I Passed the Security Blue Team Level 1 Exam

Ben Truong
29 Apr 202409:30

Summary

TLDRIn this video, the creator shares their experience with the Security Blue Team Level One certification, which prepares individuals for roles as Security Operation Center analysts. The course covers six domains including security fundamentals, phishing analysis, threat intelligence, digital forensics, SIEM operations, and incident response. It offers a blend of reading materials, video tutorials, and hands-on lab environments, fostering a practical learning experience. The creator emphasizes the value of the certification for beginners in cybersecurity, highlighting the comprehensive content and the enjoyable, hands-on lab and exam components. The certification costs $493, and the creator recommends it for those looking to enter the cybersecurity field, especially for gaining familiarity with tools like Splunk and Autopsy.

Takeaways

  • πŸ“š The speaker recently passed the Security Blue Team Level One certification and shares an honest review of the course.
  • πŸ›‘οΈ The certification aims to teach skills necessary for becoming a Security Operation Center analyst, covering investigation techniques and tools.
  • πŸ“ˆ The course is divided into six domains: security fundamentals, phishing analysis, threat intelligence, digital forensics, SIEM (Security Information and Event Management), and incident response.
  • πŸ“ The course content includes reading materials, videos, and lab environments for testing knowledge, with a focus on hands-on learning.
  • πŸ’» Lab environments are accessible directly within the browser, allowing for easy and interactive learning experiences.
  • πŸ‘ The speaker appreciates the balance between theoretical learning and practical application provided by the course.
  • πŸ› οΈ Key tools taught in the certification include Splunk for SIEM, Autopsy for digital forensics, PowerShell and terminal commands, and Wireshark for packet analysis.
  • πŸ“ The exam is a 24-hour open-book test, designed to simulate real-world scenarios and requiring the use of various resources and tools.
  • πŸ’‘ The speaker recommends brushing up on tools and concepts before taking the exam, as suggested by the course's last modules.
  • πŸ’° The cost of the course is Β£399 or approximately $493 USD, which the speaker suggests can be covered by an employer.
  • πŸŽ“ The speaker highly recommends the certification for those looking to enter cybersecurity on the Blue Team side, praising its comprehensive and hands-on approach.

Q & A

  • What is the Security Blue Team Level One certification about?

    -The Security Blue Team Level One certification is designed to teach everything one would need to know to train as a Security Operation Center analyst, including investigation skills and the use of various tools.

  • How many domains does the certification consist of?

    -The certification is comprised of six different domains covering security fundamentals, phishing analysis, threat intelligence, digital forensics, SIEM (Security Information and Event Management), and incident response.

  • What type of content can be expected in the course?

    -The course content includes reading materials, video tutorials, and lab environments for testing knowledge. It is designed to provide a balance between theoretical understanding and hands-on experience.

  • How are the lab environments presented in the course?

    -The lab environments are accessible directly inside the browser or website, allowing students to easily start a lab, conduct analysis, and answer questions within the lab interface.

  • What is the duration of the course content based on the speaker's experience?

    -The speaker took approximately one to two hours per day for about a month to a month and a half to complete the course content.

  • Which tools are covered in the certification and why are they important?

    -The certification covers tools like Splunk, Autopsy, PowerShell, and Wireshark. These tools are important as they are commonly used by Security Operation Center analysts for tasks such as querying logs, digital forensics, command execution, and packet analysis.

  • What is the format of the certification exam?

    -The exam is a 24-hour open-book and open-note format, where the candidate must answer 20 open-ended questions, simulating a real-world SOC investigation.

  • How long did it take the speaker to complete the exam?

    -The speaker took 10 hours and 20 minutes to complete the exam, with multiple breaks included.

  • What advice does the speaker give for preparing for the exam?

    -The speaker advises to brush up on the tools used in the course, review the labs, and take the time to understand the questions and type in the answers correctly without rushing.

  • What is the cost of the course?

    -The course costs 399 British pounds, which is equivalent to approximately $493 US Dollars.

  • Who would the speaker recommend this certification for?

    -The speaker recommends this certification for anyone looking to break into cybersecurity on the Blue Team side, especially those with no background in cybersecurity, as it provides comprehensive and hands-on learning.

Outlines

00:00

πŸ›‘οΈ Overview and Honest Review of Security Blue Team Level One Certification

In this section, the speaker introduces the Security Blue Team Level One Certification and provides an overview of the video content. They emphasize that the review is unsponsored and honest. The certification is aimed at those training to become Security Operation Center analysts, covering various domains and skills needed for the role.

