CompTIA CySA+: Your key to cybersecurity analyst roles | Guest James Stanger

[00:00:00] Chris Sienko: Today on Cyborg Hacks, my guest is James Stanger of CompTIA and he's here to tell you about the CYSA Plus certification 

there's a security analyst, for example, which CYSA plus is aimed right at that job role. Cybersecurity Analyst is a cornerstone security job that can grow and progress into dozens of related careers. James breaks down the domains and parameters of CYSA Plus. And how to use this cert as a calling card when applying for analyst roles.

[00:00:27] James Stanger: I was talking to somebody who is a CISO, uh, last week, and she said, I would want to hire somebody who has been through a ransomware event or the equivalent. And CYSA plus is going to give you that because you're going to be doing hands on type work.

[00:00:41] Chris Sienko: And I hope you'll listen to James compelling case for immersing in the CYSA. Plus 

[00:00:45] James Stanger: Hey, I don't know which SIM you might throw at me. It doesn't matter because you'll see like, Oh, okay. I can see where the origin, what port was. I can see the traffic here. I can see what kind of an attack is going on. I know what next step to take. 

[00:00:58] Chris Sienko: That's all today on cyber work hacks. 

The IT and cybersecurity job market is thriving. The Bureau of Labor Statistics predicts 377, 500 new IT jobs annually. You need skill and hustle to obtain these jobs, of course, but the good news is that cybersecurity professionals can look forward to extremely competitive salaries. That's why InfoSec has leveraged 20 years of industry experience Drawing from multiple sources to give you, cyber work listeners, an analysis of the most popular and top paying industry certifications.

You can use it to navigate your way to a good paying cyber security career. 

So to get your free copy of our cyber security salary guide ebook, just click the link in the description below. It's right there near the top, just below me. You can't miss it. click the link in the description and download our free cyber security salary guide ebook.

Your cyber security journey starts here. 

Now let's get the show started 

 

[00:01:53] Chris Sienko: Welcome to a new episode of Cyberwork Hacks. The purpose of this spinoff of our popular Cyberwork podcast is to take a single fundamental question and give you a quick, clear, and actionable solution and new insights into how to utilize InfoSec products. And training to achieve your work and career goals.

So my guest today is James Stanger and he's from CompTIA. Uh, that's the Computing Technology Industry Association. James has joined me on past episodes. Uh, we're, we're, we're, we're old buds from the way back here, uh, both on the main feed and in Hacks. Uh, he's discussed both DataPlus and CloudPlus certifications.

He and I have bonded over our love of Black Sabbath, but today we're going somewhere else entirely. We're going to talk about the fine art of security analysis. And James is going to tell us. All about CompTIA's CYSA Plus certification. I'm looking forward to this. So thanks for joining me today, James.

[00:02:40] James Stanger: This will be fun. Yeah, we could, we could go black and blue from Black Sabbath to blue teaming and, and CYSE How about that? Yeah. 

[00:02:47] Chris Sienko: you did. I love it. Okay. right. Uh, on that note, let's, uh, let, let's keep it flying here. So James, one of the things I hear from students and security novices is that they, they know the first step, get security plus, and then you go from there after that, where to specialize and what to learn gets a little more multifaceted and maybe a little more thorny, so can you Tell our listeners about CompTIA's Cybersecurity Analyst or CYSA Plus certification.

Who is it for and what does it prepare you for exactly?

[00:03:15] James Stanger: You know, it's a great question because there are so many different job roles that are out there for cyber security. You can name

three, right? There's there's a security analyst, for example, which CYSA plus is aimed right at that job role. There's pen testing. There's governance, risk management and compliance. There are people who do incident response. I mean, there's so many. Okay,

so let's go back when it comes to CYSA plus the idea of specializing one of the top growing Um, Job roles has been for years now, and we'll continue as far as we can tell probably through 2028 2030 is the job role of the security analyst. So there are so many facets of facets of cyber security, but analytics is certainly one of them. A lot of people when they start out will become a junior level sock

security operations center

Analyst. 

