CySA+ (CompTIA Cybersecurity Analyst) CS0-001

Author: Dale Meredith

This series provides an overview of the knowledge and skills required to prevent, detect, and mitigate information/cyber security threats and vulnerabilities. This series can be... Read more

CompTIA Cybersecurity Analyst (CySA+) CS0-001

In this series, you’ll learn how to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats and risks to an organization. These courses will also help you prepare for the CompTIA Cybersecurity Analyst (CySA+) CS0-001 certification exam.


Enterprise Security: Policies, Practices, and Procedures

by Dale Meredith

Apr 20, 2017 / 2h 38m

Beginner • 2h 38m

Start Course

Most companies are "reactive" instead of "proactive" when it comes to securing their networks, resources, and data. In this course, Enterprise Security: Policies, Practices, and Procedures, you will learn how to get ahead of the bad guys by looking at your infrastructure in a different manner. First, you will get a better understanding of the landscape and how fast it is changing. Next, you will delve into industry standards, frameworks, policies, and how these can affect your environment. Finally, you will learn about what tools to use and the need for penetration testing. By the end of this course, you will know how to keep up with the changes and continue to maintain a high level of security in your environment.

Table of contents
  1. Course Overview
    2m 16s
  2. Security Data Analytics: What's Going On?
    35m 26s
  3. Defense in Depth: This Is Where It Begins
    20m 46s
  4. Defense in Depth: What Tools Can You Use?
    33m 50s
  5. Defense in Depth: Drill, Test, Rinse, Repeat
    28m 42s
  6. The Fundamentals of Frameworks, Policies, Controls, & Procedures
    37m 1s

The Issues of Identity and Access Management (IAM)

by Dale Meredith

Jun 22, 2017 / 2h 55m

Beginner • 2h 55m

Start Course

IT networks face increasing threats from both inside and outside your organization. Traditional perimeter defenses can miss insider threats, such as password leaks and fraud due to staff complacency, as well as external online threats such as zero-day attacks. To limit the presence of these threats, many IT departments are using identity and access management (IAM) solutions. In this course, The Issues of Identity and Access Management (IAM), you'll learn to look at IAM from the perspective of the issues that it can create for your organization. First, you'll dive into Oauth/OpenID and where the weaknesses are. Next, you'll explore SSO and federations. Finally, you'll learn how to setup a hacking environment using the AutoLab. When you're finished with this course, you'll be able to look at your IAM solution and see if you're protecting yourself, as well as your users.

Table of contents
  1. Course Overview
    2m 30s
  2. It's All About Control
    23m 58s
  3. Managing Your Secret Identity
    15m 19s
  4. Other Authentication Methods
    26m 47s
  5. Identity Repositories
    24m 42s
  6. Building the Lab
    42m 53s
  7. Let's Look at the Exploits
    39m 25s

Secure Software Development

by Dale Meredith

Sep 12, 2017 / 3h 15m

Beginner • 3h 15m

Start Course

Most companies have a well-oiled machine with the sole purpose to create, release, and maintain functional software. Still, the growing concerns and risks related with insecure software have brought increased attention to the need to mix security into the development process. In this course, Secure Software Development, you will gain an understanding of the Software Development Life Cycle (SDLC) and the security implications that can arise to ensure that the software your organization uses is well written and secure through its lifespan. First, you will learn about the different options when it comes to following a SDLC. Next, you will delve into the 5 phases that software runs through as it is being developed. Last, you will dive into how vulnerabilities creep into your environment in ways you may have not considered. By the end of this course, you will be able to apply a proper SDLC and ensure that additional attack vectors aren't created by mistake (or on purpose) to expose your resources and networks.

Table of contents
  1. Course Overview
    2m 52s
  2. What’s the Software Development Life Cycle (SDLC)?
    19m 1s
  3. Software Development Phases
    19m 27s
  4. Software Development Models
    19m 35s
  5. Software Vulnerabilities
    13m 52s
  6. Coding Best Practices
    49m 29s
  7. Code Reviews
    19m 27s
  8. Security Testing in Action
    51m 35s

Performing and Analyzing Network Reconnaissance

by Dale Meredith

Feb 28, 2017 / 7h 24m

Beginner • 7h 24m

Start Course

You've been tasked as an "Incident Handler" and you are wondering where you start. Attackers typically start with doing a little "reconnaissance" of their target, so it only makes sense that you start there as well. In this course, Performing and Analyzing Network Reconnaissance, you will learn how to think like an attacker in order to stay a step ahead of one. First, you will learn about the two different steps of reconnaissance and scanning. Next, you will learn what to look for, how it's done, and what you can do to protect your infrastructures. Finally, you will learn about tools you can use that the attacker will use against you. By the end of this course, you'll know how to look at your infrastructure the same way attackers do, and understand the process to minimize those threats.

