Blue team certifications?

UnixGuy

Does anyone have any experience with https://securityblue.team/ ?

I've been asked about Blue Team level 1 certifications and heard people speak highly of them, I just want to know if anyone here done them?

I love the syllabus and the fact that they're lab based, seem to be a cheaper alternative to SANS

JDMurray

I looked into these certs several years ago and they seemed to be a vehicle for selling training. I've not seen anything said much about them.

UnixGuy

JDMurray said:

I looked into these certs several years ago and they seemed to be a vehicle for selling training. I've not seen anything said much about them.

I've heard good things about them through youtube, keen to know more. The content seem really good

chrisone

Their certs seem to be gaining traction and popularity. I have seen some job requirements "suggest" this cert as a recommendation to fufill some skill level. As mentioned it is also gaining traction amongst the twitter security realm. 

Still not a dirt cheap pathway, but a hell of a lot cheaper than SANS. 

Good luck and wish you the best on your journey. 

SteveLavoie

A few years ago, the trend was focused on offensive security, as this market mature, there is now a focus on defensive/Blue Team security.  They are looking as one of the solid contender. 

chrisone

Yup even the company "offensive security" is providing blue team focused courses/certs. 

Cloud Security: CLD-101
Security Operations for Beginners: SOC-100
Security Operations and Defensive Analysis: SOC-200

UnixGuy

Good points. I like eLearnsecurity and I think they have solid certs, they have a DFIR cert, was wondering if there is a good blue teaming / SOC certs that are handson and not as expensive as SANS

aleksej

chrisone said:

Yup even the company "offensive security" is providing blue team focused courses/certs. 

Cloud Security: CLD-101
Security Operations for Beginners: SOC-100
Security Operations and Defensive Analysis: SOC-200

nope, just started SOC-200. it's quite expensive, but offers some basic xxx-100 courses in one package. started with one of those (xxx-100). and you know what? browser often serves pages with no content. started from "basic linux" so its probably considered by them some brief self-check for SOC-200 level attendees ....still If they sold me this I would gladly self-check if/where I lack the konowledge! imho, there is no one that don't lack the basic knowledge in some fields. hope later it will get better, when going  explicite for SOC-200 part.

even registration took me almost 2 weeks, because my preference was not to provide them with my ID photo (seriously?! ID photo?! whole time I was wondering if it  is not the first lesson from security awareness part or sth )

To keep it short .....Seems like a first steeps for OffensiveSec on blue side. and those seems to be hard for them. not worth the money for now. If I would have to chose once more I would go for CompTIA line of security certs instead. I have CompTIA CySA and I can strongly recommend the knowledge it offers (still certification questions are rather checking your command of English if you are not a native)

UnixGuy

Update....

I've been hearing more and more positive experience from people who've done: https://securityblue.team/why-btl1/

Blue team level1.

It's practical so it sounds more useful than CySA+ multiple choice approach?

Keen to hear if anyone here have used them

Or do you know of a good SOC analyst training for beginners other than CySA+ and eLearnSecurity?

scasc

I have a contact who has used them (SANS instructor and holds multiple SANS certs) and highly recommends them. 

UnixGuy

scasc said:

I have a contact who has used them (SANS instructor and holds multiple SANS certs) and highly recommends them. 

that's very re-assuring! We really needed an affordable blue team training that's practical.

JDMurray

What a Blue team does is highly dependent on the org it serves. How general or specific do you need this exam to be?

UnixGuy

JDMurray said:

What a Blue team does is highly dependent on the org it serves. How general or specific do you need this exam to be?

yeah true, to be honest I don't care about the exam as much, just the training. I'm looking for a structured training for beginners to get them started as SOC analysts/incident responders/ threat management/etc , regardless of the org structure...something cheaper than GCIH/GCFA and hands on

aleksej

aleksej said:

To keep it short .....Seems like a first steeps for OffensiveSec on blue side. and those seems to be hard for them. not worth the money for now. If I would have to chose once more I would go for CompTIA line of security certs instead. I have CompTIA CySA and I can strongly recommend the knowledge it offers (still certification questions are rather checking your command of English if you are not a native)

Finally  get down to this and finished SOC-200 form OffensiveSecurity I also got the exam OSDA. If anyone would be interested I will let you know as I could found only one review of SOC-200 before paying and taking it.
And I can say it is totally not worth the money. maybe for 1000$ or so (they have good lab materials ....but those are not always working ;p end of year overload?).
I also cna't get why OffSec is so valued and and the OSCP exam. Maybe they are only starting with blue side. still, those are sth-200 level courses. and SOC-200 is not an advanced level knowledge one. I learned a lot about subjects I don't work with ...but the ones I am responsible in my job .....I can say those are at a little more than junior level. so wonder if OSCP isn't valued far more than it should be. My overall experience with OffSec as organization is fatal. Is that my luck or OSCP is just so long the market they just polished it? whatever. i recommend not to take SOC-200 ;p
IMHO, CySA form CompTia is more advanced and more useful and practical course. it's also cheaper. if we talk about similar level of expertise.

shochan

aleksej said:

IMHO, CySA form CompTia is more advanced and more useful and practical course. it's also cheaper. if we talk about similar level of expertise.

Even though it is cheaper does not mean that HR's know what this cert is...having this cert was cool for 3yrs but it certainly didn't help me find a cybersecurity job...Cheers!

JDMurray

It depends on the type of position that you are looking for. Certification are meant to entice hiring managers (or recruiters) into giving you a first-round interview for a specific type of position. If you aren't applying for positions that consider the CySA+ cert to be valuable (e.g., SOC analyst) then there is a lower probability that having CySA+ on your resume will be a major factor in you getting an interview invite for other types of positions. If you are not applying for positions, and instead waiting for recruiters to find your resumé, that is an even lower probability of getting an invite.

aleksej

hm, form the point of view of HR and recruitment processes only?  if not asked in job offer explicitly, as @JDMurray said? probably only Security+ and CISSP are worth the effort and are recognized by HR. HR rarely know more than that. and I also think that certs are only for the very 1st round  of the interview.

UnixGuy

 a little update:

I did Blue team level 1 and recetntly HackTheBox CDSA , both are top notch solid certs with excellent hands-on labs, to me they're a lot more valuable than comptias and ISC2, you actually learn skills relevant to the job


(and yes both hiring managers and HR 'recognise'  keywords such as SIEM, Splunk, MISP, threat intelligence, incident response', etc.

Job posts contain names of certifications AND skills..