O'Reilly logo
live online training icon Live Online training

CompTIA Cybersecurity Analyst CySA+ CS0-001 Crash Course

Ace the CySA+ CS0-001 Exam!

Joseph Muniz

Cybersecurity is one of the hottest fields to be in and the new CompTIA Cybersecurity Analyst CySA+ CS0-001 is the certificate to prove you have what it takes to be a cyber analyst. This exam is internationally recognized and vendor-neutral. It was designed to test your capabilities to prevent, detect and combat cybersecurity threats. The challenge is knowing how to prepare for it.

The CompTIA Cybersecurity Analyst CySA+ CS0-001 Crash Course dives into the key exam topics so you know what’s on the exam and what is needed to pass it. Joey Muniz – cybersecurity expert and author of multiple Cisco Press cybersecurity books and the CompTIA Cybersecurity Analyst CySA+ CS0-001 Complete Video Course -- will walk you through each domain in the exam. Through a blend of slides, demos and real world war stories you will get the expert instruction and guidance you need to better understand the concepts on the exam. This course is also a great way to simply better understand cybersecurity concepts so you can start your cybersecurity profession today.

What you'll learn-and how you can apply it

  • Threat Management concepts including reconnaissance, response and counter measures
  • Incident Response and investigation practices
  • Vulnerability management techniques
  • Security architecture principles and common toolsets

This training course is for you because...

  • You want to pass the CompTIA Cybersecurity Analyst CySA+ CS0-001
  • You have a passion for cybersecurity


There are no official prerequisites for this course. However, we highly recommend you have a basic knowledge of computers and computer security concepts. The CompTIA CySA+ bridges the skills gap between the CompTIA Secuirty+ and CompTIA Advanced Security Practitioner (CASP) meaning you are expected to know the fundamentals of cybersecurity to pass the exam. CompTIA recommends a minimum of two years of IT experience focused on security but suggests 5-10 years.

Materials, downloads, or Supplemental Content needed in advance:

  • There is no additional content needed in advance. Attendees will benefit by having access to a computer lab and networking gear, but this is not required for this training.
  • Having an installation of Kali Linux is recommended, but not required


CompTIA Cybersecurity Analyst CySA+ (CS0-001) (complete video course)

About your instructor

  • Joseph Muniz is an Architect at Cisco Systems and Security Researcher. Joseph started his career in software development and later managed networks as a contracted technical resource. He moved into consulting and found a passion for security while meeting with a variety of customers.

    Joseph has been involved with the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks. He is the author and contributor of several books and as has spoken for popular security conferences such as RSA, Cisco Live, ISC2 and DEF CON. Joseph’s current role gives him visibility into the latest trends in cyber security both from leading vendors and customers.


The timeframes are only estimates and may vary according to how the class is progressing


Segment 1: Reconnaissance, response and counter measures (1.15hr)

  • Introduction to the exam
  • Attack Kill Chain 101
  • Physical and virtual reconnaissance
  • Social engineering and phishing
  • Exploitation
  • Attacks (man-in-the-middle, rootkits, etc)
  • Cross-site scripting, session hijacking

Break (15min)

Segment 2 Information Security Vulnerability Management Process (1.15hr)

  • Frameworks
  • Common Policies
  • Controls, and Procedures
  • Regulatory requirements
  • Common Standards
  • Continuous Monitoring

Break (15min)

Segment 3 Security Architectures and securing corporate environments (1.15hr)

  • Defense in Depth
  • Reading Logs
  • System hardening
  • Sandbox and honeypots
  • Sinkholes

Break (15mins)

Segment 4 Common Vulnerabilities and Analyzing vulnerability scans (1.15hr)

  • Common vulnerabilities
  • Reading Vulnerability Reports
  • Assessments, Audits and Pen Testing
  • Security Data Analytics
  • Remediation recommendations


Segment 5 Determine Impact of an Incident (1hr)

  • Network and Host Symptoms
  • Understanding point-in-time data analysis
  • Traffic and NetFlow Analysis
  • Wireless analysis techniques
  • Packet captures and log reviews

Break (15mins)

Segment 6: Incident Reporting, Communications and post incident response (1.15hr)

  • Forensic Tools and Investigation
  • Incident Reponses Symptoms and Recovery Techniques
  • Communication and stakeholders
  • Risks of remediation
  • Incident Summary Report

Break (15mins)

Segment 7 Access Control and Access Management Remediation (1.15hr)

  • Segmentation principles
  • Automated Network Access Control
  • Threat Containment
  • Context-based authentication
  • TACACTS+ and Radius
  • Single Sign-on

Break (15mins)

Segment 8 Cybersecurity Tools, Technologies and Software Developer Life Cycle (SDLC) best practices (1.15hr)

  • Software design best practices
  • Manual peer review
  • Stress testing and secure regression
  • SDLC
  • Preventive, Collective and Analytical security.
  • Final thoughts on the exam
  • Q and A