Blue team certifications?
UnixGuy
Mod Posts: 4,570 Mod
Does anyone have any experience with https://securityblue.team/ ?
I've been asked about Blue Team level 1 certifications and heard people speak highly of them, I just want to know if anyone here done them?
I love the syllabus and the fact that they're lab based, seem to be a cheaper alternative to SANS
Comments
-
JDMurray Admin Posts: 13,099 AdminI looked into these certs several years ago and they seemed to be a vehicle for selling training. I've not seen anything said much about them.
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Their certs seem to be gaining traction and popularity. I have seen some job requirements "suggest" this cert as a recommendation to fufill some skill level. As mentioned it is also gaining traction amongst the twitter security realm.
Still not a dirt cheap pathway, but a hell of a lot cheaper than SANS.
Good luck and wish you the best on your journey.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□A few years ago, the trend was focused on offensive security, as this market mature, there is now a focus on defensive/Blue Team security. They are looking as one of the solid contender.
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Yup even the company "offensive security" is providing blue team focused courses/certs.
Cloud Security: CLD-101
Security Operations for Beginners: SOC-100
Security Operations and Defensive Analysis: SOC-200
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
UnixGuy Mod Posts: 4,570 ModGood points. I like eLearnsecurity and I think they have solid certs, they have a DFIR cert, was wondering if there is a good blue teaming / SOC certs that are handson and not as expensive as SANS
-
aleksej Member Posts: 9 ■■■□□□□□□□chrisone said:Yup even the company "offensive security" is providing blue team focused courses/certs.
Cloud Security: CLD-101
Security Operations for Beginners: SOC-100
Security Operations and Defensive Analysis: SOC-200nope, just started SOC-200. it's quite expensive, but offers some basic xxx-100 courses in one package. started with one of those (xxx-100). and you know what? browser often serves pages with no content. started from "basic linux" so its probably considered by them some brief self-check for SOC-200 level attendees ....still If they sold me this I would gladly self-check if/where I lack the konowledge! imho, there is no one that don't lack the basic knowledge in some fields. hope later it will get better, when going explicite for SOC-200 part.even registration took me almost 2 weeks, because my preference was not to provide them with my ID photo (seriously?! ID photo?! whole time I was wondering if it is not the first lesson from security awareness part or sth )To keep it short .....Seems like a first steeps for OffensiveSec on blue side. and those seems to be hard for them. not worth the money for now. If I would have to chose once more I would go for CompTIA line of security certs instead. I have CompTIA CySA and I can strongly recommend the knowledge it offers (still certification questions are rather checking your command of English if you are not a native)
-
UnixGuy Mod Posts: 4,570 ModUpdate....I've been hearing more and more positive experience from people who've done: https://securityblue.team/why-btl1/Blue team level1.It's practical so it sounds more useful than CySA+ multiple choice approach?Keen to hear if anyone here have used themOr do you know of a good SOC analyst training for beginners other than CySA+ and eLearnSecurity?
-
scasc Member Posts: 465 ■■■■■■■□□□I have a contact who has used them (SANS instructor and holds multiple SANS certs) and highly recommends them.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
-
JDMurray Admin Posts: 13,099 AdminWhat a Blue team does is highly dependent on the org it serves. How general or specific do you need this exam to be?
-
UnixGuy Mod Posts: 4,570 ModJDMurray said:What a Blue team does is highly dependent on the org it serves. How general or specific do you need this exam to be?
yeah true, to be honest I don't care about the exam as much, just the training. I'm looking for a structured training for beginners to get them started as SOC analysts/incident responders/ threat management/etc , regardless of the org structure...something cheaper than GCIH/GCFA and hands on
-
aleksej Member Posts: 9 ■■■□□□□□□□aleksej said:To keep it short .....Seems like a first steeps for OffensiveSec on blue side. and those seems to be hard for them. not worth the money for now. If I would have to chose once more I would go for CompTIA line of security certs instead. I have CompTIA CySA and I can strongly recommend the knowledge it offers (still certification questions are rather checking your command of English if you are not a native)
And I can say it is totally not worth the money. maybe for 1000$ or so (they have good lab materials ....but those are not always working ;p end of year overload?).
I also cna't get why OffSec is so valued and and the OSCP exam. Maybe they are only starting with blue side. still, those are sth-200 level courses. and SOC-200 is not an advanced level knowledge one. I learned a lot about subjects I don't work with ...but the ones I am responsible in my job .....I can say those are at a little more than junior level. so wonder if OSCP isn't valued far more than it should be. My overall experience with OffSec as organization is fatal. Is that my luck or OSCP is just so long the market they just polished it? whatever. i recommend not to take SOC-200 ;p
IMHO, CySA form CompTia is more advanced and more useful and practical course. it's also cheaper. if we talk about similar level of expertise.
-
shochan Member Posts: 1,014 ■■■■■■■■□□
IMHO, CySA form CompTia is more advanced and more useful and practical course. it's also cheaper. if we talk about similar level of expertise.aleksej said:CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP -
JDMurray Admin Posts: 13,099 AdminIt depends on the type of position that you are looking for. Certification are meant to entice hiring managers (or recruiters) into giving you a first-round interview for a specific type of position. If you aren't applying for positions that consider the CySA+ cert to be valuable (e.g., SOC analyst) then there is a lower probability that having CySA+ on your resume will be a major factor in you getting an interview invite for other types of positions. If you are not applying for positions, and instead waiting for recruiters to find your resumé, that is an even lower probability of getting an invite.
-
aleksej Member Posts: 9 ■■■□□□□□□□hm, form the point of view of HR and recruitment processes only? if not asked in job offer explicitly, as @JDMurray said? probably only Security+ and CISSP are worth the effort and are recognized by HR. HR rarely know more than that. and I also think that certs are only for the very 1st round of the interview.
-
UnixGuy Mod Posts: 4,570 Moda little update:
I did Blue team level 1 and recetntly HackTheBox CDSA , both are top notch solid certs with excellent hands-on labs, to me they're a lot more valuable than comptias and ISC2, you actually learn skills relevant to the job
(and yes both hiring managers and HR 'recognise' keywords such as SIEM, Splunk, MISP, threat intelligence, incident response', etc.
Job posts contain names of certifications AND skills..