The “Blue Team Level 1 Certification” course, with course code BTL1-01, focuses on defensive cybersecurity practices and aims to enhance students’ practical abilities in security operations. The course is designed and copyrighted by Security Blue Team.
Course Structure:
- Security Fundamentals (BTL1)
- Covers soft skills, networking basics, security controls, and management principles.
- Phishing Analysis (PA)
- Addresses the importance of phishing, different types of phishing attacks, tactics, and techniques used by malicious actors.
- Teaches how to analyze emails, retrieve important artifacts, assess risk, and recommend defensive measures.
- Includes lessons on email analysis, collecting artifacts, analyzing them, and report writing.
- Threat Intelligence (TI)
- Provides insights into threat actors, APTs (Advanced Persistent Threats), and operational, tactical, and strategic threat intelligence.
- Discusses malware and global campaigns such as Emotet and Magecart.
- Digital Forensics (DF)
- Focuses on digital forensics fundamentals, evidence collection, and analysis.
- Teaches students about digital artifacts, forensics tools like Autopsy and Volatility, and how to handle digital evidence.
- Security Information and Event Management (SIEM) (SI)
- Introduces SIEM and covers topics related to logging, aggregation, correlation, and analysis.
- Hands-on activities with Splunk for log analysis and scenario exercises.
- Incident Response (IR)
- Explains incident response concepts, preparation, prevention, detection, analysis, containment, eradication, recovery, and lessons learned.
The course emphasizes the practical application of these skills. To ensure the protection of intellectual property, students are required to adhere to course terms and conditions, which prohibit sharing training materials and may result in legal action for copyright infringement.
The course is instructed by Joshua Beaman and aims to strengthen students’ defensive cybersecurity capabilities.
Difficulty: 1 out of 5.
The Blue Team Level 1 course is intended to be the bare minimum for what you should know as a security analyst. At the end of the training and exam, you should have a good understanding how to read email headers, how to inspect packet captures, and how to use a SIEM. You'll learn a few more things along the way, but if you can do these things well enough, you'll be good to go.
Pros
- Very beginner friendly
- The exam is fully practical
- Price is reasonable
- Able to supplement your training with their other training site, Blue Team Labs Online for free* (*: mostly, there are some rooms/labs locked behind a pay wall, but they're not required)
- Can finish this course and the exam in a short period of time (it took me 6 days total with a full time job)
Cons
- The training material is a bit dated. The most up-to-date information appears to be from 2021. This is not uniform across the different topics, some of them feel even older.
- Some of the topics are not required in order to complete the exam
- Unlikely that this course/certification is going to get you hired; not well recognized across the industry
Difficulty: 3 out of 5.
I cannot recommend this course/exam more. I wish they had not removed the reporting requirement, but the skills learned in this (entry-level) will set you on the right track. However, BTL2 should not be in your track afterward (check out CCD instead).
Cons-wise, the course is obviously written by several individuals. Why does it matter? Well, the level of English varies. This may have been fixed since I took it back in 2022.