Skip to content
8140 Compliance
CertificationsWork rolesMapperTimelineFor teams
CybersecurityDCWF 511

Cyber Defense Analyst

Uses defensive measures and information from many sources to identify, analyze, and report events that occur or might occur within the network to protect information, systems, and networks from threats.

Also seen as: SOC Analyst, CSSP Analyst, IAT II analyst role

Baseline certifications for this role

These certifications are accepted foundational options for the Cyber Defense Analyst work role in our seed mapping. Open a cert for full detail, or jump straight to exam-ready practice.

Proficiency levels — what changes

At Basic, you demonstrate knowledge of detection and analysis tasks; at Intermediate you contribute to them with growing independence; at Advanced you develop and approve detection methods and analytic tradecraft.

Basic

Demonstrates foundational knowledge of the work role's tasks. Entry-level qualification options apply.

Intermediate

Contributes to and applies the work role's tasks with growing independence.

Advanced

Develops, reviews, and approves the work role's tasks. A cascading rule applies: an option that qualifies at a higher proficiency level also qualifies at the lower levels.

Cyber Defense Analyst & DoD 8140 — FAQ

Which certification satisfies an 8140 Cyber Defense Analyst role?
CompTIA CySA+ (CS0-003) is the most commonly cited foundational option for the Cyber Defense Analyst work role, with Security+ (SY0-701), EC-Council CEH, and GIAC GCIH also appearing for many positions. The exact accepted options depend on the assigned proficiency level — confirm yours in the DoD 8140 Qualification Matrix.
Is the Cyber Defense Analyst the same as the old CSSP Analyst?
It is the DCWF successor to that line of work. Under 8570 this work fell under the CSSP/CND-SP Analyst specialty; under 8140 it is the Cyber Defense Analyst (DCWF 511) work role, qualified by proficiency level rather than by a single baseline certification.