My roadmap for passing the CompTIA CySA+ (CS0-002) with 1.5 years of IT experience

Why I chose the CySA+

It’s been a while since writing one of these posts, but hopefully, this is helpful to anyone looking for some tips or tricks for the CompTIA CySA+ exam.

So as the title suggests, I’ve been in IT now for one and a half years. This was a career change and taking and passing the CompTIA trifecta was my key to breaking into this field. If you’re interested, I wrote a post summarizing how I was able to study for and pass those 4 exams in about 3 months with no previous IT experience.

My role when I started here was “helpdesk support” but the nature of this company and the fact that there were only two IT employees (myself included) when I started, meant that I quickly learned all of the different systems and processes and was promoted to Systems Administrator within the year.

One consistent theme I kept coming back to in my role was security. When you manage an ecosystem that had been cobbled together by different managers and employees over the years, you end up learning a lot of workarounds and band-aid solutions to security issues. One of the main areas my manager and I wanted to focus on this past year was on hardening our systems, reducing our attack surface, and redesigning our systems as best as possible to implement as much security as possible without losing functionality.

The Security+ certification helped to give me a general overview of IT security but it didn’t go far enough to provide the expertise I needed as a systems administrator to help me proactively build a more secure environment and make sure I wasn’t missing larger threats in the process.

After completing the trifecta I knew I wanted to specialize in security and told my manager that I wanted to continue my education and pursue more security certifications. He was supportive of my efforts and I booked an exam date for the CompTIA CySA+. It seemed like the logical next step after the trifecta.

I know there are many other security certs out there, but truth be told, I was already familiar with CompTIA and felt like the progression to the CySA+ made the most sense. On top of that, I knew that obtaining the CySA+ would refresh the expiration date on my precious CompTIA certs and would also net me an additional CompTIA stackable certification. If you’re not familiar with stackable certifications, these are certs that automatically get awarded when you obtain a certain combination of CompTIA certifications and don’t require any additional exams. In this case, having both the Security+ and the CySA+ certifications earns you the CompTIA Security Analytics Professional (CSAP) stackable certification.

I’m honestly not sure how much of an impact these stackable certifications have, or if they make any notable difference when a recruiter is looking at a prospective hire’s list of certs, but I figure having extra certs can’t hurt, even if they’re not as sought after as the core certifications.

How I Prepared this Time

I set the exam date for a few months in the future. I knew I wouldn’t have as much time each day as I did when I was studying for the trifecta and I also didn’t want to cram as many hours each day studying for this exam. I figured I could study here and there and pace myself, reviewing concepts as I went.

The idea was solid, but there were some major drawbacks as well.

For one, my motivation wasn’t as strong as it was when I was studying for the fundamental certifications. Back then, I was trying to leave my previous career in the middle of a lot of life changes. Failure was not an option. On top of that, I only gave myself a few weeks to study for each exam as I only had about two months to complete the trifecta and find my first IT job all before summer ended and I’d either have to quit my teaching job and continue my search un-paid, or go back to work teaching and put off the career change until the following summer. There was always a ticking clock over my head and I had to commit to studying as my full-time occupation.

Because of the reduced urgency and motivation, I found myself putting studying for this exam at the very bottom of my list of priorities. After all, I knew I could pass CompTIA exams with only a few weeks of studying so I didn’t sweat it.

The first thing I did was see if Professor Messer (his video series and study guides for the CompTIA trifecta exams had been my bread and butter) had a series for the CySA+ exam. I was very disappointed to see that he did not. In fact, I was disappointed at the overall lack of materials available for this exam compared to the A+, Net+, and Sec+ exams, for all of which there seemed to be an endless amount of study resources and content.

A quick YouTube search, however, did turn up something else. It’s a channel called Certify Breakfast, and its creator, Andrei Ciorba, had a COMPLETE CySA+ study course. I started watching these videos and was very pleasantly surprised by the quality of this content. Similar to Messer’s videos, he overlays himself talking through a slideshow that breaks up exam topics into small chunks, and he even shares screen recordings of him demonstrating certain processes on his own machines which is extremely helpful if you don’t have access to all of the tech recommended by CompTIA to familiarize yourself with the hardware and software covered by the exam.