[00:04:05] Chris Sienko: Yep, yep. Yeah, um, and I, I, I want to really kind of drill into that because, um, You know, you're giving the, this five year, uh, you know, plan and showing that the, the roles are going to increase. And I feel like, uh, security analyst is one of those roles that, you know, people loose talk on the internet or whatever it always seems like that's the one that they talk about that like AI is going to, you know, completely erase, you know, or whatever

[00:04:29] James Stanger: We

won't need security analysts anymore. 

[00:04:31] Chris Sienko: anymore.

We're just going to have one dude pushing a button, can you sort of refute some of that and talk about like where, you know, The security analyst role, uh, you know, still fits in, in, in this, in 

[00:04:41] James Stanger: You bet. 

[00:04:41] Chris Sienko: of, of, of AI upscaling.

[00:04:43] James Stanger: There's no question that AI will change what security analysts will do. There's

no question in the same sense how a SIM tool, S I E M tool, right? Change

security analytics, right? We didn't have them 10 years ago. Really? Right?

We do now. Did that mean we don't need an analyst anymore? Because I remember when they said, well, there's this fancy software that's out now, which means we won't need that.

It'll be all it be automated. And I yawned and went, Oh, yeah, sure. And it's the same way with a yes. If you're not upskilling yourself, yeah, you'll get replaced, right?

In the same way that blacksmiths got, uh, replaced by auto mechanics. But I'll bet you five

bucks the blacksmith in, in 1915, let's say, or 1905 became a really good mechanic by 19, you know, 20 or 25, you know what I'm trying to say? So, um, 

[00:05:35] Chris Sienko: salty along the way. He 

[00:05:38] James Stanger: and so 

[00:05:39] Chris Sienko: in the bar. Yeah.

[00:05:39] James Stanger: that's right. And so

I was, and then, and so you're gonna see with ai, and basically I was talking to a threat hunter, which is

an advance.

Sock analyst, that's

oversimplification, but, and he was saying he was down in Texas, he said, look, AI is helping us do the boring stuff, the repetitive stuff so we can get in and do the unique and really contribute something unique.

And I'm like,

well, what do you mean contribute something unique? He said, AI will get a profile together. That's pretty accurate. That's really quite good, but it only gets us 90 percent there. And it's the hackers. They take advantage of that 10%. So now I can

not waste my time. So, so AI is, is absolutely a help me. It's a helper. Um, yeah, if you, if you're not upscaling yourself, you bet. And if you're used to doing, calling yourself an analyst and you're only doing one thing that's repetitive, yeah, you'll have problems. 

[00:06:36] Chris Sienko: Yeah, absolutely. And, uh, you know, I, I, uh, we, we, there's, there's an episode recently with, uh, Alec Sharp who talked, uh, interesting, uh, uh, fellow who talked about, you know, what AI realistically can and cannot do. And, and it's that 10 percent that, you know, the, the sort of, Human cognition that we're, you know, if we get there in 500 years, it'll be surprising, but we're not going to get there.

I don't think like, that's not what this is, you know? So, you know, uh, the, the, uh, on both sides of that, I think you can, you can be sure that like security analyst is still something that requires human 

[00:07:07] James Stanger: Oh yeah. 

[00:07:07] Chris Sienko: and also that, uh, you know, AI can, can take you so far, but it can take you 

[00:07:13] James Stanger: Yeah.

Absolutely. I'm not too worried about artificial intelligence right now. I'm more worried about superficial intelligence. Uh, and, and, and and I mean that in the sense of human beings who have a superficial understanding of

things, but also

A. I can be very superficial in its approach if it's not trained

right, and you'll find that one of the things that you'll be doing as a stock analyst, you'll be helping train models. That's really important. 

[00:07:34] Chris Sienko: Well, okay, so let's let's talk about what you'll be doing as a, as an analyst. What are the domains in the CYSA certification? What are the knowledge areas that we'll be working with to study for the CERT? 