05:00

πŸ“š Detailed Breakdown of Certification Domains

This part outlines the six domains covered by the certification: security fundamentals, phishing analysis, threat intelligence, digital forensics, Security Information and Event Management (SIEM), and incident response. Each domain is briefly explained, highlighting the skills and knowledge they impart.

πŸ’» Course Content and Structure

The speaker describes the course content, which includes reading materials, videos, and lab environments. They praise the hands-on labs that simulate real-world scenarios, making it easier for learners to grasp concepts and apply their knowledge. The content is designed to be accessible and comprehensible for entry-level cybersecurity analysts.

πŸ› οΈ Tools and Hands-On Skills

A list of tools and skills gained through the certification is provided, including Splunk, Autopsy, PowerShell, and Wireshark. These tools are essential for performing tasks such as querying logs, conducting digital forensics, and analyzing network packets, which are critical skills for a Security Operation Center analyst.

πŸ“‹ Exam Structure and Preparation Tips

The speaker explains the 24-hour open-book exam format, emphasizing the importance of being thorough and methodical. They share personal tips on preparing for the exam, such as reviewing course materials, brushing up on tools, and taking quality notes. The exam simulates real-world SOC investigations with open-ended questions.

πŸ’· Course Cost and Recommendation

The certification cost is discussed, with the price being Β£399 (approximately $493 USD). Despite the higher cost, the speaker recommends the certification for those interested in breaking into the cybersecurity field, particularly on the Blue Team side. They highlight the comprehensive, hands-on nature of the labs and exams as key benefits.

πŸ”— Final Thoughts and Call to Action

In the closing segment, the speaker summarizes their positive experience with the certification, recommending it for beginners in cybersecurity. They encourage viewers to check out the certification, like the video, subscribe to the channel, and follow them on social media for more cybersecurity content.

Mindmap

Keywords

πŸ’‘Security Blue Team

The 'Security Blue Team' refers to a group of cybersecurity professionals who specialize in defending an organization's information systems against potential threats. In the context of the video, the speaker has recently passed the level one certification for the Security Blue Team, which is a training program designed to prepare individuals for roles in cybersecurity defense. The certification covers a range of skills and tools necessary for a career in cybersecurity, making it a central theme of the video.

πŸ’‘Certification

Certification in this video represents a formal recognition of the completion of a training program and the acquisition of specific skills. The speaker discusses the 'Security Blue Team, level one certification' as a comprehensive course that teaches essential cybersecurity skills. It is a key component of the video, as it is the subject of the review and the basis for the speaker's recommendations.

πŸ’‘Security Operation Center (SOC) Analyst

A 'Security Operation Center Analyst' is a professional who works within a SOC, monitoring and analyzing an organization's security posture to detect, respond to, and prevent cybersecurity incidents. The video's theme revolves around a certification that prepares individuals for such a role, emphasizing the importance of the skills taught in the course for aspiring SOC analysts.

πŸ’‘Investigation Skills

Investigation skills are critical in cybersecurity and involve the ability to examine and analyze security incidents to determine their nature and impact. The video mentions that the certification teaches various investigation skills, which are essential for identifying and responding to suspicious activities, such as phishing emails and other threats.

πŸ’‘Phishing Analysis

Phishing analysis is the process of examining emails and other communication methods to identify and prevent phishing attacks, which are attempts to deceive users into revealing sensitive information. The video script mentions 'fishing analysis' as one of the domains covered in the certification, highlighting its importance in understanding and combating this common cybersecurity threat.

πŸ’‘Threat Intelligence

Threat intelligence involves gathering, analyzing, and disseminating information about potential security threats. In the video, the certification covers 'threat intelligence' as a domain, teaching participants how threat intelligence teams operate and gather data, which is crucial for staying ahead of cyber adversaries.

πŸ’‘Digital Forensics

Digital forensics is the process of collecting, analyzing, and preserving digital evidence in support of legal proceedings or internal investigations. The video describes the certification's coverage of 'digital forensics' as one of the most interesting domains for the speaker, indicating its significance in the field of cybersecurity.

πŸ’‘SIEM (Security Information and Event Management)

SIEM refers to a framework that aggregates data from various sources within an organization to provide real-time analysis of security alerts and events. The video mentions 'how Sims work' and 'how to query a Sim,' which relates to the use of SIEM tools like Splunk, a key component of the certification and essential for conducting security investigations.

πŸ’‘Incident Response

Incident response is the process of addressing and managing the aftermath of a security breach or cyberattack. The video script discusses 'incident response' as a domain within the certification, teaching participants how to operate and conduct themselves in the event of a security incident, which is a critical skill for cybersecurity professionals.