The first few videos are more of an overview of the exam and the security fields it applies to, but once it got into the meat of the content it was very clear that he based content on the CompTIA exam outline. He doesn’t go through the exam sections in chronological order the same way that Messer does in his courses, but he does touch eventually on every single topic on the official exam outline.

The way Andrei structures the topics is comprehensive and his videos lend themselves to easy note-taking. I thought his approach was very appropriate for the level of the exam. He assumes some competency in IT, so basic concepts aren’t overexplained, but he does provide quick reviews and links for important or supplemental information. He also injects a good bit of humor and banter into his videos, so it feels friendlier than other study courses as well and the content isn’t dry.

My previous approach had always been to watch the videos as quickly as possible (sped up as well) and try to absorb as much content in that way. I’d only pause to take notes on topics I didn’t know or thought I wouldn’t retain just by watching the videos. I’d later use these limited notes to make flashcards for further studying.

This approach was a necessity for my previous exams given my limited time before the test. I couldn’t take careful notes on each topic because I had learned that the time spent doing wasn’t worth it, and would only cost me precious time to review and take practice exams after finishing the course.

This time, though, I had what seemed like all the time in the world. I decided I’d give myself the luxury of going through at a slower pace and taking detailed notes on every single section of the exam. Unlike Messer’s course, Andrei didn’t provide any notes or outlines for purchase, so I wouldn’t have any text to reference outside of his videos. I reasoned that if I took the time to write down my own notes, I could have a handy and detailed document to help me when I’m reviewing, and even beyond the exam if I ever wanted to reference any topic of processes covered in the exam.

I began taking notes in Google Docs and soon regretted it as my document grew and grew and the outline became an ever-growing list, despite my careful efforts to nest topics using different headings.

I decided that Microsoft OneNote would be a better medium for my notes, so I took a session to copy over all the work I’d done into OneNote, but the results were worth it. There are a total of 58 sections, so I figured I’d end up with just under that number of sections since I didn’t take notes on the first few intro videos. OneNote lends itself pretty well for organizing longer-form documents since you can create pages under each section and nest pages to create sub-pages as needed. It was also helpful to do this on two monitors as I could take screenshots of any important diagrams or images from the videos.

I didn’t write down everything he said but made sure to copy down the text in the videos (bullet points) along with my own paraphrased notes along with anything I thought would help me when it came time to review.

Not gonna lie, despite the fact that this course has far fewer videos than Messer’s course playlists, it could feel like a slog at times given my lack of urgency and decreased motivation to study. Andrei’s videos tend to be longer than the bite-sized 2-6 minute messer videos. On average, Andrei’s videos are about 20 minutes long, but some of them creep toward the hour mark. This means that instead of breezing through dozens of videos in a single session as I did with Messer, I found myself having to dedicate longer chunks of time and attention and it wasn’t as rewarding to complete one or two videos as it would have been to fly through 15 Messer videos in that same time. The pacing makes it harder to feel like you’re on a roll, but it was important for me to not feel discouraged even when I had to keep coming back to the same video in different sessions.

Halfway through the course, I purchased Jason Dion’s practice exams on Udemy for $13.65. It includes 6 practice exams and decided to take one halfway through the course as a sort of baseline. I definitely encountered several questions that I was completely unsure about so I chalked it up to material I hadn’t gotten to and didn’t sweat it. I ended up scoring a 62%, which would be a failing score if it was the actual exam, but I felt pretty good about that score at that point. After all, it was a decent baseline and I’d used Dion’s practice exams for my previous certifications and I found his exams to always be harsher than the actual CompTIA exams. Jason tends to include a handful of questions on each exam unrelated to the exam’s scope to keep you on your toes which always whittles away your score, even if you’ve carefully reviewed all the outline’s topics.

