Force7 Training
FRCCOM-9CompTIA

CompTIA CySA+(CSO-004)

This five-day instructor-led course prepares cybersecurity professionals to detect, analyze, and respond to threats while supporting Security Operations Center (SOC) functions.

Duration · 5 daysVirtual + In-PersonInstructor-Led

Course Description

This five-day instructor-led course prepares cybersecurity professionals to detect, analyze, and respond to threats while supporting Security Operations Center (SOC) functions. Students gain practical experience with security monitoring, vulnerability management, incident response, threat intelligence, and security reporting aligned to the CompTIA CySA+ (CS0-004) exam objectives. The course emphasizes hands-on analysis, real-world scenarios, and performance-based skills required for today's cybersecurity analyst roles. The CS0-004 exam focuses on Security Operations, Vulnerability Management, Incident Response & Management, and Reporting & Communication.

— Be First in Line —

Register Your Interest

We're finalizing the schedule for CompTIA CySA+(CSO-004). Add your details below and we'll notify you the moment a session opens for registration — no payment or commitment required.

Audience Profile

This course is intended for:

  • Security Analysts
  • SOC Analysts (Tier I and Tier II)
  • Incident Responders
  • Vulnerability Analysts
  • Security Operations Personnel
  • IT Professionals transitioning into cybersecurity

Prerequisites

Before enrolling, you should have:

  • CompTIA Security+ certification or equivalent knowledge
  • Networking and operating system fundamentals
  • Basic understanding of cybersecurity concepts
  • Recommended 3–4 years of hands-on IT or security experience

— What You'll Learn —

Learning Objectives

In this course, you will learn to:

  • 1Analyze security events and indicators of compromise.
  • 2Conduct vulnerability assessments and prioritize remediation efforts.
  • 3Investigate and respond to cybersecurity incidents.
  • 4Utilize threat intelligence and threat hunting methodologies.
  • 5Produce professional security reports and dashboards.
  • 6Support SOC operations using industry-standard tools and processes.

— Day-by-Day —

Course Outline

Day 1: Security Operations Fundamentals

Module 1

Cybersecurity Operations Overview

  • CySA+ certification objectives and exam structure
  • Security analyst roles and responsibilities
  • Security operations centers (SOCs)
  • Security frameworks and governance

Module 2

Security Architecture Concepts

  • Enterprise security architecture
  • Network and cloud architectures
  • Hybrid and multi-cloud environments
  • Virtualization and container technologies
  • Identity and Access Management (IAM)
  • Privileged Access Management (PAM)

Module 3

Logging and Monitoring

  • Log collection and aggregation
  • Log integrity and retention
  • SIEM fundamentals
  • Security monitoring strategies
  • Event correlation techniques

Day 2: Threat Detection and Security Operations

Module 4

Indicators of Malicious Activity

  • Host-based indicators
  • Network-based indicators
  • Application and cloud indicators
  • Identity-related anomalies
  • Business email compromise (BEC)
  • Insider threats

Module 5

Security Analysis Tools

  • Wireshark packet analysis
  • IDS/IPS technologies
  • Endpoint Detection and Response (EDR)
  • Extended Detection and Response (XDR)
  • Threat intelligence platforms
  • Open-source intelligence (OSINT)

Module 6

Threat Intelligence and Hunting

  • Threat actor profiles
  • MITRE ATT&CK framework
  • Indicators of Compromise (IoCs)
  • Threat hunting methodologies
  • Intelligence collection and analysis

Day 3: Vulnerability Management

Module 7

Vulnerability Assessment Planning

  • Asset identification and inventory
  • Vulnerability management lifecycle
  • Internal and external assessments
  • Credentialed and non-credentialed scanning
  • Active and passive scanning methods

Module 8

Vulnerability Analysis

  • Vulnerability prioritization
  • Risk scoring and CVSS
  • False positive identification
  • Threat exposure analysis
  • Compliance and baseline assessments

Module 9

Remediation and Mitigation

  • Patch management processes
  • Configuration management
  • Compensating controls
  • Change management considerations
  • Validation and verification testing

Day 4: Incident Response and Management

Module 10

Incident Response Frameworks

  • Cyber Kill Chain
  • MITRE ATT&CK
  • Diamond Model
  • Incident response methodologies

Module 11

Incident Handling Process

  • Preparation
  • Detection and analysis
  • Containment strategies
  • Eradication techniques
  • Recovery procedures
  • Post-incident activities

Module 12

Digital Forensics Fundamentals

  • Evidence collection
  • Chain of custody
  • Artifact analysis
  • Root cause analysis
  • Lessons learned processes

Day 5: Reporting, Communication, and Exam Preparation

Module 13

Security Reporting

  • Executive reporting
  • Technical reporting
  • Vulnerability reporting
  • Incident reporting
  • Compliance reporting
  • Security dashboards and metrics

Module 14

Communication and Stakeholder Management

  • Escalation procedures
  • Stakeholder communications
  • Security awareness messaging
  • Risk communication techniques

Module 15

Security Operations Automation

  • SOAR fundamentals
  • Workflow automation
  • API integrations
  • AI-assisted security operations
  • Process improvement strategies

Module 16

CySA+ Exam Preparation

  • CS0-004 exam domains review
  • Performance-based question strategies
  • Practice assessments
  • Test-taking techniques
  • Certification preparation roadmap

— Additional Details —

What else is included

Hands-On Activities Included

  • Security architecture review
  • SIEM log analysis
  • Log collection and event monitoring exercises
  • Packet capture analysis
  • Threat hunting exercises
  • Threat intelligence investigations
  • Security event analysis
  • Vulnerability scanning
  • Risk assessment exercises
  • Vulnerability prioritization workshops
  • Remediation planning activities
  • Incident response scenarios
  • Malware investigation
  • Evidence collection exercises
  • Root cause analysis workshop

Note: Course outlines are provided as a general guide. Content, pacing, labs, and instructional emphasis may vary based on instructor expertise, student experience levels, and customer-specific learning objectives.

— Keep Exploring —

Need a different angle?

Browse the full CompTIA catalog or chat with an advisor about a custom training plan for your team.