Good evening or night is it? Currently around 10 PM EST. Regardless, like the title says I took https://www.securityblue.team/'s Level 1 certification and wanted to go over my personal story leading up to the exam, not the exam itself. I will go over the exam in another log.
What an experience this certification was. If I had to pick two words to describe this process I would use "eye-opening". I'll explain why, see the past two years of my cyber security study tenure I found myself caught up in learning the basics of the topic, and there is nothing wrong with doing so, the issue was how/what I was studying. Now, how/what I was studying wasn't wrong either. See what I was studying is what people in the cyber community label "theoretical" knowledge. Theoretical refers to being concerned with or involving the theory of a subject or area of study rather than its practical application (from Oxford Languages) and in cyber security practicality is what's important.
So here I am, knowing the theory but haven't had much time behind the keyboard and mouse to put it to use. Me, being as arrogant as I am figured that this would be a breeze of a certification. Little did I know it would take me multiple attempts to pass this bad boy. For someone who has an advanced level certification is CySA+ how does an "entry-level" certification take you months of preparation and multiple attempts? I'll tell you why, one word: practicality. See, to reiterate this is what's important in the cyber security world. I got behind that mouse & keyboard and boy was I in for a treat. The first attempt, caught me by surprise. The labs I thought were so simple in the coursework weren't clicking for me, everything I learned I was unsure about. Could this have been the way I studied? Am I the only one caught by surprise? Is it really like this in a SOC (Security Operations Center) environment? All questions crossed my mind.
Ok, I see what kind of exam this is going to be. This isn't your typical run-of-the-mill books, pen, and pad test. This is surely the real deal. Preparing you for handling/ monitoring/ responding to incidents in real-time, analyzing the packets that are coming into the network in real-time, grabbing those file hashes, using your host to visit different sorts of websites to verify them (hashes, files, URLs, & more), strenuating your eyes analyzing all of those emails trying to find out which one is malicious. In short, after the first attempt, I knew I wasn't prepared there was more work to be done.
Alright, I've studied for about a month since my last attempt, I know what I have to do, let's go for attempt 2. Attempt 2 comes, long story short no good. I have run out of both attempts (they only give 2 exam attempts) and there is no third attempt, I'm screwed all these months of preparation for nothing? No, I won't accept that, I worked too hard for this. Being as persistent as I am, pulling their employee's teeth for 2/3 months, and an extra purchase fee I did what was necessary for my third and final attempt but I knew that was all I needed, and I would do whatever it would take to pass it.
Attempt 3, what can I do to pass this damn exam? Ok, this is what I did. I've scoured the internet for different sources of information and/or knowledge I can apply to this exam to possibly make it an easier experience to pass. I've used different learning platforms like TryHackMe.com, HackTheBox.com, and more. I've skimming through social media posts/forums on Reddit, Twitter, Discord, and more to gain an edge on how I can apply these tips or tricks to enhance the use of my ability across 5 security operations domains which include Phishing Analysis, Digital Forensics, Threat Intelligence, SIEM, and Incident Response. I'm ready. August 14th, 2023, today is the day I tell myself, now or never. I started that gruesome 24-hour incident response scenario up, did what I had to do, and here I am writing this with some certificate I found.