As always, I always recommend immediately reviewing each question, paying special attention to the ones you missed, since Jason does provide an explanation to every question. After this, I re-took the exam, making sure to catch and correct the incorrect questions and trying to commit these types of questions to memory.

This was the core of my studying this time around. I’d complete a chunk of the course, take notes along the way, take another practice exam, rinse, and repeat. I made sure to save 3 practice exams for my review period after I’d finished all 58 sections of Andrei’s course and taken all necessary notes.

This is where I found myself growing more and more frustrated.

I was happy when I took the second practice exam (still before finishing the course) and saw my score jump up from a 62% to a 74%, but then I found myself staying in the low 70’s and even dipping back to the low 60’s during subsequent exams. There were a couple of RegEx-related questions on each exam so I made sure to devote some time to learning regular expressions since I often missed these on the practice exams. These questions were annoying since I knew the concepts, but found myself choosing the wrong answer only because I wasn’t very familiar with regular expression syntax. Other than that, I found myself missing questions due to exhaustion and missing certain wordings or other details. I know that if I took more time and attention, the way I would during the real exam, I would have caught these mistakes but I was moving faster on these practice exams than I would on test day. I’d recommend taking the time if you want a more accurate score.

I had a lot of life events that impacted my studying schedule, so I finished the course less than a week before the exam. This cut down on my review time significantly and I found myself rushing near the end.

What I did after finishing the course was to go back and skim all my OneNote notes, and create physical index cards for every concept that needed more reviewing. I decided that I’d spread out my last 3 practice exams, saving the final one for the day before the exam, when I was sure I’d reviewed all I possibly could in that time.

Some helpful online resources I found were flashcard sets on Quizlet. I ended up signing up for a 30-day trial of the premium plan (and thankfully remembered to cancel it after I was done using it) to be able to review those flashcards in addition to the ones I’d created on index cards.

I noticed a big rift between how prepared I felt vs. the unchanging scores on the Jason Dion practice exams. The scores for my first attempts at taking the last 3 exams were: 73%, 73%, and 70%, all considered failing scores according to the practice exam. At the same time, it seemed as though I had a very solid grasp of the concepts on the index cards. I could recall and explain every concept I’d noted as challenging, and skimming the CompTIA outline I could say with equal confidence that I could hold my own on questions related to any of those topics.

If I had more time, I would have wanted to play around more with security software such as network scanners, enumeration tools, and web proxies, but as was usually the case with CompTIA, knowing enough to answer questions correctly usually did not require in-depth hands-on experience but rather a decent understanding of the tool’s uses and being able to understand its output. To make up for my lack of hands-on practice with some of these tools, I ended up watching YouTube videos of tutorials or people setting up and running scans with these different pieces of software. More important than knowing how to set up and run a network scan, for example, is knowing how to decypher output logs from these scans as these logs did show up often on practice tests as well as the real exam.

Since I ran out of official Jason Dion practice exams, I went back and re-took them. I felt better seeing the 97-100% scores but only slightly better since I knew these results were a matter of having remembered the correct answers as opposed to being able to answer them correctly the first time. It was a bit of a confidence boost to go into the final stretch without seeing “failed” at the end of the final practice exam. I scoured the internet for any free practice quizzes (I found the quality of these to be so lacking that I won’t bother to post links to any) and I found myself doing very well on these.

Leading up to the exam I found myself reviewing the following topics the most:

  1. Scan and program output logs
  2. Reviewing important ports
  3. Brushing up on IT fundamentals: common ports and port classifications, IP address categories, 7 layers of OSI model, etc.
  4. Security regulations, regulatory bodies, and roles
  5. Frameworks for offensive and defensive security (cyber kill chain, ATT&CK framework, diamond model, reactive vs. proactive security)
  6. Program command scripts and syntax (nmap, Linux, Windows, netstat, etc.)
  7. Security automation protocols and functions (SCAP and underlying protocols)
  8. Attack vector classifications and attack types
  9. Incident response steps and best practices
  10. Network and firewall configurations

I crammed until my head hurt (I know that’s a bad thing to do, but life got in the way and I did not want to reschedule my exam). I got some sleep the night before the exam and finished reviewing my index cards over breakfast at a diner by the testing site. I felt confident but wasn’t sure what to expect given how different studying for this exam had been compared to all previous CompTIA exams I’d taken.

