CompTIA CySA+ (CSO-001)


CompTIA CySA+ (CSO-001)

Author: Dale Meredith

This series provides an overview of the knowledge and skills required to prevent, detect, and mitigate information/cyber security threats and vulnerabilities. This series can be... Read more

What you will learn

  • How to apply environmental reconnaissance techniques using the appropriate tools and processes
  • How to analyze the results of network reconnaissance
  • Given a network-based threat, how to implement or recommend the appropriate response and countermeasure
  • How to explain the purpose of practices used to secure a corporate environment
  • How to implement an information security vulnerability management process
  • How analyze the output resulting from a vulnerability scan
  • How to compare and contrast common vulnerabilities found within an organization
  • How to analyze threat data or behavior to determine the impact of an incident
  • How to prepare a toolkit and use appropriate forensics tools during an investigation
  • How to explain the importance of communication during the incident response process
  • How to analyze common symptoms to select the best course of action to support incident response
  • How to summarize the incident recovery and post-incident response process
  • How to explain the relationship between frameworks, common policies, controls, and procedures
  • How to use data to recommend remediation of security issues related to identity and access management
  • How to review security architecture and make recommendations to implement compensating controls
  • How to use application security best practices while participating in the software development life cycle
  • How to compare and contrast the general purpose and reasons for using various security tools and technologies


CompTIA recommends CySA+ candidates have a minimum of 3-4 years of hands-on information/cyber security or related experience. This path does not require any prior knowledge or experience.

CompTIA CySA+ (Cybersecurity Analyst, CSO-001)

In this series, you’ll learn how to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats and risks to an organization. These courses will also help you prepare for the CompTIA CySA+ (Cybersecurity Analyst, exam code CSO-001) certification exam.

For 10% discount when you sign up for your next CompTIA exam, use the code "PLURAL10"

Enterprise Security: Policies, Practices, and Procedures

by Dale Meredith

Apr 20, 2017 / 2h 37m

2h 37m

Start Course

Most companies are "reactive" instead of "proactive" when it comes to securing their networks, resources, and data. In this course, Enterprise Security: Policies, Practices, and Procedures, you will learn how to get ahead of the bad guys by looking at your infrastructure in a different manner. First, you will get a better understanding of the landscape and how fast it is changing. Next, you will delve into industry standards, frameworks, policies, and how these can affect your environment. Finally, you will learn about what tools to use and the need for penetration testing. By the end of this course, you will know how to keep up with the changes and continue to maintain a high level of security in your environment.

Table of contents
  1. Course Overview
  2. Security Data Analytics: What's Going On?
  3. Defense in Depth: This Is Where It Begins
  4. Defense in Depth: What Tools Can You Use?
  5. Defense in Depth: Drill, Test, Rinse, Repeat
  6. The Fundamentals of Frameworks, Policies, Controls, & Procedures

The Issues of Identity and Access Management (IAM)

by Dale Meredith

Jun 22, 2017 / 2h 55m

2h 55m

Start Course

IT networks face increasing threats from both inside and outside your organization. Traditional perimeter defenses can miss insider threats, such as password leaks and fraud due to staff complacency, as well as external online threats such as zero-day attacks. To limit the presence of these threats, many IT departments are using identity and access management (IAM) solutions. In this course, The Issues of Identity and Access Management (IAM), you'll learn to look at IAM from the perspective of the issues that it can create for your organization. First, you'll dive into Oauth/OpenID and where the weaknesses are. Next, you'll explore SSO and federations. Finally, you'll learn how to setup a hacking environment using the AutoLab. When you're finished with this course, you'll be able to look at your IAM solution and see if you're protecting yourself, as well as your users.

Table of contents
  1. Course Overview
  2. It's All About Control
  3. Managing Your Secret Identity
  4. Other Authentication Methods
  5. Identity Repositories
  6. Building the Lab
  7. Let's Look at the Exploits

Secure Software Development

by Dale Meredith

Dec 19, 2018 / 3h 13m

3h 13m

Start Course

Most companies have a well-oiled machine with the sole purpose to create, release, and maintain functional software. Still, the growing concerns and risks related with insecure software have brought increased attention to the need to mix security into the development process. In this course, Secure Software Development, you will gain an understanding of the Software Development Life Cycle (SDLC) and the security implications that can arise to ensure that the software your organization uses is well written and secure through its lifespan. First, you will learn about the different options when it comes to following a SDLC. Next, you will delve into the 5 phases that software runs through as it is being developed. Last, you will dive into how vulnerabilities creep into your environment in ways you may have not considered. By the end of this course, you will be able to apply a proper SDLC and ensure that additional attack vectors aren't created by mistake (or on purpose) to expose your resources and networks.

