Skip to main content

A look at Splunk's Certified Cybersecurity Defense Analyst

· 3 min read

Earlier this year Splunk launched a new Cybersecurity Defense Analyst certification, with more emphasis on Cybersecurity content, not only Splunk knowledge. This month the certification is out of the beta, and results are public. Most of the study material is freely available and the exam is inexpensive, making this potentially an attractive certification to have.

For more information on CDA, have a look at the Splunk page: https://www.splunk.com/en_us/training/certification-track/splunk-certified-cybersecurity-defense-analyst.html

Intended Audience

While Splunk lists the exam level as "intermediate", this is clearly not the case - there are no pre-requisites, and it's only 75 minutes, 66 questions.

The study material introduces cyber security concepts - centred around SOC and Splunk's take on it, and there are some modules from Splunk User/Power User track.

It appears to be targeted at junior to experienced SOC staff that already have Splunk set up for their use, and ideally have Enterprise Security as well.

If that fits your use case, this may be a good learning opportunity.

The course materials

The course materials are a combination of traditional Splunk learning modules (videos+quizzes), and newer cybersecurity learning modules (text and audio, with quizzes).

I found the new cybersecurity materials to be quite engaging, conversely, the older videos on search just felt much harder to retain information from.

While most learning modules are free, there are also some modules that cost money, such as Splunk Enterprise Security. In this case, monetary cost is very substantial, as these are only available as instructor-led courses, priced at 1500 USD.

The exam

As mentioned, the exam is 75 minutes, 66 questions.

That's more questions that a typical Microsoft Associate-level exam, and in half the time.

Logically, the questions would need to be answered twice as fast.

This limits the complexity somewhat, but forces the candidate to decide quickly, as they get barely over a minute per question.

Summary

The Splunk Certified Cybersecurity Defense Analyst is an interesting certification to SOC analysts that already use Splunk in the workplace, and the training can potentially fill some knowledge gaps.

It isn't for everyone - the training materials are not all free, so it makes far more sense to take it if you can already get free Splunk training. The instructor-led "Using Splunk Enterprise Security" is too expensive to justify self-funding.

The new cybersecurity learning modules are good quality, and I hope Splunk updates their traditional search-related learning modules in a similar style, and make relevant modules free of charge.