Blue Team Level 1 Review  

Time to read: 2 min | 25 January, 2022 | Saksham Anand

Blue Team Level 1 is a certification offered by Security Blue Team. The certification is aimed at entry to junior level roles and consists of six primary domains. At the time of writing the cost for the certification was roughly NZ$800, which included access to training material for 4 months and 100 hours of access to a lab environment.

The training went over Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Security Information and Event Management, and Incident Response. So, definitely a lot of useful content is being covered. I enjoyed the Phishing Analysis and Incident Response modules, they introduced some new tools and methodologies that I was previously unaware of (even after two years of SOC experience), so there is definitely knowledge to be gained for all experience levels.

Some things that could be worked on are the lab environments and the 30 days wait time for the exam results. At the time I did my training, some of the labs were unavailable and the instructions were not that clear on how to access the unavailable content. Additionally, the 30 days wait time for the exam results leaves the user in limbo, as I wasn't sure if I should start studying for another certification or continue studying BTL1 content (in case I didn't receive enough marks). Saying that, I have been told that these issues will be addressed with the new platform releasing sometime in 2022.

The exam was 24 hours long, with 12 hours of lab time and additional 12 hours to finish the report. The exam template can be accessed at any time during the training and I strongly recommend going over the template thoroughly, before starting the exam (so that you have a plan of attack in place). I was able to complete the exam and the report within 10 hours, so the time provided is pretty generous. Due to the NDA, I can't provide more information about the exam, but a key takeaway is: don't underestimate it, especially if you are new to the field.

After 27 days, I received an email from Security Blue Team informing me that I have passed with Gold (90%+). Even though I passed with Gold, the results email also contained exam feedback on what went well and what could be done better (which clearly shows that the SBT team is invested in improving and developing their students).