The Certified Defensive Security Analyst (CDSA) is a professional-level cybersecurity certification designed to validate practical, job-ready skills in defensive security, threat detection, and incident response.

Unlike theory-heavy certifications, CDSA focuses on real-world defensive operations, simulating the responsibilities of a SOC Analyst / Blue Team professional. Candidates are tested on their ability to analyze logs, detect malicious activity, investigate incidents, and respond using industry-standard frameworks and tools.

CDSA is ideal for individuals aiming to prove hands-on competence in:

• Security Operations Center (SOC) environments

• Blue Team and defensive security roles

• Incident detection, analysis, and response

• Threat monitoring and security monitoring workflows

The certification aligns with modern enterprise security practices and emphasizes practical defense over memorization.

Who This Certification Is For

• Aspiring SOC Analysts

• Blue Team professionals

• Cybersecurity students and graduates

• System & Network Administrators moving into security

• Professionals preparing for real-world defensive roles

CDSA Exam Format (You can adjust later)

• Type: Individual Certification Exam

• Focus: Defensive Security & Blue Team Operations

• Difficulty: Intermediate → Advanced

• Approach: Scenario-based & analytical

• Delivery: Online (SecByte Platform)

CDSA Full Syllabus (30 Modules)

Domain 1: Defensive Security Foundations

1. Introduction to Defensive Security & Blue Team Roles

2. Understanding Cyber Kill Chain & Attack Lifecycles

3. Blue Team vs Red Team vs Purple Team

4. Security Operations Center (SOC) Fundamentals

5. Cybersecurity Laws, Ethics & Compliance Basics

Domain 2: Operating Systems & Network Defense

6. Windows Security Architecture & Event Logging

7. Linux Security Fundamentals & Log Analysis

8. Network Fundamentals for Defensive Analysts

9. Network Traffic Analysis & Packet Inspection

10. Securing Endpoints & Servers

Domain 3: Logging, Monitoring & SIEM

11. Log Management Concepts & Best Practices

12. Introduction to SIEM Platforms

13. Log Sources: Windows, Linux, Network Devices

14. Correlation Rules & Alerts

15. Investigating SIEM Alerts

Domain 4: Threat Detection & Analysis

16. Malware Types, Behavior & Indicators

17. Detecting Phishing & Social Engineering Attacks

18. Brute Force & Credential-Based Attack Detection

19. Lateral Movement & Privilege Escalation Detection

20. Data Exfiltration & Insider Threat Detection

Domain 5: Incident Response & Handling

21. Incident Response Lifecycle (Preparation → Recovery)

22. Incident Triage & Prioritization

23. Evidence Collection & Preservation

24. Containment, Eradication & Recovery

25. Post-Incident Analysis & Reporting

Domain 6: Threat Intelligence & Frameworks

26. Introduction to Threat Intelligence

27. MITRE ATT&CK Framework for Defenders

28. Mapping Alerts to ATT&CK Techniques

29. Detection Engineering Basics

30. Blue Team Best Practices & Continuous Improvement

Certification Outcomes

After earning the CDSA, candidates will be able to:

• Monitor and analyze security events effectively

• Detect and investigate real-world cyber threats

• Respond to incidents using structured methodologies

• Work confidently in SOC and defensive security roles

• Apply industry frameworks like MITRE ATT&CK