Table of contents
  1. Course Overview
    2m 15s
  2. The Two Steps
    35m 25s
  3. Initially What Do You Look For?
    44m 45s
  4. The More You Look, the More You Find
    40m 53s
  5. Other Reconnaissance Techniques
    38m 30s
  6. Reconnaissance via Google Hacking
    40m 35s
  7. Let's Not Forget PowerShell
    55m 16s
  8. Overview of Scanning
    22m 48s
  9. Understanding the 3-way Handshake
    21m 8s
  10. Checking for 'Live' Systems and Their Open Ports
    32m 6s
  11. Types of Scanning
    44m 19s
  12. Banner Grabbing and OS Fingerprinting
    30m 5s
  13. More Tools for the Utility-belt
    18m 9s
  14. Threats from Wireless
    18m 23s

Implementing and Performing Vulnerability Management

by Dale Meredith

Nov 20, 2017 / 3h 19m

Beginner • 3h 19m

Start Course

Networks aren't what they us to be, they're more complex than ever. Systems today are so interconnected and buried within those systems are thousands of undetected security vulnerabilities waiting to be used against you. Vulnerability Management systems are designed to recognize, rank, and remediate these vulnerabilities before an attacker gets a hold of them and exploits them to destabilize the privacy, integrity, or availability of your digital assets. In this course, Implementing and Performing Vulnerability Management, you'll learn about everything around vulnerability management. First, you'll learn about implementing a supportive vulnerability management VM program. Next, you'll explore through scanning. Finally, you'll dive into remediation steps that will help make sure attackers can't take advantage of you. By the end of this course, you’ll have enough knowledge to not only pick the VMP that’s right for you, but also how to use such applications to better the security of your network. Plus, you'll have all the information about VMP’s to help you with your CSA+ exam.

Table of contents
  1. Course Overview
    2m 38s
  2. What Do You Need to Start?
    56m 8s
  3. Shaping and Implementing Your Vulnerability Scans
    25m 49s
  4. The Scanners
    41m 14s
  5. Analyzing Vulnerability Scans
    21m 49s
  6. Remediation and Change Control
    13m 47s
  7. Remediating Host Vulnerabilities
    9m 55s
  8. Remediating Network Vulnerabilities
    14m 53s
  9. Remediating Virtual Environments Vulnerabilities
    13m 34s

Performing Incident Response and Handling

by Dale Meredith

Jan 24, 2018 / 5h 19m

Beginner • 5h 19m

Start Course

It’s not a matter of “if”, but rather “when” an attack is going to happen. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization. Once you’ve accepted that an attack will be unavoidable, your job now becomes "How do I respond to these situations?". This is where the role of an "Incident Responder" comes into play. What do you do when a system or device has been targeted? Well, that depends on the incident itself. In this course, Performing Incident Response and Handling, you'll start by making sure that you and your organization are prepared by learning about each of the security policies that you should have in place to clarify and focus everyone on the importance of keeping your resources secure. First, you'll learn about the actual process of detecting incidents and how to respond to them. Next, you'll explore the actual workflow steps that every security professional should follow to make sure you are consistent with all incidents that are currently affecting you as well as future ones. Finally, you'll dive into some of the more common incidents that take place in your networks by looking at how to handle and respond to issues like a DoS, a Session Hijack, or even Malicious Code. By the end of this course, you'll understand what is needed to help keep your network more secure by being more proactive and aware of what's happening in your environment.

Table of contents
  1. Course Overview
    3m 30s
  2. Preparing for Incident Response and Handling
    49m 6s
  3. Incident Response Processes
    43m 20s
  4. The Workflow of Incident Response
    40m 52s
  5. Networks and Host Attacks
    59m 11s
  6. Service and Application Attacks
    1h 10m 17s
  7. Malicious Code and Insider Threats

Preparing for and Executing Incident Recovery

by Dale Meredith

Mar 19, 2018 / 3h 24m

Beginner • 3h 24m

Start Course

Cybersecurity investigations are used to determine what events, changes, and other actions have happened on a device, who or what performed them, and what data is stored there. In this course, Preparing for and Executing Incident Recovery, you'll leanr how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag. First you'll learn how to be ready to conduct your own forensic investigations. Next, you'll learn what computer forensic techniques are used in a variety of scenarios, including police investigations, system misuse, compromise and malware analysis, and investigations related to internal policy violations. Then, you'll learn about how to create your own forensics kit, their contents, and the use of these devices and tools. Finally, you'll be shown some forensic suites and tools that provide you what you'll need to capture and preserve forensics data and to perform forensic investigations. By the end of this course, you will have discovered and developed new skills to tackle many cyber-security scenarios.

Table of contents
  1. Course Overview
    2m 43s
  2. Your Objectives Here
    42m 11s
  3. What Should Be in Your “Jump-bag”?
    28m 43s
  4. What About the Digital “Jump-bag”
    45m 44s
  5. Understanding the Incident Recovery Process
    33m 9s
  6. The Techniques of Recovery: Containment
    11m 45s
  7. The Techniques of Recovery: Eradication
    13m 42s
  8. The Techniques of Recovery: Validation and Corrective Actions
    11m 52s
  9. That’s a Wrap
    14m 57s

What you will learn

  • How to apply environmental reconnaissance techniques using the appropriate tools and processes
  • How to analyze the results of network reconnaissance
  • Given a network-based threat, how to implement or recommend the appropriate response and countermeasure
  • How to explain the purpose of practices used to secure a corporate environment
  • How to implement an information security vulnerability management process
  • How analyze the output resulting from a vulnerability scan
  • How to compare and contrast common vulnerabilities found within an organization
  • How to analyze threat data or behavior to determine the impact of an incident
  • How to prepare a toolkit and use appropriate forensics tools during an investigation
  • How to explain the importance of communication during the incident response process
  • How to analyze common symptoms to select the best course of action to support incident response
  • How to summarize the incident recovery and post-incident response process
  • How to explain the relationship between frameworks, common policies, controls, and procedures
  • How to use data to recommend remediation of security issues related to identity and access management
  • How to review security architecture and make recommendations to implement compensating controls
  • How to use application security best practices while participating in the software development life cycle
  • How to compare and contrast the general purpose and reasons for using various security tools and technologies


CompTIA recommends CySA+ candidates have a minimum of 3-4 years of hands-on information/cyber security or related experience. This path does not require any prior knowledge or experience.

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Kaplan®* practice exams. Sign in below or sign up for a free team trial.