My Experience with the BTL1 Exam from Security Blue Team (Silver Coin)
On 9/24/2022, I had the opportunity to take and pass the BTL1 exam, which is a 24-hour incident response-based scenario. The objective of the exam was to identify the source of a security breach by analyzing logs, conducting phishing analysis, mapping the attack using the MITRE ATT&CK Framework, and ultimately determining the responsible party. I’d like to share my journey and insights from the experience.
Preparation for the Exam
I started my preparation for the BTL1 exam on March 23, 2022, and took the test on September 24, 2022. I used an extended training course that provided ample time for studying and reviewing. My diligence paid off, as I passed the exam with a score of 80%, earning the silver challenge coin. I completed the exam in eight hours, even though I had 24 hours to do so, as I felt that constantly revisiting my answers could lead to overthinking.
Domains Covered in the Exam
The BTL1 training course covers six critical domains: security fundamentals, phishing analysis, threat intelligence, digital forensics, security information and event monitoring (SIEM), and incident response. I found the phishing analysis domain to be particularly important and a must-know for anyone who uses a computer, as phishing is a widespread issue. The BTL1 training was an excellent resource for learning about this topic, among others.
I found that using tools such as Splunk and Wireshark greatly helped with my learning. I practiced all the labs multiple times, but I found that using Splunk and Wireshark the most was particularly beneficial for the exam.
The Exam Environment
The BTL1 exam is conducted in a live lab environment, making it more challenging than traditional certification tests with multiple choice or performance-based questions. I personally prefer this type of exam as it is much more engaging and a better reflection of one’s skills. The live lab environment requires full attention and can be stressful, but it is a more fulfilling experience.
Exam Results and Feedback
After submitting my answers, I received my exam results, which showed a score of 75%. Upon review, I submitted my answers for correction, and the security blue team exam-reviewers promptly responded, even on a weekend. One of my answers was corrected, which increased my score to 80%. I was pleased to receive the feedback, as it allowed me to identify areas for improvement and better prepare for future exams.
Looking Ahead
With the BTL1 certificate under my belt, my focus has now shifted to the other end of the spectrum — the PNPT from TCM Security. The PNPT is the most challenging, as its material is similar to the well-known OSCP. I look forward to sharing my progress and experiences with these certifications in future blog posts.
*I did end up taking a short break from my PNPT studies to knock out the AWS Cloud Practitioner certification.
In conclusion, obtaining the BTL1 certificate was a valuable and educational experience. I learned a lot about incident response, phishing analysis, and security fundamentals, and I would highly recommend this certification to anyone interested in these areas.
