Two CompTIA cybersecurity certifications will be updated in 2020: CompTIA Security+ (Q4) and CompTIA Cybersecurity Analyst (CySA+) (Q2). Although the related core job functions remain the same, both certifications will be impacted by cybersecurity trends we’re seeing in the industry. I recently did an interview on YouTube where I discussed the CompTIA Cybersecurity Career Pathway and how we update our certifications to reflect industry trends.
CompTIA works closely with industry partners to ensure our certifications align with current job roles and responsibilities. Technology changes frequently, so we update our exams every three years to meet industry needs and make sure IT pros keep their skills current. When IT pros renew their certifications through continuing education, they validate their knowledge in technology areas that matter to employers today.
In my conversations with CompTIA Subject Matter Experts (SMEs) during the exam development process, we reviewed the draft exam objectives and discussed the trending skills. Here is a summary of the findings.
6 Cybersecurity Trends Impacting Cybersecurity Careers and CompTIA Cybersecurity Certifications
1. Security in Cloud Computing
Expect the cloud to play a larger role in CompTIA Security+ (SY0-601) and CompTIA CySA+ (CS0-002) in 2020. The core technical cybersecurity skills are largely the same (e.g., a firewall is a firewall), but the infrastructure environment will differ. Data is either on site or it’s in the cloud. The main difference will be policy. When storing your data on third-party systems, there must be rules of ownership and agreement about security in the cloud and how you’ll work on the systems.
2. More Cybersecurity Threats, Attacks and Vulnerabilities
The list of cybersecurity threats, attacks and vulnerabilities continues to grow, and cybersecurity professionals need a new understanding to defend against them.
Newer attacks, such as drone reconnaissance, use drones to fly over facilities to collect data for eventual attacks. One of the IT technicians I spoke with flew a drone over his company’s enterprise campus to identify vulnerabilities. The drone scanned computer networks as it flew over, and the technician was alarmed by the weaknesses it found. In response, his company set up surveillance systems and cameras to identify low-flying objects entering its airspace. The risk was too great to ignore for its national defense work.
3. Software Security
Bad actors are hacking more networks, but networks are holding up better than ever, thanks to five solid years of global investment in cybersecurity. Since the historic cyberattacks of 2013 - 2014, most organizations realized that cybersecurity is a necessary investment. Companies have hired certified and experienced cybersecurity professionals.
But during this time, the software development process has become a larger risk. Cloud services made it easier and faster to develop software. Software and IoT devices were released before adequate cybersecurity testing. Think of the rash of home surveillance hacks. To help solve the problem, organizations are hiring application security analysts, who are cybersecurity analysts focused exclusively on software.
CompTIA CySA+ will cover more application security analyst skills, while CompTIA Security+ will cover cybersecurity best practices for the software development life cycle (SDLC).
4. Proactive Cybersecurity Defense and Threat Intelligence
Five years ago, the emphasis was on capturing network traffic and reacting to the findings. This task is still employed, but cybersecurity professionals must be more proactive with their defense and threat intelligence. It involves monitoring for application security and predicting/searching for incidents before they arrive at the security operations center (SOC). Cybersecurity professionals can also participate in Information Sharing and Analysis Organizations (ISAOs) and Information Sharing and Analysis Centers (ISACs), like the CompTIA ISAO, which provides the opportunity to share cybersecurity information and best practices with a trusted group of peers as well as access thread feeds and threat intelligence platforms. Growing job roles covered in CySA+, such as threat hunter, bring new techniques for finding incidents outside of the SOC.
5. Cybersecurity Governance, Regulatory and Compliance
Cybersecurity professionals must ensure their tasks comply to IT regulatory standards that affect their daily work. For example, CompTIA CySA+ now includes a compliance and assessment domain because security analysts must understand how to help their employers comply with and maintain government regulations to avoid fines. Growing job roles such as compliance analyst demonstrate the importance of regulatory compliance.
6. More Incident Response
Incident response skills are expanding into embedded/IoT devices, cloud security environments and automation, and that will be reflected in the updated CompTIA CySA+.
For example, many SOCs are implementing automated incident response to help get through the tens of thousands of security alerts they receive each day. A security information and event management (SIEM) system, such as Splunk, can be configured with Phantom, which is a Security Orchestration and Automated Response (SOAR) device. Phantom sends a series of commands to Splunk, called playbooks, which can perform tasks, such as quarantining devices.
With collaboration from SMEs and other industry experts, CompTIA stays on top of cybersecurity trends like these to ensure our certifications meet the needs of employers and IT pros. Learn more about all the certifications along the CompTIA Cybersecurity Career Pathway and download the exam objectives to see what skills you need to advance your cybersecurity career and keep your organization safe.
Patrick Lane, M.Ed., is a Director of Product Management for CompTIA. He manages cybersecurity workforce skills certifications, including CompTIA Security+, PenTest+, Cybersecurity Analyst (CySA+) and CompTIA Advanced Security Practitioner (CASP+).
He assisted the U.S. National Cybersecurity Alliance (NCSA) and the Director of Cybersecurity Policy at the National Security Council (NSC) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a variety of IT projects as a network administrator, systems administrator, security analyst and security architect.
Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, assisting the Defense Information Security Agency (DISA) with scalable SIEM techniques from the private sector, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security (Syngress/Elsevier). Patrick has received certifications in CompTIA Network+, Security+, (ISC)2 CISSP, Microsoft MCSE and CIW Internetworking Professional and Server Administrator.