Table of contents
  1. Course Overview
  2. What’s the Software Development Life Cycle (SDLC)?
  3. Software Development Phases
  4. Software Development Models
  5. Software Vulnerabilities
  6. Coding Best Practices
  7. Code Reviews
  8. Security Testing in Action

Performing and Analyzing Network Reconnaissance

by Dale Meredith

Dec 19, 2018 / 7h 23m

7h 23m

Start Course

You've been tasked as an "Incident Handler" and you are wondering where you start. Attackers typically start with doing a little "reconnaissance" of their target, so it only makes sense that you start there as well. In this course, Performing and Analyzing Network Reconnaissance, you will learn how to think like an attacker in order to stay a step ahead of one. First, you will learn about the two different steps of reconnaissance and scanning. Next, you will learn what to look for, how it's done, and what you can do to protect your infrastructures. Finally, you will learn about tools you can use that the attacker will use against you. By the end of this course, you'll know how to look at your infrastructure the same way attackers do, and understand the process to minimize those threats.

Table of contents
  1. Course Overview
  2. The Two Steps
  3. Initially What Do You Look For?
  4. The More You Look, the More You Find
  5. Other Reconnaissance Techniques
  6. Reconnaissance via Google Hacking
  7. Let's Not Forget PowerShell
  8. Overview of Scanning
  9. Understanding the 3-way Handshake
  10. Checking for 'Live' Systems and Their Open Ports
  11. Types of Scanning
  12. Banner Grabbing and OS Fingerprinting
  13. More Tools for the Utility-belt
  14. Threats from Wireless

Implementing and Performing Vulnerability Management

by Dale Meredith

Dec 19, 2018 / 3h 19m

3h 19m

Start Course

Networks aren't what they us to be, they're more complex than ever. Systems today are so interconnected and buried within those systems are thousands of undetected security vulnerabilities waiting to be used against you. Vulnerability Management systems are designed to recognize, rank, and remediate these vulnerabilities before an attacker gets a hold of them and exploits them to destabilize the privacy, integrity, or availability of your digital assets. In this course, Implementing and Performing Vulnerability Management, you'll learn about everything around vulnerability management. First, you'll learn about implementing a supportive vulnerability management VM program. Next, you'll explore through scanning. Finally, you'll dive into remediation steps that will help make sure attackers can't take advantage of you. By the end of this course, you’ll have enough knowledge to not only pick the VMP that’s right for you, but also how to use such applications to better the security of your network. Plus, you'll have all the information about VMP’s to help you with your CSA+ exam.

Table of contents
  1. Course Overview
  2. What Do You Need to Start?
  3. Shaping and Implementing Your Vulnerability Scans
  4. The Scanners
  5. Analyzing Vulnerability Scans
  6. Remediation and Change Control
  7. Remediating Host Vulnerabilities
  8. Remediating Network Vulnerabilities
  9. Remediating Virtual Environments Vulnerabilities

Performing Incident Response and Handling

by Dale Meredith

Dec 19, 2018 / 5h 18m

5h 18m

Start Course

It’s not a matter of “if”, but rather “when” an attack is going to happen. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization. Once you’ve accepted that an attack will be unavoidable, your job now becomes "How do I respond to these situations?". This is where the role of an "Incident Responder" comes into play. What do you do when a system or device has been targeted? Well, that depends on the incident itself. In this course, Performing Incident Response and Handling, you'll start by making sure that you and your organization are prepared by learning about each of the security policies that you should have in place to clarify and focus everyone on the importance of keeping your resources secure. First, you'll learn about the actual process of detecting incidents and how to respond to them. Next, you'll explore the actual workflow steps that every security professional should follow to make sure you are consistent with all incidents that are currently affecting you as well as future ones. Finally, you'll dive into some of the more common incidents that take place in your networks by looking at how to handle and respond to issues like a DoS, a Session Hijack, or even Malicious Code. By the end of this course, you'll understand what is needed to help keep your network more secure by being more proactive and aware of what's happening in your environment.

Table of contents
  1. Course Overview
  2. Preparing for Incident Response and Handling
  3. Incident Response Processes
  4. The Workflow of Incident Response
  5. Networks and Host Attacks
  6. Service and Application Attacks
  7. Malicious Code and Insider Threats

Preparing for and Executing Incident Recovery

by Dale Meredith

Mar 19, 2018 / 3h 24m

3h 24m

Start Course

Cybersecurity investigations are used to determine what events, changes, and other actions have happened on a device, who or what performed them, and what data is stored there. In this course, Preparing for and Executing Incident Recovery, you'll leanr how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag. First you'll learn how to be ready to conduct your own forensic investigations. Next, you'll learn what computer forensic techniques are used in a variety of scenarios, including police investigations, system misuse, compromise and malware analysis, and investigations related to internal policy violations. Then, you'll learn about how to create your own forensics kit, their contents, and the use of these devices and tools. Finally, you'll be shown some forensic suites and tools that provide you what you'll need to capture and preserve forensics data and to perform forensic investigations. By the end of this course, you will have discovered and developed new skills to tackle many cyber-security scenarios.

Table of contents
  1. Course Overview
  2. Your Objectives Here
  3. What Should Be in Your “Jump-bag”?
  4. What About the Digital “Jump-bag”
  5. Understanding the Incident Recovery Process
  6. The Techniques of Recovery: Containment
  7. The Techniques of Recovery: Eradication
  8. The Techniques of Recovery: Validation and Corrective Actions
  9. That’s a Wrap

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Kaplan®* practice exams. Sign in below or sign up for a free team trial.