In October, CompTIA Cybersecurity Analyst (CySA+) met the requirements of the U.S. Department of Defense (DoD) Manual 8570.01 “Information Assurance Workforce Improvement Program.” That means military personnel and contractors who work with sensitive information can take CySA+ to satisfy their job requirements. This approval is a boon for security analyst skills and CySA+ because 8570 makes these skills mandatory. 

The DoD approved CompTIA CySA+ for five 8570.01-M job categories, as shown in the figure below.

1. Cybersecurity Service Provider (CSSP) – Analyst
2. CSSP – Incident Responder
3. CSSP – Infrastructure Support
4. CSSP – Auditor
5. Information Assurance Technician Level II

This information is located at the Defense Information Systems Agency’s Information Assurance Workforce Improvement Program website.

What Benefits Does CompTIA CySA+ Provide to the DoD?

The inclusion of CompTIA CySA+ in Directive 8570.01-M ensures that U.S. military personnel and contractors have the latest cybersecurity skills needed to defend networks. In particular, CySA+ includes the following skill, tools and techniques. 

Latest Cybersecurity Skills: CompTIA CySA+ covers security analytics, a newer practice, which improves intrusion detection and the overall state of IT security.

Newer Tools: In the past, most networks were secured with firewalls and anti-virus software. This worked until 2013/2014, when many believe “the bad guys got as smart as the good guys.” With the advent of the advanced persistent threat (APT), the Target breach and many other attacks, cybersecurity professionals need more tools.

CompTIA CySA+ covers three tool categories:

• Packet capture tools: Create snapshots of network traffic from a network interface
• Intrusion detection systems (IDS): Capture and analyze traffic across a network segment to identify intrusions
• Security information and event management (SIEM) systems: Centralize security operations across enterprise networks to identify intrusions and bad behavior

Best Practices: Most IDS and SIEM tools are not configured correctly to efficiently analyze network traffic. In most cases, security analysts receive thousands of alerts each day and are unable to review all of them. That means alerts go unanswered. By configuring custom rules as well as using preexisting rules, the number of security alerts can be drastically reduced.

Putting Cybersecurity Analyst Skills to the Test

When speaking about CompTIA CySA+ at the Armed Forces Communications and Electronics Association (AFCEA) Cyber Defense Symposium in Baltimore, I was approached by a cybersecurity engineer from the DoD Defense Information Security Agency (DISA). They were having trouble creating a scalable SIEM that worked on a global scale for the Joint Regional Security Stacks (JRSS) project.

The SIEM generated too many security alerts. Because it’s impossible to filter 30 million security alerts in one day, millions of alerts went unanswered in DISA test systems. There’s an old IT saying, “Garbage in, garbage out.” SIEMs are not helpful if they generate security alerts that are not true, called false positives, and the majority of the DISA system alerts were false positives. But there wasn’t an out-of-the-box solution – no existing products provided the needed scalability for their globe-spanning networks.

To solve the problem, DISA engineers put the skills covered by CompTIA CySA+ to the test. They needed to configure the SIEM in a way that reduced the number of security alerts generated so they could identify the true threats.

I leveraged the CompTIA network to find some of the best and brightest security engineers in our partner programs and our professional association, the CompTIA Association of IT Professionals (AITP) and connected DISA with an enterprise organization that has more than 2,000 sensors across the globe but only gets 200 alerts per sensor per day. If you have worked with SIEMs, you realize getting so few alerts is “insane in the membrane.” The security engineers from the enterprise association helped DISA configure its SIEMs to reduce the number of alerts.

Where Does CompTIA CySA+ Fit on the Cybersecurity Career Pathway?

CompTIA CySA+ is intended to follow CompTIA Security+ on the cybersecurity career pathway. Although the DoD has placed CompTIA Security+ and CompTIA CySA+ in the same Information Assurance Technician Level II category, it is highly recommended that Security+ be taken first during coursework.

In summary, the addition of CompTIA CySA+ to DoD 8570.01-M fills an important skills gap for security analyst skills. CompTIA has worked closely with the DoD, as well as industry experts and IT pros in the field, to make sure the objectives of CySA+ meet the needs of today’s cybersecurity professional.

Get started today with CertMaster and CySA+.

Patrick Lane is a director of products for CompTIA and is responsible for CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), CompTIA Advanced Security Practitioner (CASP), CompTIA Server+ and the upcoming pen tester certification. He speaks frequently at military events for CompTIA because he’s an Army and Air Force brat raised on the high-tech military base of Kwajalein in the Marshall Islands (see Reagan Ballistic Missile Test Site). He is also a lifetime member of AFCEA.