Results and Lessons Learned

The exam itself was fairly straightforward although for obvious reasons I can’t give any specific details other than a general overview of my impressions and experience.

As always, my time-honored strategy was to flag the Performance Based questions, skip them, and come back to them AFTER answering all the multiple-choice questions.

I didn’t encounter any RegEx questions, so that was a relief, but there were several questions on output logs as expected.

There were only two questions during the multiple-choice section that I wasn’t sure about, so I flagged them and came back to them. Otherwise, it seemed a little too easy, which was concerning. Any exam that seems too easy is usually deceptively so.

I made sure to read the wording carefully and found myself saving myself a couple of times by changing my answer after re-reading carefully and seeing something I’d overlooked.

The PBQs were fairly straightforward and did a good job of applying the knowledge from the test in a lab format. There was only one PBQ related to scanning that I ended up submitting without being confident about all of my answers, but for the others, I found I could more or less use the process of elimination to help myself figure out even if I wasn’t immediately sure of something.

I held my breath as I finished the survey and let out a sigh of relief when I saw I’d passed.

I was less sure about passing this exam compared to others just based on how low my practice scores had been compared to previous exams where I had managed to score in the high 80-90% consistently.

In the end, I scored 764/900, 14 points over the minimum passing score of 750. This came out to about 84%. I honestly thought I’d scored higher but all in all, I was happy to have passed.

I had such little time to review at the end and I was so utterly exhausted and sleep-deprived for more reasons than the looming exam that I tried not to beat myself up too much for not scoring higher.

So what did I learn after trying out this drastically different approach?

  1. It was helpful to have my notes when I was reviewing, but I don’t think the time spend writing down every single concept justified the benefits of having them. It’s cool that I have a complete outline of notes for the Certify Breakfast course, but I think I could have finished the videos much sooner and spent more time reviewing them to better results.
  2. I really think I should have postponed my exam and given myself more time to review and feel comfortable. Because of extenuating life events, I did not think postponing the exam was a good fit for me, but I took a big gamble trying to pass when I was so exhausted and had such little time to prepare. It paid off, but barely.
  3. I would change my approach to Jason Dion’s practice exams. I was so eager to start seeing progress and results that I jumped in and used 3/6 exams before even finishing the course. This means that I used up 3 practice exams that I could have otherwise spaced out and been more prepared for. Instead, the lower scores (due to not having covered all the test materials when I took them) were a de-motivating factor, and by the time I had felt like I’d fully reviewed all the concepts I only had one practice exam to try, and I took it late at night the night before the exam… not exactly ideal.
  4. As always, it’s important to take Jason Dion’s scores with a grain of salt. There will always be a handful of questions that he’ll throw in that go beyond the scope of the exam. Yes, they will likely make it harder to achieve very high scores consistently, but on the flip side, getting one of these questions right is a confidence boost, and reviewing these questions (whether you got them right or wrong) will always give you a bit more content for your brain leading up to the exam that may even help out on a question or two if you’re lucky. The goal is always to pass, not to achieve perfection.
  5. As opposed to the trifecta exams, this exam definitely feels like the advanced certification that it is. It’s recommended that you have at least 4 years of IT experience, and I can see why they recommend this. Having first-hand experience in IT, problem-solving, networking, and procedures definitely come in handy as the exam assumes a certain level of knowledge/competence going into it. The questions aren’t a matter of matching the concept to the definition as many were in the fundamentals exams, but require more nuance and background knowledge to sus out the best answer, from answers that may also be correct, but not as targeted.

