ENTRY 3 - Getting practical experience
Hi there!
After securing my Security+ certification it didn’t go long when I started to look for another certificate. I had a few on my mind (Network+, Cysa+, CCNA) but there was (and still is) that uncomfortable thought of not having enough practical experience to move into higher and more engaging cyber roles. The growth is natural when your current role is offering you the tools and techniques to advance, but on the other hand coming up with a cybersecurity project on your own and in your free time is not as easy as it seems. It requires having a virtual machine (recommendable Kali with all its tools), source of operation (logs, malware sample, vulnerable system, packet captures), analysis tools and last but not least, you should have an idea of what you’re doing.
As most cybersecurity careers start with getting into SOC Tier 1 I got myself a goal, to get more hands-on knowledge for SOC roles. Luckily, today we have a number of training platforms that offer theory and practice through labs, tasks and challenges making it interactive and fun. But be prepared for more subscriptions as it is not free. If it is free, it’s a demo!
My go-to platform is TryHackMe (THM) as it offers guided learning paths and labs with virtual machines and simulated environments to play with. I already completed the Security Engineer and SOC Level 1 paths. The latter took some time to complete as it is extensive and covers a broad range of tools which you need to grasp in order to complete the challenges. But I absolutely recommend going through the SOC Level 1 learning path as it puts on you the weight of certain tools used in SOC analysis. If you find it overall long, you can choose from the rooms within the path and do them separatelly from the rest of the path. Some of the rooms I enourage you not to skip: Splunk, Wireshark, Windows Event Logs, Sysmon, Windows and Linux forensics and Phishing - great practices to get to know important tools and services.
I’ve also started digging into certificates with practical experience and real world scenarios. Several of them caught my eye:
- BTL1 (Blue Team Level 1) by Security Blue Team
- CDSA (Defensive Security Analyst) by HackTheBox
- PSAA (Practical SOC Analyst Associate) by TCM Security
- SAL 1 (Security Analyst Level 1) by TryHackMe
- PT1 (Jr Penetration Tester) by TryHackMe
- CCD (Certified Cyberdefender) by CyberDefenders
- eJPT (Junior Penetration Tester) by INE
I won’t go into details for each of the certificates, I’ll leave that to you. After days of re-reading reviews and experiences, my final decision went towards BTL1. Prior to buying the actual course I dug into their free course, Blue Team Junior Analyst that offers glance into following 6 domains:
- Security Fundamentals
- Phishing Analysis
- Threat Intelligence
- Digital Forensics
- Security Information and Event Management
- Incident Response
I was pleasantly surprised of the quality and beginner-friendly content, although I did noticed a lot of overlap with the SOC T1 path from TryHackMe. With that I got some insight into what I can expect with the real course and the exam. Soon I will be getting into studying for BTL1 and I will let you know how it goes once finished.
I’m leaving you below an illustration of different certifications depending on your level of knowledge and path you wish to explore.
Image courtesy of Cyber Threat Intelligence
Thanks and see you for the next one!