Home An In-Depth Review of the Blue Team Level 1 Certification Experience

An In-Depth Review of the Blue Team Level 1 Certification Experience


Hello everyone! It’s been a while since I last posted (5 months to be exact), but today I’m excited to share my journey through the Blue Team Level 1 (BTL1) certification provided by Security Blue Team (SBT). A week ago, I proudly passed the exam with a score of 90% and I can’t wait to share some tips and tricks that helped me succeed, based on my experience. So, let’s dive into my BTL1 journey! But before we dive into the tips and tricks, let me give you a quick overview of the materials covered in this certification program. This will give you a better understanding of what to expect and what’s covered in the Blue Team Level 1 (BTL1) certification. The Blue Team Level 1 certification consists of six main domains that are well-structured, including:

  • Security Fundamentals
  • Phishing Analysis
  • Threat Intelligence
  • Digital Forensics
  • Security Information and Event Management (SIEM)
  • Incident Response.

These domains are designed to provide a comprehensive understanding of the blue team’s role in protecting organizations against cyber threats. The six main domains of BTL1 are comprehensive and provide a solid foundation for entry-level professionals in the Cybersecurity Defense Industry. The program’s content goes beyond theory and includes hands-on labs, practical techniques, and relevant tools that can be immediately put into practice in real-world situations. The first domain, Security Fundamentals, provides a comprehensive overview of the essential information security theory that forms the basis for the entire certification program.

Information Security picture from ENISA

The second domain of the program, Phishing Analysis, teaches the fundamentals of how to analyze and respond to phishing incidents. It covers both proactive and reactive measures to effectively tackle phishing threats. This comprehensive understanding of phishing analysis lays a strong foundation for entry-level professionals in the Cybersecurity industry.

Phishing Illustration picture from National Cyber Security Centre

The third domain, Threat Intelligence, is all about the basics of TTPs (Tactics, Techniques, and Procedures) and how to effectively hunt for potential threats. You will learn the importance of sharing information (IOCs) with the community, and the domain provides real-life examples in the form of malware samples and APT groups to help you understand the material better.

CTI picture from ManageEngine Blog

The fourth domain, Digital Forensics, takes you through hands-on labs that are designed to help you put your knowledge into practice. You’ll learn about the theories and concepts of digital forensics, and how to gather data, track attackers, and piece together their activities. With a mix of practical and easily understandable material.

Digital Forensics picture from Asia Pacific University

The fifth domain, Security Information and Event Management (SIEM), may seem challenging at first, but the materials provided in this domain offer a comprehensive overview of SIEM, from its various components and functions, to how it can be used to uncover an attacker’s activity, particularly using Splunk.

Splunk Dashboard picture from Splunk

In the final domain, Incident Response, you’ll learn how to effectively respond to incidents through a series of hands-on labs and practical exercises. The training follows the NIST Incident Response Framework, providing you with the tools and techniques you need to be prepared for any incident that may arise.

Cyber Incident Response Cycle by NIST

Are you ready to learn how I passed the Blue Team Level 1 Certification exam with a 90% score on my first attempt? It was a pleasant surprise for me and I’m grateful for all the hard work I put in. Let’s delve into the tips and tricks that helped me succeed! Does this sound interesting to you? I hope it is :)


  • Make sure you have a well note-taking during the course  —  You can take notes by hand or use tools like Notion or Obsidian to keep everything organized and easy to reference. Another option is to utilize the platform’s built-in bookmarking feature to save any particularly interesting or relevant content for future review.
  • Complete all the course materials and hands-on labs — Again! The course is designed to prepare you for real-world scenarios, so I highly recommend completing it in its entirety (For those who have just jumped into this field). By doing so, you’ll become familiar with the tools and lab environment, which will help you during the exam. Don’t underestimate the importance of confidence when taking the test ;)
  • Practice Makes Perfect — I can’t ignore the fact that this quote is undeniably true. I advise you to thoroughly finish the lab and practice it as much as you can until you are at ease and ready to take the test. However, if you need some additional labs you can try blueteamlabs.online which is from the certification creator, or find relevant labs on tryhackme.com.
  • Ensure that you are getting enough sleep — It’s important to take care of your physical health leading up to the exam day, and that includes getting enough sleep. Remember to also not take yourself too seriously and try to maintain a balanced mindset throughout the preparation process.


To conclude, This certification is definitely suitable for blue teamer entry level. The course contains enough material for you to get started in your career. The exam is purely a 100% practical exam (No theory!) that perfectly simulates a real-life situation. Finally, I hope you enjoyed this review article and help you make the decision about the certification. Thanks!

This post is licensed under CC BY 4.0 by the author.