Final Thoughts

The limited amount of materials available and the more advanced nature of this exam puts the CySA+ a few notches ahead of Sec+ in terms of difficulty. I did not purchase any official study materials from CompTIA or other test prep companies, so I can’t evaluate that method of preparation, but using the Certify Breakfast youtube playlist, combined with Jason Dion’s practice exams, and the official CompTIA outline to Google and research topics beyond those resources was enough for me to pass. I also can’t discredit my 1.5 years of experience in helpdesk and then as a sysadmin as I found myself needing to review much fewer topics this time around than I did when I was taking on these exams with no frame of reference or experience to fall back on.

My biggest hurdles this time around were running out of time in the end, and not being able to spread out my studying and reviewing time, along with burning out as a result of me trying to cram instead of changing my test date.

I’m not sure I would recommend taking detailed notes beyond concepts that need extra review and attention. I think the surplus of initial time and the lack of urgency/desperation was a double-edged sword in my case and ended up leading to me not making studying a priority until the days leading up to the exam.

I also spent a lot of time trying to differentiate between every single commercial and open-source program, software, and piece of hardware mentioned in the exam but I found that it would have been a lot more helpful in general to study the logs and data produced by these programs, as a lot of them do share similarities in this regard and these logs and outputs tend to be a lot less intuitive than say, the program’s interface and operation.

All in all, the differences between my own studying roadmap and the exam itself make it difficult to pin down definitive areas of weakness and improvements, but I found that the fundamentals still apply: stick to the CompTIA official exam outlines and requirements, pick a source/course/book to go over the content fully (in my case the Certify Breakfast course), make flashcards for difficult concepts (Google is your best friend!), purchase and use practice exams, get hands-on experience when possible and watch tutorials when it’s not possible, and give yourself plenty of time to review and rest before the exam.

I broke a few of my own rules and saw the negative consequences of this, but thankfully it wasn’t enough to sink my first attempt at this exam.

Now I’ve got two extra certs under my belt (one is a stackable cert since I already had Sec+) and I can finally get some sleep.

Eventually, I’ll start thinking about scheduling my next certification (PenTest+? Maybe some cert outside of CompTIA?), but I’m not quite there yet. I think I’ve earned a bit of rest in the meantime.

Hope this helps someone out there!


  • George K.E

    Hello Alejandro, It was awesome reading your blog on your journey to accomplishing your goal. I am also preparing for the CySA+ certification. I was browsing the internet to find info on how the CySA exam will be and how long it will take to prepare for the exam and that’s when i found your blog. If possible, could you please send the notes to my email ID?

    • Alejandro Avalos

      You got it, thanks so much for checking out the blog and I hope it was helpful! Notes are incoming. Please comment when you pass to encourage others! Thanks

  • Nathaniel Keryordeh

    Hi, I enjoyed reading your article, it was very well laid-out. I am also looking to move into Cyber Security. I have some experience with Linux CLI System Admin work thanks to an internship after a bootcamp; however I was wondering what your opinion would be of transitioning to IT from a more holistic view. I am currently pursuing my Sec+ ,and have CYSA in sight for some point in the future, so if you could send the notes that would be great. I appreciate you taking the time to read this message and for any information, insight, or thoughts you have on making the transition.

    • Alejandro Avalos

      Hey, thanks so much for the read. Glad it was helpful!

      In terms of a holistic view of transitioning to IT I think it depends on a number or factors, the biggest being: what is your current situation, what are your goals, both short-term and long-term, and what are you willing to sacrifice or unwilling to sacrifice to get there?

      Right now, the IT/tech market is still saturated from a lot of the post-COVID layoffs and companies shrinking their IT staffing. Plus, a lot more beginners are still entering the space who are still looking for the benefits of jobs in tech. I don’t say this to discourage you, but it’s something to keep in mind since it will just mean a lot more time and energy spent in applying for jobs, interviewing, and it could mean waiting longer for a good entry job in IT. Also, lots of people migrated to IT/tech jobs during and post-lockdown for the remote/hybrid flexibility. A lot of jobs still offer remote positions, but they’re not as common as they used to be. Lots of people with current remote/hybrid schedules are being pressured to go back into the office and less and less remote/hybrid job postings are being offered.