[00:07:42] James Stanger: You know, one of the first things that you'll be learning about is attack recognition or understanding how to identify malicious activity. Uh, uh, sock analysts are kind of like parents. They know what bad behavior looks like. Right. And, and so, you know, do you really understand this?

[00:07:56] Chris Sienko: doing in there?

[00:07:57] James Stanger: Yeah, what's going on in there?

You know,

[00:07:59] Chris Sienko: Right.

[00:08:02] James Stanger: is? And do you understand what an indicator of compromise looks like from a buffer overflow? Just as an example, if you see ransomware happening, can you understand, you know, the typical avenues, the typical pivot points that will happen there, or what an attacker has done, what they've done to set up an attack?

That ransomware attack because it's a very usually ransomware is after a very sophisticated reconnaissance and all that. So understanding the attack life cycle, you can call it the hacker life cycle, whether it be the Lockheed Martin cyber kill chain or the MITRE ATT& CK model, the diamond model, whatever.

So that's an example. Incident response is another one. Uh, if something bad happens, you Is the response adequate? Because it's,

[00:08:45] Chris Sienko: Yeah.

[00:08:46] James Stanger: I remember back in the day, it was, did you hear about that company got hacked? You know, wow, did they blow it? And it was interesting to watch about 10 years ago, a little, yeah, about 10 years ago, where everybody started looking around and going, Oh, wow.

But for the grace of God, there go on. And then they realize it's the quality of incident response, the resilience. So you're gonna learn about things about what it means to actually, you know, Respond well, both from a chronic and an acute perspective by chronic meaning. Okay, look, I see a bunch of serverless apps.

They've been repeated. There's hundreds of them. Uh, they're all Kerberos and cool containers and all that. But there's a vulnerability there and we need to create a plan to solve a vulnerability problem. That's what I mean by chronic. Like, well, we don't think they're being hacked right now, but there's an issue there to fix it.

[00:09:32] Chris Sienko: off. Yeah,

[00:09:33] James Stanger: There's a lot of 4j going on or whatever. Um, yeah. And then from an acute, acute perspective, Hey, there's somebody actively in there, you know, exfiltrating data or there's ransomware going from one land to the next. Let's stop that. So it's things like that.

[00:09:48] Chris Sienko: Yeah. Fabulous. Now, uh, you know, we talked before about the, the originals, the security trifecta of, of, um, CompTIA, the, uh, a plus the net plus security plus, and those are, you know, you're kind of like ground level now is CYSA plus, is this an entry level cert or do you need a certain number of years experience

[00:10:05] James Stanger: Good question.

[00:10:05] Chris Sienko: do you, at the very least, do you need sort of those as a foundation or is this something you can kind of jump into on its own?

[00:10:11] James Stanger: I would say you need to enter where it makes sense for you to enter. If you already have the equivalent of what I call the tech trifecta, uh, a plus network plus security plus, why would you need to go redo anything? Don't, don't redo anything. Um,

[00:10:25] Chris Sienko: Right.

[00:10:30] James Stanger: do well with CYSA plus if you don't know how logs work or, or how systems talk to each other, you won't do well.

Um, but if you have the equivalent of that, a couple of years working in that space or the educational equivalent is where we've kind of aimed CYSA plus, uh, that level, the level of knowledge is, is significant. It's, it's not trivial. It's not huge. It's not a, you know, Oh my gosh, it's

[00:10:54] Chris Sienko: a, this is not a ground level cert then you're, you, you, you're

[00:10:56] James Stanger: not.

[00:10:56] Chris Sienko: to need to a little foundational knowledge.

[00:10:58] James Stanger: Yeah, if you want, if you want to talk about in terms of, uh, uh, uh, beginning, intermediate, advanced, this is an intermediate search.

[00:11:05] Chris Sienko: Yeah. Yeah. No, no. Okay. So, um, uh, obviously cybersecurity analysts where we've already talked about is one of the great entry level positions in the industry

[00:11:12] James Stanger: It is,

[00:11:13] Chris Sienko: you get to work on a variety of different types of projects, you know, whether day to day security operations, vulnerability management, incident response. Uh, so, uh, you know, for your, your first timers, how can job seekers use the CYSA plus certification? Maybe as a calling card to show that they can do the work, because it seems like it's always about documenting that you're not just a, you know, a theoretically good at this.

