Post

BTL1 Review & Tips (2024)

Posted Updated
Preview Image
By fajao
2 min read
BTL1 Review & Tips (2024)

BTL1 Review and Tips (2025)

In this article, I will discuss my personal BTL1 journey and some tips you can use to help yourself pass the exam. I was looking for a practical blue team certification in order to test all the knowledge I got from the different projects I’ve been doing this year. I already heard about Security Blue Team so I gave it a shot and bought their level 1 course (costs £399 GBP right now).

Course Material

The Blue Team Level 1 is a 24h practical exam where we have to investigate multiple systems within a network to complete certain tasks.

Their course material is divided in 6 domains:

  • Security Fundamentals
  • Phishing Analysis
  • Threat Intelligence
  • Digital Forensics
  • SIEM
  • Incident Response

The majority of the material is written content, however there are some videos and quizzes as well. Additionaly, there are 24 labs that gives the opportunity of gaining hands-on experience with a variety of tools like Splunk, Autopsy, Wireshark, KAPE, DeepBlueCLI, Scalpel, etc.

Progress Bar

I was already familiar with the majority of the material, so I was able to finish their content in two weeks.

Exam

The exam is a 24h practical incident response exam, where you have to answer and complete 20 task-based questions. To pass, you have to get 70% of the questions right, and if you manage to get ≤90% in your first attempt, you’ll win a gold coin!

Make sure to prepare your exam environment in advance — desk setup, food, water, and anything else you might need. I personally wrapped it up in about 12 hours with a few breaks in between and ended up scoring 100%. There were 2 or 3 questions that really made me “dig deep”, but the course materials are more than enough to guide you through. The full 24 hours definitely gives you plenty of breathing room — and yes, even time for sleep (not like the OSCP 😅).

Final message

Exam Tips

  • Prepare your notes. Include everything from useful commands to tool capabilities covered in the course.
  • Take breaks if you’re stuck!
  • Document everything like you would during an IR investigation: Take detailed notes and screenshots throughout the exam.
  • Security Blue Team has several labs (Blue Team Labs Online) to help you practice for the exam!

cert

Final Thoughts

I took and passed the exam last September (delayed posting this because I’ve been swamped with work and studying for other certs), but last I checked, the course content is still the same. The BTL1 exam was a genuinely rewarding experience—from the course structure and labs to the final assessment. In my opinion, it’s one of the best entry-level blue team certifications out there — right alongside CCD and CDSA — making it an excellent learning resource for aspiring or junior analysts.

AliG respect

certifications, BTL1
BTL1 exam tips certifications
This post is licensed under CC BY 4.0 by the author.