      It sounds like you have an interest in security based on your comment and the certs you’re pursuing. I also wanted to break into IT because I was only interested in security, but as my mentor once told me: “there’s no such thing as an entry level security job.” What that means is that even an entry level security role such as Jr. SOC/Security Analyst will usually want candidates to have at least a couple of years of IT career experience and the skills/real world experience to back it up, not just a certification. As with everything, I’m sure there are exceptions to the rule, but its very rare to hear of companies hiring someone with no prior IT job experience for a security role.

      That’s why instead of focusing on looking or a security gig from the start, I looked for an entry-level IT role that would give me a lot of hands-on experience that would let me get started with performing more of a sysadmin role. If you haven’t already, I’d recommend reading this post I made that goes over my own experience breaking into IT here:

      The typical entry-level job for IT is some kind of help-desk, tech support/repair role. If you start at a larger company doing support for them, it might take longer to work up the ranks as you’ll likely have to move up from Level 1, up to higher levels, until you can get any kind of admin or management role. My recommendation is to look for Jr. Sysadmin roles at smaller companies like I did, since jobs like this will have you managing larger systems and tech stacks such as servers, networks, Active Directory, IAM, backup systems, and depending on the company and their budget, maybe even security systems like managed firewalls, endpoint protection, SIEMS, and other controls. A couple years in a role like this will prepare you to leap into a security role once you have the skills and experience.

      Another important factor is having realistic salary expectations. I had to take a considerable pay-cut because I was leaving a teaching career that I already invested 8 years into. Short-term I would have been financially better off staying in that career, because I knew I’d make more by staying than I would in an entry-level IT role, but long-term, I knew I could probably exceed my salary at that time after a few years in IT, whereas if I’d stayed in education, my salary would have gone up much slower and capped much lower than I knew I could eventually make in security. So I had to take a short-term hit to get that long-term benefit. Thankfully I could make it work, but not everyone has the privilege of weathering out a short-term pay-cut to realize long-term gains. Security salaries are great, but you can expect to make anywhere between 25-40k for most entry level IT roles, depending on where you live of course. The benefits of working in IT and tech is that there are a lot of paths and specializations, so you can easily keep learning, specializing, earning certifications, and continue to increase your salary more than many other careers with a more fixed path. Once you have enough experience you could go into consulting, start your own business, develop your own apps/startups, and even freelance on the side.

      So I guess to sum up my very long-winded comment:
      1. The IT job market is especially challenging now so be prepared to wait longer and potentially accept less than stellar opportunities
      2. remote and hybrid opportunities are still there, but shrinking
      3. Breaking into security will typically require years of experience in more general IT roles such as sysadmin, which will typically require experience in tech support/jr. sysadmin.
      4. Once you’re in IT, there are lots of potential for growth, but don’t be discouraged by the salary and benefits of entry level IT jobs
      5. Look for jobs where you’ll have a chance to build experience on lots of different systems, typically smaller companies with small in-house IT departments will have this. Think schools, local governments, medium non-corporate businesses that manage several franchises, office buildings, etc.

      In general, if It or security interests you, be ready to always keep learning and pushing past your comfort zone. It’s easy to get stuck or complacent in any role, but the world of tech moves so fast that it’s especially important to go the extra mile and never stop learning, creating, and exploring new ideas, tech, and solutions. It’s an incredibly rewarding field if you find the right role.

      I’m sending you the notes now, best of luck and please keep in touch!

  • Cj Espejo

    Hi Alejandro, I’ve been following your content ever since starting the A+. I recently completed the trifecta and I just scheduled my exam for the CySA+. Would you be able to share your notes? Thank you!

    • Alejandro Avalos

      Sure thing, just sent the notes your way. Best of luck, and thanks so much for following my site! Hope its been a good resource to you.

  • Keith Hayden

    Greeting Alejandro,

    Your post has some good information in it. I am starting my CySA+ studies and am scheduled for the exam on Feb. 5.
    If you have time could you possible send your notes. It would be appreciated. If you are too busy or don’t have them anymore. Thanks anyway.

