The CSA+ training program and exam are designed to help technicians mitigate the risks posed by signature-less malware by scrutinizing network data for tell-tale signs of vulnerability and infection.By Rich Freeman
IT membership organization CompTIA Inc. has supplemented its lineup of cybersecurity certifications with a new offering focused on the rapidly emerging field of security analytics.
Called the CSA+ certification and available immediately worldwide, the new training program and associated exam are designed to help technicians master the latest techniques for mitigating the risks posed by advanced persistent threats and other sophisticated forms of malware by scrutinizing network data for tell-tale signs of vulnerability and infection.
Those are problems that anti-virus solutions, firewalls, intrusion detection systems, and other signature-based security technologies often miss, according to James Stanger, senior director for products at Downers Grove, Ill.-based CompTIA.
“Those things are all important, but they only get you about 80 percent there,” he says. “There needs to be a different approach.”
That was a message CompTIA heard from the thousands of members it consulted with worldwide last year about security skills requirements.
“We realized that the security analyst job role is absolutely something vital that needed its own focus,” Stanger says.
It’s also one of the fastest growing employment categories in IT and beyond, according to the Bureau of Labor Statistics, which projects an 18 percent spike in security analyst job openings between 2014 and 2024.
The CSA+ certification is a new addition to a series of security credentials that CompTIA refers to as its “cybersecurity pathway.” Those include the Security+ certification for newcomers to the field and the CompTIA Advanced Security Practitioner, or CASP, certification for top-level security specialists.
“CSA+ kind of fits in the middle,” Stanger says, and is appropriate for people with 18 to 24 months of security experience and a thorough understanding of security basics.
The new offering arrives at a time when increasingly complex and subtle security threats are forcing businesses to invest more energy in hunting down and eliminating successful attacks, versus blocking them at the network perimeter.
“Nowadays it’s not about prevention. It’s about managing and absorbing hacks and properly responding to them,” says Stanger, who adds that CompTIA is presently updating both the Security+ and CASP curricula to reflect that new reality.
The CSA+ certification costs $320 in the U.S. and culminates with an examination that takes 165 minutes to complete.
Protecting networks and data from cybercriminals is one of the biggest challenges and investment areas in IT today. Global spending on security hardware, software, and services will grow at an 8.3 percent CAGR from $73.7 billion last year to $101.6 billion in 2020, according to IDC. That’s more than twice the rate of projected growth for IT spending overall during the same period.
In addition to updating its security certification offerings in response to trends like that, CompTIA created a cybersecurity advisory panel last month aimed at enhancing U.S. security readiness.