Background
I am a recent graduate from the University at Albany with a B.S in Cybersecurity. I acquired the respective certifications of A+, Network+, and Security+ by CompTIA before starting my journey with Blue Team Level 1.
In this article, I wanted to discuss with you, my personal experience with the certification, as well my experience with the 24-hour Incident Response exam.
What is BTL1?
The Blue Team Level 1 certification is an entry-level credential designed to validate an individual's foundational knowledge and skills in the field of cybersecurity, particularly focusing on defensive strategies and tactics.
This certification is tailored for individuals aiming to establish a strong foothold in the field by mastering the art of protecting systems and networks from cyber threats.
Participants learn essential skills including threat detection, incident response, security monitoring, and vulnerability assessment.
Course Material
The course material for Blue Team Level 1 covers a wide range of topics
Security Fundamentals
Phishing Analysis
Threat Intelligence
Digital Forensics
Security Information and Event Monitoring
Incident Response
Labs in the Blue Team Level 1 certification provide hands-on, practical experiences that allow participants to apply theoretical knowledge in a controlled environment. Through the labs, participants gain valuable skills in identifying and mitigating threats, responding to security incidents, and implementing best practices for network and system protection.
The course ends with a 24-hour incident response exam. The exam consists of 20 random task-based questions that require you to complete different actions and submit evidence. Successful completion of the exam demonstrates a candidate's readiness to contribute effectively to cybersecurity teams and their capability to defend systems and networks against cyber threats.
Exam Prep
To prepare myself for the 24-hour Incident Response exam, I went through all the course material, and spent all the lab hours that were given, trying to enhance my practical skills.
I spent a significant amount of my lab hours on security monitoring tools such as Splunk. I also focused on other tools such as Wireshark, Autoposy, DeepBlueClI, and my phishing analysis capabilities.
I also used an online platform called TryHackMe which provides hands-on cybersecurity training through interactive virtual environments.
Some of the labs that helped better my practical skills on TryHackMe include
Splunk: Exploring SPL
Parrot Post: Phishing Analysis
Snapped Phish-ing Line
Disk Analysis & Autopsy
Exam Day
After completing all of the course material, going through the hands-on labs multiple times, and getting more practical experience through TryHackMe. I finally started my exam on August 11th, 2023.
I first read through the given scenario and instructions. You don't necessarily need to go through the questions in order according to the exam instructions, however, I chose to.
I first looked to record all the IOCs and gathered all relevant information that'll be beneficial. I took small breaks throughout the exam that were all about 15 minutes each.
I was looking to just get the exam over with as soon as possible, however, there is no need to rush as you do have 24 hours to submit your responses. One of the biggest tips I can give while taking this exam, is to not always go with your first answer.
There were various types within the exam where I had changed my response. Another factor that you have at your fingertips is Google. If there is a specific tool that you don't know how to use that well, or you need help remembering a specific search query, Google will be your best friend.
I also advise taking screenshots throughout the exam, so you can look back at the end and see if your responses click. After about 8 hours, I gathered all my responses and turned the exam in, and to my eyes, I saw that all my hard work had paid off. I passed!
Final Thoughts
Blue Team Level 1 (BTL1) is a beginner-level cybersecurity certification that teaches you how to protect computer systems and networks from hackers and cyber threats. This certification helps you start a career in cybersecurity by giving you the fundamental skills needed to defend against cyberattacks.
This certification has helped enhance my practical skills in various tools such as Splunk, Autopsy, Wireshark, etc. The practical 24-hour Incident Response exam helped give me a glimpse of what it is like being a SOC analyst, and I advise those looking to start their journey in the field of cybersecurity, to take this certification.