O'Reilly logo
live online training icon Live Online training

CompTIA Cybersecurity Analyst CySA+ CS0-001 Crash Course

Ace the CySA+ CS0-001 Exam!

Joseph Muniz

Cybersecurity is one of the hottest fields to be in and the new CompTIA Cybersecurity Analyst CSA+ CS0-001 is the certificate to prove you have what it takes to be a cyber analyst. This exam is internationally recognized and vendor-neutral. It was designed to test your capabilities to prevent, detect and combat cybersecurity threats. The challenge is knowing how to prepare for it.

The CompTIA Cybersecurity Analyst CSA+ CS0-001 Crash Course dives into the key exam topics so you know what’s on the exam and what is needed to pass it. Joey Muniz – cybersecurity expert and author of multiple Cisco Press cybersecurity books and the CompTIA Cybersecurity Analyst CSA+ CS0-001 Complete Video Course -- will walk you through each domain in the exam. Through a blend of slides, demos and real world war stories you will get the expert instruction and guidance you need to better understand the concepts on the exam. This course is also a great way to simply better understand cybersecurity concepts so you can start your cybersecurity profession today.

What you'll learn-and how you can apply it

  • Threat Management concepts including reconnaissance, response and counter measures
  • Incident Response and investigation practices
  • Vulnerability management techniques
  • Security architecture principles and common toolsets

This training course is for you because...

  • You want to pass the CompTIA Cybersecurity Analyst CSA+ CS0-001
  • You have a passion for cybersecurity


There are no official prerequisites for this course. However, we highly recommend you have a basic knowledge of computers and computer security concepts. The CompTIA CSA+ bridges the skills gap between the CompTIA Secuirty+ and CompTIA Advanced Security Practitioner (CASP) meaning you are expected to know the fundamentals of cybersecurity to pass the exam. CompTIA recommends a minimum of two years of IT experience focused on security but suggests 5-10 years.

Materials, downloads, or Supplemental Content needed in advance:

  • There is no additional content needed in advance. Attendees will benefit by having access to a computer lab and networking gear, but this is not required for this training.
  • Having an installation of Kali Linux is recommended, but not required


CompTIA Cybersecurity Analyst CSA+ (CS0-001) (complete video course)

About your instructor

  • Joseph Muniz is an architect and security researcher in the Cisco Security Sales and Engineering Organization. He is driven by making the world a safer place through education and adversary research. Joseph has extensive experience in designing security solutions and architectures as a trusted advisor for the top Fortune 500 corporations and US Government.

    Joseph is a researcher and industry thought leader. He speaks regularly at international conferences, writes for technical magazines and is involved with developing training for various industry certifications. He invented the fictitious character of Emily Williams to create awareness around Social Engineering. Joseph runs thesecurityblogger.com website, a popular resource for security and product implementation. He is the author and contributor of several publications including titles ranging from security best practices to exploitation tactics. Joseph’s latest title, Digital Forensics for Network Engineers was released 2018 with two new titles on SOC and VPN coming in 2020.

    When Joseph is not using technology, you can find him on the futbal field or raising the next generation of hackers also known as his children. Follow Joseph at www.thesecurityblogger.com and @SecureBlogger.


The timeframes are only estimates and may vary according to how the class is progressing

Day 1

Segment 1: Reconnaissance, response and counter measures (1hr)

  • Introduction to the exam
  • Attack Kill Chain 101
  • Physical and virtual reconnaissance
  • Social engineering and phishing
  • Exploitation
  • Attacks (man-in-the-middle, rootkits, etc)
  • Cross-site scripting, session hijacking

Break (10min)

Segment 2 Information Security Vulnerability Management Process (1hr)

  • Frameworks
  • Common Policies
  • Controls, and Procedures
  • Regulatory requirements
  • Common Standards
  • Continuous Monitoring

Break (10min)

Segment 3 Security Architectures and securing corporate environments (1hr)

  • Defense in Depth
  • Reading Logs
  • System hardening
  • Sandbox and honeypots
  • Sinkholes

Break (10mins)

Segment 4 Common Vulnerabilities and Analyzing vulnerability scans (1hr)

  • Common vulnerabilities
  • Reading Vulnerability Reports
  • Assessments, Audits and Pen Testing
  • Security Data Analytics
  • Remediation recommendations

Day 2

Segment 5 Determine Impact of an Incident (1hr)

  • Network and Host Symptoms
  • Understanding point-in-time data analysis
  • Traffic and NetFlow Analysis
  • Wireless analysis techniques
  • Packet captures and log reviews

Break (10mins)

Segment 6: Incident Reporting, Communications and post incident response (1hr)

  • Forensic Tools and Investigation
  • Incident Reponses Symptoms and Recovery Techniques
  • Communication and stakeholders
  • Risks of remediation
  • Incident Summary Report

Break (10mins)

Segment 7 Access Control and Access Management Remediation (1hr)

  • Segmentation principles
  • Automated Network Access Control
  • Threat Containment
  • Context-based authentication
  • TACACTS+ and Radius
  • Single Sign-on

Break (10mins)

Segment 8 Cybersecurity Tools, Technologies and Software Developer Life Cycle (SDLC) best practices (1hr)

  • Software design best practices
  • Manual peer review
  • Stress testing and secure regression
  • SDLC
  • Preventive, Collective and Analytical security.
  • Final thoughts on the exam
  • Q and A