CySA + Certification Coffee Chat
Celebrating my newest certification…CySA+ is officially in the books!
Out of all the certs I’ve taken (and I’ve taken a few), this one definitely leaned toward the harder side of intermediate. The PBQs were no joke. Honestly? I found both CISSP and CISM easier. If you’re planning to take it soon, here’s a breakdown of the resources I used…and some thoughts on what was worth it, what wasn’t, and what I’d do differently.
📚 My Study Stack
Jason Dion’s Udemy Course
He’s solid. I like his teaching style. That said, he tends to throw a lot of information at you…way more than you actually need for the exam. Great for overprepping, though. His practice exams? Highly recommend. They were way more difficult than the actual exam, in my opinion.
Sybex Study Guide
This book is a classic for a reason. The layout is clean, the review questions are solid, and the little “exam tips” boxes are gold. I used this more as a reference when I wanted a deeper dive into a topic. I did not read it from cover to cover.
Pocket Prep
Such an underrated gem. The mobile app made it easy to sneak in quick questions whenever I had five minutes to spare. I will definitely be using this to study for my next exam. While the questions didn’t cover what you need to know for PBQ’s it gives you a really solid base of understanding. I found the questions fairly similar to the actual test in some cases.
ChatGPT (Custom GPT for CySA+)
I built out a custom GPT to help quiz myself, summarize topics, and walk through logs and attack scenarios. If you’re not using AI to support your studying at this point, you’re missing out on a huge opportunity.
CertMaster Learn
I used this early on to get familiar with the content, but I’ll be real….it felt way easier than the actual test. Still useful, just don’t let it be your only prep tool. I did think their PBQs helped me get familiar with what to expect on the exam.
TryHackMe – SOC Analyst Path
Hands-on labs matter, especially for the performance-based questions. I focused most of my time here on log analysis, event correlation, and some Nmap refresher work. Definitely helpful.
YouTube
Network Chuck – Love his vibe, and he makes things so digestible. He is very easy to watch and makes topics like NMAP fun to learn about.
Logs, Logs, Logs and More Logs
Seriously, if you take nothing else from this post, take this: get comfortable with logs. I cannot emphasize this enough. The CySA+ exam will test how well you can read and interpret logs, not just memorize terminology.
You’ll want to practice reading firewall logs, proxy logs, endpoint logs, and email headers. Know how to spot the signs of suspicious behavior, like failed login attempts, privilege escalation, port scanning, or data exfiltration patterns. Don’t just memorize what those things are; learn what they look like in the logs.
One of the biggest focus areas for me was phishing email analysis. Learn how to break down an email header and determine if the message is spoofed. Check for mismatched SPF, DKIM, and DMARC results. Understand what each field in the header tells you, especially the Return-Path, Received headers, and From address.
Then, take it a step further and practice correlating that with what’s happening on the endpoint or in the SIEM logs. For example:
Did the user click the link?
Was malware downloaded?
What process was triggered?
Did the host reach out to an external IP?
This is where event correlation becomes critical. You’re not just identifying single indicators of compromise—you’re stringing them together into a story of what happened.
Also, Nmap. Know it well. Understand the difference between TCP SYN scans, ping scans, and service version detection. You don’t need to memorize every flag, but you should recognize the scan types and know what kind of output they generate. The exam will throw CLI output at you and expect you to interpret it.
This is where tools like TryHackMe and even spinning up your own mini lab come in handy. Simulate an attack, generate some traffic, and then read the logs. That’s where the real learning happens.
If you’re prepping for it or thinking about taking the plunge, feel free to message me. Happy to chat about what worked, what didn’t, and what I wish I’d done sooner.
On to the Pentest +!
If you enjoyed this post and found it helpful, please consider buying me a coffee!