Blue team certifications?

UnixGuyUnixGuy Mod Posts: 4,564 Mod
Does anyone have any experience with https://securityblue.team/ ?

I've been asked about Blue Team level 1 certifications and heard people speak highly of them, I just want to know if anyone here done them?


I love the syllabus and the fact that they're lab based, seem to be a cheaper alternative to SANS

Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


Comments

  • JDMurrayJDMurray Admin Posts: 13,012 Admin
    I looked into these certs several years ago and they seemed to be a vehicle for selling training. I've not seen anything said much about them.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    JDMurray said:
    I looked into these certs several years ago and they seemed to be a vehicle for selling training. I've not seen anything said much about them.

    I've heard good things about them through youtube, keen to know more. The content seem really good
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Their certs seem to be gaining traction and popularity. I have seen some job requirements "suggest" this cert as a recommendation to fufill some skill level. As mentioned it is also gaining traction amongst the twitter security realm. 

    Still not a dirt cheap pathway, but a hell of a lot cheaper than SANS. 

    Good luck and wish you the best on your journey. 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    A few years ago, the trend was focused on offensive security, as this market mature, there is now a focus on defensive/Blue Team security.  They are looking as one of the solid contender. 
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Yup even the company "offensive security" is providing blue team focused courses/certs. 

    Cloud Security: CLD-101
    Security Operations for Beginners: SOC-100
    Security Operations and Defensive Analysis: SOC-200


    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Good points. I like eLearnsecurity and I think they have solid certs, they have a DFIR cert, was wondering if there is a good blue teaming / SOC certs that are handson and not as expensive as SANS
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • aleksejaleksej Member Posts: 9 ■■■□□□□□□□
    chrisone said:
    Yup even the company "offensive security" is providing blue team focused courses/certs. 

    Cloud Security: CLD-101
    Security Operations for Beginners: SOC-100
    Security Operations and Defensive Analysis: SOC-200


    nope, just started SOC-200. it's quite expensive, but offers some basic xxx-100 courses in one package. started with one of those (xxx-100). and you know what? browser often serves pages with no content. started from "basic linux" so its probably considered by them some brief self-check for SOC-200 level attendees ....still If they sold me this I would gladly self-check if/where I lack the konowledge! imho, there is no one that don't lack the basic knowledge in some fields. hope later it will get better, when going  explicite for SOC-200 part.
    even registration took me almost 2 weeks, because my preference was not to provide them with my ID photo (seriously?! ID photo?! whole time I was wondering if it  is not the first lesson from security awareness part or sth ;) )
    To keep it short .....Seems like a first steeps for OffensiveSec on blue side. and those seems to be hard for them. not worth the money for now. If I would have to chose once more I would go for CompTIA line of security certs instead. I have CompTIA CySA and I can strongly recommend the knowledge it offers (still certification questions are rather checking your command of English if you are not a native)


  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Update....

    I've been hearing more and more positive experience from people who've done: https://securityblue.team/why-btl1/

    Blue team level1.

    It's practical so it sounds more useful than CySA+ multiple choice approach?

    Keen to hear if anyone here have used them


    Or do you know of a good SOC analyst training for beginners other than CySA+ and eLearnSecurity?

    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • scascscasc Member Posts: 461 ■■■■■■■□□□
    I have a contact who has used them (SANS instructor and holds multiple SANS certs) and highly recommends them. 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    scasc said:
    I have a contact who has used them (SANS instructor and holds multiple SANS certs) and highly recommends them. 

    that's very re-assuring! We really needed an affordable blue team training that's practical.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • JDMurrayJDMurray Admin Posts: 13,012 Admin
    What a Blue team does is highly dependent on the org it serves. How general or specific do you need this exam to be?
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    JDMurray said:
    What a Blue team does is highly dependent on the org it serves. How general or specific do you need this exam to be?

    yeah true, to be honest I don't care about the exam as much, just the training. I'm looking for a structured training for beginners to get them started as SOC analysts/incident responders/ threat management/etc , regardless of the org structure...something cheaper than GCIH/GCFA and hands on
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • aleksejaleksej Member Posts: 9 ■■■□□□□□□□
    aleksej said:

    To keep it short .....Seems like a first steeps for OffensiveSec on blue side. and those seems to be hard for them. not worth the money for now. If I would have to chose once more I would go for CompTIA line of security certs instead. I have CompTIA CySA and I can strongly recommend the knowledge it offers (still certification questions are rather checking your command of English if you are not a native)


    Finally  get down to this and finished SOC-200 form OffensiveSecurity I also got the exam OSDA. If anyone would be interested I will let you know as I could found only one review of SOC-200 before paying and taking it.
    And I can say it is totally not worth the money. maybe for 1000$ or so (they have good lab materials ....but those are not always working ;p end of year overload?).
    I also cna't get why OffSec is so valued and and the OSCP exam. Maybe they are only starting with blue side. still, those are sth-200 level courses. and SOC-200 is not an advanced level knowledge one. I learned a lot about subjects I don't work with ...but the ones I am responsible in my job .....I can say those are at a little more than junior level. so wonder if OSCP isn't valued far more than it should be. My overall experience with OffSec as organization is fatal. Is that my luck or OSCP is just so long the market they just polished it? whatever. i recommend not to take SOC-200 ;p
    IMHO, CySA form CompTia is more advanced and more useful and practical course. it's also cheaper. if we talk about similar level of expertise.


  • shochanshochan Member Posts: 1,002 ■■■■■■■■□□
    aleksej said:
    IMHO, CySA form CompTia is more advanced and more useful and practical course. it's also cheaper. if we talk about similar level of expertise.


    Even though it is cheaper does not mean that HR's know what this cert is...having this cert was cool for 3yrs but it certainly didn't help me find a cybersecurity job...Cheers!
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • JDMurrayJDMurray Admin Posts: 13,012 Admin
    It depends on the type of position that you are looking for. Certification are meant to entice hiring managers (or recruiters) into giving you a first-round interview for a specific type of position. If you aren't applying for positions that consider the CySA+ cert to be valuable (e.g., SOC analyst) then there is a lower probability that having CySA+ on your resume will be a major factor in you getting an interview invite for other types of positions. If you are not applying for positions, and instead waiting for recruiters to find your resumé, that is an even lower probability of getting an invite.
  • aleksejaleksej Member Posts: 9 ■■■□□□□□□□
    hm, form the point of view of HR and recruitment processes only?  if not asked in job offer explicitly, as @JDMurray said? probably only Security+ and CISSP are worth the effort and are recognized by HR. HR rarely know more than that. and I also think that certs are only for the very 1st round  of the interview.


  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
     a little update:

    I did Blue team level 1 and recetntly HackTheBox CDSA , both are top notch solid certs with excellent hands-on labs, to me they're a lot more valuable than comptias and ISC2, you actually learn skills relevant to the job


    (and yes both hiring managers and HR 'recognise'  keywords such as SIEM, Splunk, MISP, threat intelligence, incident response', etc.

    Job posts contain names of certifications AND skills..

    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


Sign In or Register to comment.