πŸ’‘Lab Environments

Lab environments are controlled settings where learners can practice and apply the skills they have learned. The video emphasizes the use of 'lab environments' within the certification, allowing participants to conduct analysis and answer questions in a simulated yet practical setting, which is a key aspect of the hands-on learning experience.

πŸ’‘Exam

In the context of the video, the 'exam' refers to the final assessment that participants must complete to obtain the certification. The speaker describes the exam as a 24-hour open-book test, which is designed to simulate real-world scenarios that a security professional might encounter, thus testing their practical application of the skills learned during the course.

Highlights

Passed the Security Blue Team, Level One certification.

Provides an honest review of the course without sponsorship.

Certification prepares you for a role as a Security Operation Center analyst.

Includes six different domains covering various security skills.

Domains include security fundamentals, phishing analysis, threat intelligence, digital forensics, SIEM, and incident response.

Course content is a mix of reading, video, and lab environments.

Lab environments are accessible directly within the browser for hands-on learning.

Reading material is bite-sized and avoids jargon for an entry-level audience.

Course duration is flexible, taking about a month and a half at one to two hours per day.

Tools covered include Splunk, Autopsy, PowerShell, Terminal, and Wireshark.

Exam is a 24-hour open-book test with 20 open-ended questions.

Exam simulates real-world scenarios for a security operations center analyst.

Course cost is Β£399 or $493 USD.

Highly recommends the certification for those looking to break into cybersecurity on the Blue Team side.

Course provides comprehensive and digestible content with hands-on experience.

Labs and exams are the most valuable and enjoyable parts of the certification.