    Best Regards,


  • Pranav

    Hi Alejandro,

    Your post was very helpful. I am taking my exam in 4 days and I would greatly appreciate it if you could share your notes.

    Thanks for your help

    • Alejandro Avalos

      Hi Pranav,

      Sorry I didn’t get to see this comment in time. I’m happy to send you the notes but you may not need them anymore. I hope you passed!

  • Will

    Hi Alejandro,

    I appreciate for sharing such a piece of helpful information. I have scheduled my exam for next month, it would be much appreciated if you could share your notes 🙂


    Thank You

    • Alejandro Avalos

      Always happy to share, need more of that in this world.

      I’m very well, thankfully. In a good spot career-wise but always trying to learn. Likewise!

  • Vincent Dijoux

    Hi Alejandro,
    First of all, congratulations for what you have achieved ! And thank you for taking the time to write down your experience, which is definitely helpful for us all.
    I would appreciate if you can share your notes withe me:
    I’m in the middle of my study book, next step will be to watch the videos of Certify Breakfast.
    Thanks a lot and good luck for your next challenges
    Best regards,

  • Alex Sanabria

    Hello and thank you so much for sharing your story! I studied almost identically to you for sec+ in terms of your study materials and how you felt before and after the exams! So I’m definitely not procrastinating as much I did for Sec+ for CYSA+! Please send me your notes if that’s okay! Either way thanks for the inspiring content!


  • Alex Sanabria

    Hello and thank you so much for sharing your story! I studied almost identically to you for sec+ in terms of your study materials and how you felt before and after the exams! So I’m definitely not procreating as much I did for Sec+ for CYSA+! Please send me your notes if that’s okay! Either way thanks for the inspiring content!

  • Taz


    I’m glad I stumbled upon this. Thank you for taking the time to write this. It seems like our thought processes are very similar in how we approach the exam. I finished my Sec+ at the end of last year using Prosessor Messer’s videos and Dion practice exams.

    Right now I’m studying for CySA+ using Certify Breakfast, sybex book for additional notes and I plan to get Dion’s exams later.

    I’m using one note for making notes and I’d love to see how your note-taking process was, because like you, I’m also writing everything down like various tools and what they do instead of knowing how to read logs. It’s honestly excruciating and time consuming that I’m starting to lose motivation.

    This is my email:

    Thank you in advance and congratulations on passing the exam! God bless.

    • Alejandro Avalos

      Happy to share the notes with you.

      Sending them now.

      Thanks so much for the comment and your thoughts. I hear you on the losing steam part, Hope the notes help you!

  • Taz


    I’m glad I stumbled upon this. Thank you for taking the time to write this. It seems like our thought processes are very similar in how we approach the exam. I finished my Sec+ at the end of last year using Prosessor Messer’s videos and Dion practice exams.

    Right now I’m studying for CySA+ using Certify Breakfast, sybex book for additional notes and I plan to get Dion’s exams later.

    I’m using one note for making notes and I’d love to see how your note-taking process was, because like you, I’m also writing everything down like various tools and what they do instead of knowing how to read logs. It’s honestly excruciating and time consuming that I’m starting to lose motivation.

    This is my email:

    Thank you in advance and congratulations on passing the exam! God bless.

  • Robin

    Hi Alejandro,

    Would you mind sending me your notes as well? I would like to pass the 002 before it retires. Thanks for sharing your experience and strategies.

  • Solomon

    Thank you for your thoughtful advice and recommendations. I am preparing to take the CySA+ exam and kindly share me the notes you took with my email address Thank you so much for your help in advance.

  • Ziaul

    Thanks for this page and your impressions Alejandro. I think you write well and it kept me interested!
    I passed my Secuirty+ today and I want to get the CySA+ (002) before they retire this one.
    I would love the notes if you wouldn’t mind.
    All the best to you.

Leave a Reply

Your email address will not be published. Required fields are marked *