What is BTL1?
The BTL1 (Blue Team Level 1) exam is a cybersecurity certification designed to validate entry-level skills in defensive security, also known as Blue Teaming. The certification focuses on foundational concepts and practical skills needed to detect, respond to, and mitigate cyber threats. Preparing for the BTL1 requires a good understanding of key defensive cybersecurity tools and techniques, along with hands-on practice in threat detection, incident response, and forensic analysis.
More can be found here.
Topics Covered in BTL1
Fundamentals of Networking and Operating Systems: Knowledge of basic networking concepts (e.g., TCP/IP, protocols) and understanding of Windows and Linux OS.
Security Fundamentals
- Introduction to Security Fundamentals
- Soft Skills
- Security Controls
- Networking 101
- Management Principles
Phishing Analysis
- Introduction to Phishing and Emails
- Types of Phishing Emails
- Tactics and Techniques Used
- Investigating a Phishing Email
- Analyzing Artifacts
- Taking Defensive Actions
- Report Writing
- Phishing Response Challenge
Digital Forensics
- Introduction to Digital Forensics
- Forensics Fundamentals
- Digital Evidence Collection
- Windows Investigations
- Linux Investigations
- Memory Analysis With Volatility
- Disk Analysis With Autopsy
Threat Intelligence: Understanding how to gather and analyze threat intelligence data and apply it to real-world scenarios.
- Introduction to Threat Intelligence
- Threat Actors and APTs
- Operational Threat Intelligence
- Tactical Threat Intelligence
- Strategic Threat Intelligence
Security Information and Event Monitoring
- Introduction to SIEM
- Logging and Aggregation
- Correlation
- Using Splunk SIEM
Incident Response
- Introduction to Incident Response
- Preparation Phase
- Detection and Analysis Phase
- Case Management
- Containment, Eradication, and Recovery Phase
- Lessons Learned and Reporting
- MITRE ATT&CK Framework
BTL1 Exam Details
The exam is a 24-hour hands-on incident response test where you need to tackle and complete 20 task-based questions. You’ll apply various tools learned in the course, investigate multiple systems, and recognize different tactics from the ATT&CK framework employed by the “threat actor” in the exam. A score of 70% on these questions is required to pass, and achieving 90% or higher on the first attempt earns you a BTL1 gold coin. If you don’t pass on the first try, there’s a 10-day waiting period before you can take it again, so I suggest starting your first attempt at least 11 days before your exam deadline.
BTL1 Exam Tips
Ensure you have a solid grasp of the tools introduced in the labs and content modules, including the underlying concepts, when to use each tool, and how to operate them. I went through the labs three times, focusing especially on those relevant to the exam, and I still have over 60 hours of lab access remaining.
Exams can be stressful, and this one is no exception for me.
This 24-hour practical incident response exam provides a generous amount of time to complete, making it feasible to pass. However, unlike traditional multiple-choice or CompTIA’s Performance-Based Questions (PBQs), it requires sustained focus and significant mental effort over a long period.
To prepare, it’s essential to take a solid break before the exam. I’d suggest at least 4–5 days without any stressful activities or studying. Don’t worry about “forgetting” anything—you’ve got your notes ready! Try to schedule the exam on a weekend or take a day or two off, as I did, so you have time to recover before returning to work (if you’re currently employed).
Students have access to a cloud-based lab through an in-browser session, available for up to 24 hours, to complete a practical incident response exam. This exam includes twenty task-based questions that require full focus, extensive mental effort, and strong analytical skills.
Once all questions are answered, students can submit the exam for instant grading and receive detailed feedback. To pass and earn the silver challenge coin, a minimum score of 70% is needed, while scoring 90% or higher on the first attempt qualifies for the gold challenge coin.
BTL1 Study Notes
Table of Contents:
Exam Tips & Preparation
Networking Fundamentals
SOC Fundamentals
Security Controls
Security Management Basics
Phishing Analysis
Threat Intelligence
Digital Forensics
Security Information and Event Monitoring
Incident Response
Page Count: 372
Format: PDF & Markup
Testimonials (LinkedIn)
How to get BTL1 study notes?
You can buy the booklet directly by clicking on the button below
Certified Security Blue Team Level 1 Study Notes
After you buy the booklet, you will be able to download the PDF booklet along with the markup files if you want to import them to Obsidian software.
Build a Study Plan and Set Goals
- Create a Study Schedule: Outline how many hours per week you can dedicate to studying, then break down the topics accordingly. Aim to cover each area at least twice before moving to hands-on labs.
- Set Learning Goals: Identify specific goals, like “understand the structure of TCP/IP” or “practice with SIEM alerts,” and prioritize according to your strengths and weaknesses.
What about the notes updates?
if you have been watching my YouTube Channel, you definitely know that those who subscribe to the second tier of my channel membership they instantly get access to a vast catalog of cybersecurity, penetration testing, digital marketing, system administration and data analytics notes catalog for 10$ along with the ability to receive all notes updates as long as they are subscribed so what does that mean?
This means if you want to stay up to date with the changes and updates to the notes and get access to other categories, I encourage to join the channel membership second tier instead. However, if you are fine with downloading the current version of this section of the notes then you can buy this booklet instead for a one-time payment.
Will the prices of this booklet change in the future?
Once another version of this booklet is released, which it will, the price will slightly change as the booklet will include more contents, notes and illustrations.
Free Blue Team Training
Checkout the playlist below on my YouTube channel for free Blue Team Training