Security Blue Team (SBT) is a cybersecurity training and certification company that specializes in defensive (or Blue Team) security. SBT offers a Blue Team Junior Analyst Pathway Certificate Bundle for those new to security looking for entry-level practical training. This post will serve as my high-level review of all six courses that make up the pathway affectionately known as 'i2' in the SBT community:
Open-Source Intelligence
Digital Forensics
Vulnerability Management
Darkweb Operations
Threat Hunting
Network Analysis
There are a couple resources out there now regarding the content of this course (and I'll point them out in this post) so I don't want to make this post about more of the same. I decided to format this post more like a questionnaire for someone that is in a position like myself (brand new to security with no work experience) trying to decide if SBT and the i2 courses are for them or not.
Why did you choose Security Blue Team?
Let me preface this with a brief history: I first heard of SBT through my social network (i.e. LinkedIn posts and Discord chats related to #blueteam resources). But I didn't pay those mentions any mind--I was dead set on becoming a pentester! It wasn't until after I participated in the OpenSOC CTF that I realized I really had a passion for the defensive side of security. How would I learn blue team skills? The industry seemed catered toward red-teamers.
I searched far and wide for blue team specific training. SBT came up during that search, but to be honest, I had reservations about them because I was only familiar with the more well-known security certification companies and I didn't know anyone in my network who had first-hand knowledge of them and their offerings. Aesthetically, they appealed to me. I know that sounds stupid, but honestly, a badly designed website is a red flag! The website was clean and very well done. SBT piqued my interest from that alone, so I did some Google-Fu to learn what I could about the company.
The first thing I came across was the SBT Subreddit. I got good bits of information there from people that had some first-hand experience. And SBT actually posts on it and keeps it relevant. So far, so good. Additionally, I found Jennifer Ferreras' Medium Blog where she wrote a post specifically about the Intro courses and it was exactly what I was looking for. She covered the courses well, and so I won't try to make this post reiterate all the great information she covered. But it further piqued my interest. Finally, I joined their Discord server and I just sat back and read. I lurked. The time I spent lurking is what solidified my decision to give them a go. Why?
SBT isn't a big corporation with tons of employees. But you wouldn't know that from the community they've built on Discord. Time and again, I read students having technical problems or being stuck on a certain question, and there would always be a response from the moderators--even the CEO Joshua Beaman himself which I thought was pretty cool. That culture is embodied in the community as well. When Josh or the moderators didn't chime in, someone from the SBT community would come through and offer their assistance. Now that I've completed the courses, I'm paying it forward and doing the same. If you've completed any of the i2 courses in the past few weeks, you may have run into me on their Discord. I felt good about "investing" into this company from my experiences on their Discord.
It also didn't hurt that they have an Academic Advisory Board full of well-qualified blue-teamers.
Why did you decide to start with the i2 courses?
They won me over with their aesthetics, responsiveness, and community. This brings me to my next point: value. If you're curious about becoming a cyber defender, it's hard to beat the value of their i2 courses. I decided to buy the entire six course bundle and it amounted to approximately $104 USD. That's cheaper than $20 per course! I figured, if I didn't like the courses, I was only out a hundred bucks. But it ended up being the total opposite. Plus, the i2 courses are yours to own for life with no expiration. SBT recently stated that they are revamping the i2 courses, and since I already purchased the bundle, I'll be able to experience those new changes and updates without having to pay anymore out of pocket.
I initially heard about SBT because of their Blue Team Level 1 (BTL1) Certification. But that was a huge jump in price for what amounted to SBT being a relative unknown to me. My thought process was this: the i2 courses would give me a real taste of what SBT was about and has to offer. I'll either have a great experience and I may continue with BTL1, or the experience sucked and I won't have anything to do with them.
Who do these courses make sense for? What will I learn about in the i2 courses? What security tools did you learn about and get hands-on practical experience with?
SBT describes the courses as such: "These courses are designed to provide an insight into different defensive security topics. The target audience for these are security enthusiasts, students, and individuals in entry-level positions."
With that said, if you're already a security pro, your mileage may vary. But I've personally talked with people with years of IT experience that were still challenged with these courses.
You can find information on each course on the SBT website. If there is one thing I really appreciate about SBT is that they do a fantastic job of letting you know about the courses that you're paying your hard-earned money for. It outlines everything in great detail: an overview of each course, the practical challenges you'll experience, and the tools that you will use for each course.
So what was your experience with the i2 courses like?
I thoroughly enjoyed every single one of the courses. I was an automotive service technician before I decided to make a career change into Cybersecurity in August 2020 (you can read about that decision HERE). So I had no previous security experience at all prior to starting these courses. I participated in a couple of CTFs prior to the courses, but that's it. So if you're reading this and you're on the fence about pursuing these courses because you feel like you don't have enough security experience. . .don't. If you are a self-starter, detail-oriented, and have the right attitude and aptitude, you can most definitely pass the courses.