Transcripts

play00:00

so I just passed the security Blue Team

play00:01

level one certification a few days ago

play00:03

and in today's video I want to give you

play00:04

guys a complete comprehensive breakdown

play00:07

of my honest opinion on the course

play00:08

itself what to expect what you guys will

play00:11

learn whether or not i' recommend you

play00:13

guys take it as well so I just wanted to

play00:14

say before we go ahead and get into the

play00:16

video security blue team did not sponsor

play00:18

me for this video they didn't pay me a

play00:20

penny uh to say the things that I'm

play00:22

about to say in this video it's going to

play00:24

be a completely honest review for my

play00:26

experience so let's go ahead and start

play00:28

this video by talking about exactly uh

play00:30

what the security Blue Team level one

play00:32

certification is and what you guys can

play00:34

expect so this certification is going to

play00:35

teach you everything you would need to

play00:37

know as if you were training to become a

play00:39

security Operation Center analyst within

play00:42

aak um so this includes different

play00:44

investigation skills and using different

play00:47

tools that I'll elaborate a little bit

play00:48

more in the video later on so the

play00:51

certificate itself is comprised of six

play00:52

different domains and we'll go over them

play00:55

right now so the first domain is going

play00:57

to be the security fundamentals and

play00:59

that's just going to teach you the

play01:00

basics of cyber security domain number

play01:02

two is fishing analysis this is going to

play01:04

go over exactly how to identify a

play01:07

suspicious fishing email domain number

play01:09

three is threat intelligence

play01:11

understanding exactly how threat

play01:13

intelligence Works how a threat

play01:14

intelligence team operates and gets

play01:16

their intelligence domain number four is

play01:18

digital forensics this one was honestly

play01:21

the most interesting domain to me uh

play01:23

just because I had the least amount of

play01:25

knowledge on it um but this goes into

play01:27

using different tools how these fic

play01:29

teams operate op Ates when it comes to

play01:30

an investigation domain number five is

play01:33

the uh Sim this is going to teach you

play01:34

how to query a Sim how Sims work how Al

play01:38

learning works and how to conduct an

play01:40

investigation within a Sim domain number

play01:42

six is incident response this is going

play01:44

to teach you exactly how an incident

play01:46

Response Team operates how it will

play01:48

conduct itself once a incident actually

play01:51

occurs within an organization's

play01:53

environment so let's go ahead and talk

play01:54

about the actual course content so these

play01:57

six different domains are broken down

play01:58

into different sections and these

play02:00

sections contain mostly reading you'll

play02:03

have some video sprinkled throughout and

play02:05

then lastly once you go to the end of

play02:07

these different sections you'll be

play02:08

tested on your knowledge through

play02:10

different lab environments one of the

play02:12

biggest things that I really enjoyed

play02:13

about this certification is that these

play02:14

lab environments are found directly

play02:16

inside of the browser or the website

play02:19

itself it's really easy to access you

play02:21

just hit start machine and your lab will

play02:23

just spin up and you can go ahead and

play02:25

conduct your analysis and they'll have

play02:27

the questions on the side as well so you

play02:28

can just answer them within lab if

play02:30

you've ever taken a try hacky room

play02:32

before it's very similar in the way that

play02:34

it works you just put in your answer and

play02:36

submit it and it'll tell you if you're

play02:38

right or wrong it's a great way in my

play02:39

opinion to test your knowledge I really

play02:41

enjoy this type of course where they

play02:43

give you some reading and some video

play02:45

material and at the end it test your

play02:47

knowledge that just fits my way of

play02:49

learning the most I'm really a Hands-On

play02:51

learner so the reading material itself

play02:52

is broken down into like paragraph forms

play02:55

it's really sort of bite-sized they

play02:57

don't use any jargon that you know an

play02:59

entry level cyber security analysts

play03:00

wouldn't know about so this

play03:02

certification does a great job at giving

play03:03

you that sort of nice balance of sort of

play03:06

sitting back and just understanding

play03:08

information reading and watching video

play03:11

tutorials but they also have that

play03:13

balance of that hands-on experience with

play03:16

the labs as well so I really enjoyed

play03:18

that balance with the course material

play03:20

and it really made it easy for me and

play03:22

enjoyable for me to continue going

play03:23

throughout the entire certification I

play03:25

think going through the material itself

play03:27

I did probably around an hour or two per

play03:29

day for want to say about a month to a

play03:30

month and a half um so it didn't take me

play03:33

too long as well I wasn't in any rush to

play03:35

kind of complete it so I really enjoyed

play03:37

that flexibility and the content aspect

play03:39

of the certification so now let's go

play03:40

ahead and talk about what you'll

play03:41

actually learn so like kind of the

play03:43

Hands-On skills so in my opinion the

play03:45

most valuable part of the certification

play03:47

itself is going to be the tools and the

play03:50

Hands-On skills that you'll get from

play03:52

taking this certification in these

play03:54

different labs and the actual exam

play03:55

itself so I'm going to name off a few of

play03:57

the main tools that you'll learn how to

play03:58

use when taking this certification it's

play04:01

not limited to these tools there's a

play04:03

bunch of more uh tools that you'll learn

play04:05

throughout the entire certification so

play04:07

the first one is going to be Splunk

play04:09

which is the main Sim that they use in

play04:11

the lab and the exam environment so this

play04:13

is going to be teaching you how to query

play04:16

uh within Splunk and finding different

play04:18

logs in order to further your

play04:20

investigation and that's going to be the

play04:22

most important skill I feel like when it

play04:24

comes to being a security Operation

play04:25

Center analyst and conducting an

play04:28

investigation number two is is going to

play04:30

be using autopsy which is like a digital

play04:32

forensics uh tool that you'll use in

play04:35

order to navigate through a dis image

play04:37

and navigate through the file directory

play04:40

and trying to find different artifacts

play04:41

in order to further your investigation

play04:43

as well number three is learning how to

play04:45

use Powershell and terminal they're

play04:47

going to teach you the basics like

play04:49

different commands that you can use in

play04:50

order to find different artifacts as

play04:52

well in order to continue your

play04:54

investigation and number four is wire

