Standing ovation for the team over at Security Blue Team to deliver such an amazing course that if you were to take only this exam alone before starting your first day on the job as a Junior Security Analyst you will be in good standing.
Background
I just would like to mention my background before I begin, just in case anyone is feeling hesitant or unsure if they're ready for the course yet so that you can compare your skill level to mine. I only have CompTIA Security+ and CySA+ and I still believe even if you only have Sec+ you will be fine taking this course if you've been studying cybersecurity for at least a year or two. If you have the new Google Cybersecurity Certificate and Sec+ I believe you will be in a bit better shape as well. Also, I want to point out that if you have any questions after reading this then you can reach out to me on LinkedIn at https://www.linkedin.com/in/cyberstudentbren/. Of course, I can not go over specifics or answer just any question out of respect for Security Blue Team (SBT) as I know they put a lot of thought and hard work into creating their content.
What/Who is Security Blue Team?
Security Blue Team is a company dedicated to providing high-quality practical training. They teach and test students on defensive cyber topics with the goal of improving their capabilities as defenders. They offer three practical certifications that are focused on teaching security operations topics and forging technically competent security professionals that are able to protect networks and systems from cyber threats. For this post, I will be going over their Level 1 certification. To learn more about them visit https://www.securityblue.team/.
Why I decided to take this exam
I have already completed some of the beginner/intermediate level certifications like Sec+ and CySA+ so I was looking for what was next. This exam was receiving some buzz around the blue-team cyber community, even enough to catch some eyes on the red-team side. Also, tying in with the fact that it is one of the more affordable blue-team courses out there, I felt there was good value in obtaining this certification. Don't get me wrong although they were challenging (Sec+ & CySA+), I felt as if I needed a challenge behind an actual mouse and keyboard to take the theoretical concepts I obtained studying for them and apply those to a real-life practical exam. That is what Security Blue Team Level 1 (SBTL1) was offering to us junior blue-team cyber enthusiasts. I figured I'd put my skills up to the challenge, and a challenge was indeed what I got.
What does this exam cover?
Very briefly I will go over what this exam covers. By taking this exam you will develop skills in Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Digital Forensics, Security Information and Event Management, and you will end the exam by taking a 24-hour incident response scenario. Earners of the Blue Team Level 1 Certification will have showcased their practical ability to defend networks and systems from cyber threats through technical and hands-on defensive cybersecurity training. They have knowledge and ability across 5 security operations domains which include Phishing Analysis, Digital Forensics, Threat Intelligence, SIEM, and Incident Response. In my personal opinion, I would focus on prioritizing these tools for the exam: Splunk, WireShark, Autopsy, and PowerShell.
Exam day tips
Before taking this exam SBT and I highly recommend completing all the lessons and taking all the labs. Sometimes you can reset the lab and take it more than once if you'd like to play it safe because that's what I sure did, but to each their own some labs you will find easier than others and some harder. I would also recommend drinking water, taking it in a quiet space, and eating a meal before the exam just to have a fresh start and a clear mind. If you fail your first attempt it's ok not to worry since you are granted 2 exam attempts. They will give you a cooldown period of 10 days before the second attempt just to give yourself a rest period and not experience burnout. So I would keep that in mind to not wait until the last day you have the course access to take the first exam because if you fail and you run out of your exam access you will have to find other ways to study or pay an additional 30 or 60 day fee to access the material (lessons+labs). But the good news is if you pass they tell you right away haha. If you pass you get a digital bade, digital certificate, a physical certificate, stickers, and silver coin if requested. And if you pass with a 90 or above on your first attempt you get a shiny gold coin.
Conclusion
In retrospect, like any other exam you pass, it wasn't as bad as it seemed. Please, take your time to learn these concepts as I can guarantee that you will be seeing these almost daily as a Junior SOC Analyst (if that's what you want to do of course). Don't feel pressured to finish this as soon as possible, rather take everything in, and make sure what you're learning is sticking. You can even practice on other learning platforms to get a sense of where you're at before taking the test. Make sure you're fine mentally as that's what they emphasize throughout the course (mental health) and I love that they acknowledge it and I couldn't agree more. The worst-case scenario even if you don't pass you learn so much from this material. Shoot for the stars my friends, I believe in you!