CDSA/CJCA a few words

I do not intend to go too deep into a full review of the CDSA. There are already excellent write-ups covering the content in detail. What I want to reinforce is that CDSA is a very interesting certification, not necessarily because of the title itself, since it still lacks broader recognition among recruiters, but because the related Job Role Path is highly valuable, especially for people working on the defensive side of security.

Before taking the exam, I only had a general idea of how it would work based on things I had read. Around two years ago, while studying for an offensive certification, I completed the HTB Pro Lab Dante and really enjoyed the experience. It was a complete, stable, and easy-to-access lab environment. I expected CDSA to follow a similar line, and I was not wrong.

Last year, I took advantage of a year-end promotion and subscribed to the Silver plan on Hack The Box Academy. This subscription includes access to the CJCA exam, HTB Certified Junior Cybersecurity Associate, and one additional certification of your choice within the same price range. The available options were:

• HTB Certified Penetration Testing Specialist
• HTB Certified Web Exploitation Specialist
• HTB Certified Defensive Security Analyst
• HTB Certified Offensive AI Expert

Since I had effectively received the CJCA voucher, I started my studies there. Some Academy modules overlap across different Job Role Paths, so finishing CJCA was also a good way to understand the exam structure. After that initial experience, I decided to continue with CDSA, which is more aligned with my current work.

Even though I was already familiar with a large part of the content, it was useful to revisit key concepts and learn new things, especially in areas I do not work with as frequently, such as DFIR. To access the exam, students must complete the Job Role Path associated with the chosen certification. In the case of CDSA, that path is “SOC Analyst”.

Overall, the content is good. Some sections are much denser than others, but I do not see that as a negative point. It is all part of the learning process. That said, I did feel that some explanations could have been more complete, especially regarding the use of SIEM tools. I also expected more discussion around analyzing telemetry from EDR logs. Today, this kind of telemetry can be extremely useful when those logs are available.

I have more positive points than negative ones. I liked the redesign of the platform: it feels modern, and it makes continuing to study and collect new badges more engaging.

Highlight Modules

• Introduction to Malware Analysis
• Introduction to Digital Forensics
• Introduction to Threat Hunting & Hunting With Elastic
• Windows Event Logs & Finding Evil
• Windows Attacks & Defense

During the exam, I had a few brief disconnections from one of the machines, but I was quickly helped through the support chat. It was a basic mistake on my side: I was connected to the VPN on my main machine through OpenVPN while also using Pwnbox in the browser. Apart from that, the environment was very stable.

The exam lasts seven days, includes two attempts, and is fully aligned with the Academy content. Stay calm, review your notes, and use SysReptor.