play04:56

shark which is pretty much a packet

play04:57

analyzer that you can use to

play05:00

understand different connections uh

play05:02

different timelines and really help

play05:03

build out your investigation as well so

play05:05

let's move on to the actual exam itself

play05:07

so you're able to actually take the exam

play05:10

whenever you want to you don't have to

play05:11

finish all the course content in order

play05:14

to take the exam um but I personally

play05:16

completed all the course content before

play05:18

I went ahead and felt comfortable taking

play05:20

the exam just because first of all I

play05:23

wasn't in a rush to complete the

play05:24

certification and also I was actually

play05:27

interested and wanted to learn about all

play05:29

the different modules within the course

play05:31

content I finished the course content

play05:32

like I said before in about a month to a

play05:34

month and a half and after that I went

play05:36

ahead and took about a day or two to

play05:38

brush up on the different labs and the

play05:39

different tooling just to get a

play05:41

refresher and from there I went ahead

play05:42

and began the exam so this was actually

play05:44

my first 24-hour exam you have a 24-hour

play05:48

window to submit your exam you must

play05:50

submit it before the 24-hour period is

play05:52

over so it took me about 10 hours and 20

play05:54

minutes to complete the entire exam I

play05:56

had multiple breaks throughout I had

play05:58

lunch uh during during my exam as well

play06:01

uh it's open book you can use your notes

play06:03

that you've taken throughout the entire

play06:04

course so make sure you take some

play06:06

quality notes you can use Google um if

play06:09

you want to search something up if you

play06:10

forgot something or how to use something

play06:13

um so there's no pressure on that end I

play06:14

think the main reason why they wanted to

play06:16

make it an open book open note exam is

play06:19

because in a real world scenario if

play06:21

you're a security operations center

play06:22

analyst you're going to be able to use

play06:25

different resources like Google maybe

play06:27

some of your co-workers and ask them

play06:29

questions so they want to sort of

play06:30

simulate the exact same situation as if

play06:33

you were in a real world environment so

play06:35

the actual exam itself is similar to a

play06:38

real world uh sock investigation there's

play06:41

no multiple choice questions it's going

play06:43

to be all sort of open-ended questions

play06:46

um similar to a tryck me room if you had

play06:49

those before but it's going to be very

play06:50

similar to the labs that you'll do

play06:52

throughout the entire course so you need

play06:54

to answer 20 Questions within 24 hours

play06:57

so you have a lot of time when it comes

play06:58

to conducting

play07:00

this investigation for the exam there's

play07:02

no rush make sure you guys take your

play07:04

time really understand what the question

play07:06

is asking make sure you type in your

play07:08

answers correctly as well and just make

play07:10

sure to review your questions once you

play07:12

get your answer make sure you're right

play07:14

don't overthink things those are pretty

play07:16

much going to be my tips when taking the

play07:18

exam one of the biggest tips that I can

play07:20

give you is before you take the actual

play07:21

exam is to brush up on the tools that

play07:23

you use one of the things that I really

play07:25

enjoyed about the actual course content

play07:27

is that one of the last modules they

play07:29

actually explain to you what you should

play07:30

brush up on prior to beginning the exam

play07:33

they actually tell you what to study and

play07:34

what to brush up on like the different

play07:36

tooling the different concepts that you

play07:38

should brush up on prior to starting the

play07:40

exam which I found really helpful so one

play07:42

of the biggest tips I can give you is

play07:44

make sure you guys take your time and

play07:46

don't rush into the exam make sure you

play07:48

understand everything and make sure

play07:49

you're familiar with the different tools

play07:51

that they actually tell you to get ready

play07:52

for so the course itself cost 399

play07:55

British pounds and in US Dollars that's

play07:57

$493

play07:59

it's a little bit more pricey on the

play08:01

pricey side of things but um you can

play08:02

definitely get your employer to do that

play08:04

so to sum this video all up what I

play08:06

recommend you take this certification

play08:08

and my simple answer to that is going to

play08:10

be yes if you're someone who is looking

play08:12

to break into cyber security on The Blue

play08:14

Team side of things this certification

play08:16

is going to be a great place to start

play08:18

you're going to get hands-on experience

play08:20

when it comes to the tools that Security

play08:21

operation Center analysts actually use

play08:24

like Splunk autopsy and even a lot more

play08:27

tools than that the content itself was

play08:29

was really comprehensive and digestible

play08:31

it was easy to follow along there was at

play08:33

no point where I was completely confused

play08:36

so if you're someone who has no

play08:37

background in cyber security I would

play08:39

highly highly recommend this course I

play08:41

can't say it enough and in my opinion I

play08:42

think the most value that you get from

play08:44

this certification is going to be

play08:46

through the lab and through the exam the

play08:48

most hands-on experience um the labs and

play08:50

the exams were the most fun parts of

play08:52

this uh certification and even at times

play08:54

during the exam itself I found myself

play08:57

having fun and really enjoying it if you

play08:58

guys want to go ahead and check out this

play08:59

certification I'll leave a link in the

play09:01

description below highly recommend this

play09:03

course I really enjoy taking it uh but

play09:05

thank you guys so much for watching I

play09:06

hope this video provide you with some

play09:08

kind of value and insight if you're

play09:10

considering taking this course make sure

play09:12

to like the video and subscribe to my

play09:13

channel if you're new for more cyber

play09:15

security related content and make sure

play09:17

to follow me on Instagram and Tik Tok at

play09:20

cyberith Ben for more short form and

play09:22

lifestyle content with that being said

play09:25

guys thank you so much for watching and

play09:27

I'll catch you guys in the next video

play09:29

peace peace

Browse More Related Video

I Passed the CompTIA Security+ Certification in 9 Days

What You Should Learn Before "Cybersecurity" - 2023

AZ-104 Exam EP 01: AZ104 Course Introduction

FREE Cyber Security Training for Beginners (HIGH Demand Skills)

IT:16 Cybersecurity Training Platforms

GRC Certification Roadmap v1.0: Recommended Training and Certs #cybersecurity #grc

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
CybersecurityBlue TeamCertificationCourse ReviewSecurity AnalystHands-OnInvestigation SkillsThreat IntelligenceDigital ForensicsIncident Response