[00:11:33] James Stanger: you know, uh, the main thing that people want I was talking to somebody who is a CISO, uh, last week, and she said, I would want to hire somebody who has been through a ransomware event or the equivalent. In other words, they need somebody who has that muscle memory and real strong knowledge. And CYSA plus is going to give you that because you're going to be doing hands on type work.

Uh, to either, uh, learn about how to pass the exam or, you know, that skill. I don't like to talk about passing the exam. I like to talk about getting to a level of professional proficiency, right?

[00:12:06] Chris Sienko: A

[00:12:06] James Stanger: And so you're going to, it's, it's hands on, it's very practical. And so you're going to be. Working in a SIM, uh, you know, uh, whether that, uh, uh, you know, we, whether it be security onion as a SIM or whatever tool you have, you're going to be working in that and, and you'll be given, and it really doesn't matter.

It's like, Hey, I don't know which SIM you might throw at me. It doesn't matter because you'll see like, Oh, okay. I can see where the origin, what port was. I can see the traffic here. I can see what kind of an attack is going on. I know what next step to take. It doesn't matter if it comes at you via QRadar or Splunk or whatever.

[00:12:39] Chris Sienko: Nice. All right. So, uh, let's just, uh, wrap it up here, James. Any advice for listeners who are still kind of on the fence about whether CYSA plus cert is right for them, or if they want to get into. Uh, security analyst roles. Like what, what, what are your thoughts on the, on that

[00:12:52] James Stanger: One of the things that you can do is go to like, uh, uh, cyberseek. org, for example, and you can start to drill down and check out exactly what a security analyst does. Once you learn about that, it might, that might choose you as a profession. That might be something you're interested in. The other thing you can do, you can go to CompTIA.

org, uh, or InfoSec, right, and check out the objectives. You know, take a look at what's there, because, and those objectives weren't come up just by Chris and James.

[00:13:18] Chris Sienko: Yeah.

[00:13:18] James Stanger: come up by, with, by thousands of working IT pros who do this stuff, this SOC stuff, let's say every day.

[00:13:25] Chris Sienko: Yeah. They know what they know what they want and they don't want what they want to see in

[00:13:28] James Stanger: And hiring managers want that stuff. And so if that speaks to you, if you're like, if you're like, look at it and go, oh my gosh, I don't want to learn about that, then don't. Go do something else.

[00:13:37] Chris Sienko: Do something

[00:13:37] James Stanger: But if that speaks to you on some level, like, geez, I don't know what that is, but that's kind of groovy. That's kind of cool.

[00:13:42] Chris Sienko: Mm hmm.

[00:13:43] James Stanger: Have at it. Keep at

[00:13:44] Chris Sienko: There it is. All right. Well, James Stenger, that's an awesome, awesome place to end. So thank you so much for all of your, your excellent insights.

[00:13:49] James Stanger: it man, anytime.

[00:13:50] Chris Sienko: All right, and thank you all for watching Cyborg Hacks. If you enjoyed this video and felt that it helped you, tell someone about it. Friend, a colleague, your social media connections, anyone you like. Word of mouth is still the best way to make a community like this grow and it has been growing. Thank you all for us cross 80, 000 subscribers on YouTube. So, and if you haven't, please subscribe. Please subscribe to our podcast feed. Why not? Let's hit a hundred thousand. Uh, you know, go to our YouTube page, just type in Cyberwork InfoSec on YouTube or go check it out on your podcast catcher of choice. You can go to InfoSecInstitute. com slash podcast for the full list. Anything you like, it'll get you there. So, uh, sign up for notifications, auto download the episodes because Cyborg Hacks is coming out every other Thursday with bite sized answers to your questions. So until next time, keep learning, keep developing your skills, have fun and listen to Black Sabbath. Bye now.