Certified Cybersecurity Operations Analyst (CCOA) Training in United States of America

ISACA’s Certified Cybersecurity Operations Analyst (CCOA™) certification equips learners with the technical skills to evaluate threats, identify vulnerabilities, and design countermeasures to protect digital ecosystems. As emerging technologies such as AI-enabled automation continue to evolve, the demand for skilled cyber analysts is critical to safeguarding organisations.

This practical hands-on training develops the analytical and investigative expertise required to detect, respond to, and mitigate cybersecurity incidents. Learners will explore technology essentials, adversarial tactics and procedures, incident detection and response, and asset security through practical scenarios and applied learning. By building the ability to identify patterns, anomalies, and indicators of compromise, participants will strengthen their role as a vital component of their organisation’s cybersecurity defence.

The CCOA certification is recommended for cybersecurity professionals with 2–3 years of practical experience who wish to expand their technical capabilities and respond more effectively to evolving cyber threats. A useful pre-requisite for this course is the OffSec SEC-100 Security Essentials.

Target audience

This course is designed for:

• Cybersecurity analysts and operations professionals
• SOC analysts and incident responders
• IT and network administrators seeking to build security expertise
• Professionals responsible for cybersecurity governance, compliance, and risk management
• Early to mid-career practitioners aiming to enhance technical and operational skills

Domain 1: Technology essentials

• Computer and cloud networking fundamentals
• Databases, virtualisation, and containerisation
• Command line interfaces
• APIs: purpose, benefits, and usage
• Principles of DevOps, SecDevOps, and CI/CD pipelines
• Fundamentals of programming and scripting

Domain 2: Cybersecurity principles

• Cybersecurity governance and alignment with business drivers
• Defining strategy based on enterprise objectives
• Cross-organisational communication for cybersecurity
• Roles and responsibilities for initiatives
• Metrics for evaluating programme performance
• Stakeholder engagement and investment planning
• Risk management processes and compliance requirements
• Documenting risk in enterprise operations

Domain 3: Adversarial tactics, techniques, and procedures (TTPs)

• Common adversarial tactics, techniques, and procedures
• Developing critical and creative thinking for threat detection
• Differentiating dashboard events vs attacker insights
• Baseline detections for anomalous behaviours
• Reactive and proactive threat detection capabilities
• Threat hunting and intelligence source utilisation
• Attack vectors, threat actors, and motivations
• Analysis of exploit techniques and attack stages
• Role of security testing in detection and resilience

Domain 4: Incident detection and response

• Incident preparedness and significance of early detection
• Components and techniques of detection (analytics, logs, alerts)
• Developing detection use cases and recognising indicators of compromise
• Tools and technologies for effective monitoring
• Fundamentals of incident response: containment and handling
• Forensic, malware, network traffic, and packet analysis techniques
• Threat analysis and structured response processes

Domain 5: Securing assets

• Designing countermeasures for digital asset protection
• Iterative and holistic approaches to system security
• Industry-specific asset protection needs and risk tolerance
• Influence of business goals and risk assessments on security controls
• Contingency planning and business continuity
• Control techniques for securing assets
• Identity and access management principles and practices
• Best practices, frameworks, and standards for asset security
• Vulnerability assessment, remediation, and risk mitigation

Exams and assessments

The CCOA certification exam voucher is included in this course, taken post course directly with ISACA, validates knowledge and applied skills across all domains. Successful learners receive the Certified Cybersecurity Operations Analyst (CCOA™) credential.

Hands-on learning

This course includes:

• Scenario-driven labs to apply incident detection and response techniques
• Practical exercises in network, forensic, and malware analysis
• Threat modelling and intelligence activities
• Applied learning focused on asset security and vulnerability management
• Guided practice using common security tools and monitoring platforms

Product Access Change

Important Update to ISACA Product Access Periods

Effective 16 April 2026, ISACA is changing product access times from 12-months to 6-months across Exams, QAE, Online Review Courses, non-sponsored Webinars, and Virtual Workshops.

Access periods will change from 12 months to 6 months, as outlined below.

How the New Access Windows Work

• 1. Assignment & Redemption Window: Products must be assigned and redeemed within 6 months of the purchase date.
• 2. Access & Completion Window: Once redeemed, learners will have 6 months of access to use the product. This includes - Accessing learning content, Scheduling exams, Sitting exams (where applicable).

What This Means for You as a Learner

• Review Manuals – Learners will continue to have longterm access
• QAE Databases & Online Review Courses – Available for 6 months after redemption
• Exams – Must be scheduled and completed within 6 months of redemption
• We recommend redeeming products promptly and planning your study and exam schedule early to make the most of your access period.