm going to read this 400+ page guide now, or closer to next year in CISSP preparation.

Video Courses:

Udemy: CySA+ Complete Course and Practice Exam by Jason Dion
This course so far seems to take an acadamia structured approach, with some sysadmin/network admin insight perspectives thrown in here and there. It's very high quality and I recommend it based on what I've seen so far.

Udemy: Complete CySA+ - The Total Course by Brent Chapman
This course also seems to take an acadamia approach, with some DoD insight perspectives thrown in here and there. This is the All-in-One Mike Meyers endorsed video course. It's also high quality so far and I give it another recommend.

Safari Books Online: CySA+ Complete Video Course by Aamir Lakhani and Joseph Muniz
This is free with a Safari Books subscription. It feels less formal than the Dion/Chapman courses, but then it feels more personal at the same time. The material has some experienced security analyst/pentester insight perspectives thrown in here and there. I recognized Muniz/Lakhani's names from some Packt Publishing pen testing textbooks.

CompTIA CySA+ Virtual Lab.
The lab is implemented through, though I purchased it from and I log in through the cybrary portal. It consists of around 25 multi-part labs on live (virtualized I'm sure) equipment.

The material feels well though out and as if someone put a great deal of time into making it into a good quality product. On the down side, it can be a bit laggy. I'm probably several thousand miles away from the lab servers and latency can be an issue from my home. Plugging my laptop directly into my home router helps a bit.

I suspect that the lab guides were written by someone in which English is not his or her first language. Things like using a semicolon perfectly, but then blatantly misusing a comma are present. This is a very minor criticism though, since on the tech side the labs seem to be designed very well.

While many of the lab scenarios could be duplicated in a virtual home lab, some would be more of a challenge. For example, there are labs on a Cisco ASA firewall and an Alienvault SIEM appliance. I Look forward to these.

Study Routine:
I made a spreadsheet that mixes all the activities into a 6-day per week routine. Usually the activities are 45-90 minutes long per day, which has so far worked out to being a very reasonable 7-8 hours per week. I'll end up putting around 100-120 hours into this at the end.

I'll update this thread on occasion as I progress and or course the exam results for when I book in April this year.

This post first appeared on Recent Blogs Posts - IT Certificatio, please read the originial post: here

Share the post

CySA+ Study Chronicles


Subscribe to Recent Blogs Posts - It Certificatio

Get updates delivered right to your inbox!

Thank you for your subscription