I bought the courses on November 4th. I finished all 6 courses on November 13th. So it took me a little over a week to finish all the courses working on them when I could between university school work. I only needed to get help with the OSINT course--and that's not because I couldn't pass it. I actually passed the course with nearly 90% WITHOUT following the proper pathway to obtain my answers and following ALL the rabbit holes! I was just determined to get 100% on all the quizzes and tests (which I did!).
If you're worried that the courses will be death by PowerPoint, don't. Each section of every module are short and concise. You're given the information you need without the fluff, and then you're immediately thrown in an environment where you apply what you learned in a hands-on practical environment. I never once felt like I wasn't prepared for the challenges after reading through the provided curriculum.
Everything you need for the course is provided for you. I was able to do everything natively on my laptop with a few exceptions. I did use my Kali Linux Virtual Machine for the steganography section because I couldn't install steghide on my Mac OS. Also, the Threat Hunting course introduces Mandiant Redline and IOC Editor tools that only install on Windows machines. So if you're not a Windows user and want to follow along with those sections, make sure you know how to stand up a Windows VM. I also want to make people aware that there's nothing fancy here with the intro courses: no in-browser virtual machine; no need to VPN anywhere. For the most part, you'll be given files to download that you will then use applications you download and install to analyze. So you're either installing those applications to your actual box, or on a VM of your choosing.
The OSINT course is actually my only real gripe about the i2 bundle. They based the scenario on fictional characters that they've used for another project. But SBT decided to re-use and re-purpose them for the OSINT course. In my opinion, it made the course much less enjoyable despite the course and challenges actually being well done. It was too easy to fall into rabbit holes that made total sense as a student on the outside looking in, but had nothing to do with the course itself.
Smaller gripes had to deal with minor things like typos and grammar (that were few and far between). A lot of the answers to the questions were syntax based, but some of those questions would not have the format specified leaving the student trying to guess the correct format for the answer. So the "correct" answer would be marked wrong if a dash or parentheses was out of place. The i2 courses were released in early 2020, but with that said, some of the courses have sections in them that still say "Coming Soon". But SBT recently posted saying the i2 courses are getting a revamp, so the hope is all those "Coming Soon" sections will be fleshed out.
Hindsight being 20/20, would you do it all over again?
Despite the gripes listed above, I would wholeheartedly do it again. Since discovering SBT and the i2 courses, it feels like resources for blue teamers to gain hands on practical skills has exploded, many of which will give SBT a run for their money! But even with that said, for the price, I feel like the return on investment is there. You get an introduction to the basics of what a blue teamer experiences, and also gain some fundamental computing knowledge like networking and Linux command line.
Could you gain the knowledge and hands-on skills on your own via self-study. Sure, I could have went that route. But these courses are meant for entry-level people and those new to security because. . .we're NEW! What do we know about anything security? The only tools I heard of before taking these courses were Wireshark and Nessus, and even then, I never used them or really knew what they were used for. I wouldn't know where to begin to craft my own Network Analysis course or Vulnerability Management course.
All that work is done for you with i2. You just login and start learning. There's no wasted time trying to figure out what to learn and how to learn it. Plus, you have a built-in community to give you a helping hand because you're going to need it!
Furthermore, it solidified blue teaming for me. I thoroughly enjoyed each course, and it still feels fun going over each course as I help those needing help on Discord. Obviously, there are better ways to determine if you like blue teaming than spending $105 on the i2 courses. It was just an observation on my part from my experience.
Finally, don't get it twisted. This is not a security certification. SBT makes that perfectly clear. They are introductory courses that happen to have certificates of completion. Blue Team Level 1 (BTL1) is their certification. Still, the i2 courses are an awesome way to take the initiative of your practical security experience. I can say I passed a multiple choice test about blue teaming. But can you also say that you can perform a vulnerability assessment to identify vulnerabilities on a host or network? Can you say that you know how to use a packet analyzer to analyze PCAP files to extract important pieces of information? Can you say that you've hunted for malicious files on an infected system by using IOCs that you created on your own? You can say all that and more by taking Security Blue Team's Blue Team Junior Analyst Pathway Certificate Bundle!
But you don't have to take my word for it! Join their Discord and ask questions. And visit these resources:
I've created detailed write-ups of my processes to obtain the solutions to all the activities and challenges of the i2 courses. But unlike my other blog posts, I'm unable to post any write-ups on the activities and challenges of the courses here on my website due to the agreement with Security Blue Team during the purchase of the courses. But if you need any help or would like to see proof-of-concept of things I learned in the courses, please feel free to reach out.
Comments