top of page
Abstract Blue Light
Certified Blue Team Operator (CBTO-902)
23.png

Target Students​

Security analysts, incident responders, and IT professionals responsible for defending an organization's digital assets against cyberattacks and improving the security posture through monitoring, detection, and response.

Duration :  40 hours (5 days)
Learning Objectives

-Master defensive cybersecurity techniques and best practices.

-Learn to detect, analyze, and respond to cyber threats in real-time.

-Develop skills in threat hunting, incident response, and security monitoring.

-Understand how to implement and manage security operations centers (SOC).

-Prepare for blue team operations to protect organizations from advanced threats.

Exam Duration: 2 hours
Exam Formats
 

100 multiple-choice questions

Exam Options
 

Online

In-Person

Exam Codes: CBTO-902
Passing Score​: 70% 

Course Outline

Foundations of Defensive Security
Module 1: Introduction to Blue Team Operations

  • Overview of Blue Teaming

  • Understanding the Role and Responsibilities of a Blue Team Operator

  • Differences Between Blue Teaming, Red Teaming, and Purple Teaming

  • The Blue Team Methodology: Defense-in-Depth, Continuous Monitoring, and Incident Response

  • Building a Blue Team Environment

  • Setting Up a SOC Lab Environment: Tools, Resources, and Best Practices

  • Introduction to SOC Tools: SIEM (Security Information and Event Management), IDS/IPS, Firewalls

  • Overview of Network Security Architecture and Design

Module 2: Network Security Monitoring

  • Monitoring Network Traffic

  • Basics of Network Traffic Analysis: Packet Capture, Protocol Analysis

  • Using Wireshark for Network Traffic Monitoring

  • Implementing IDS/IPS for Network Threat Detection

  • Deploying and Managing SIEM Systems

  • Introduction to SIEM: Architecture, Deployment, and Configuration

  • Using SIEM for Log Collection, Correlation, and Alerting

  • Case Study: Implementing a SIEM Solution for Enterprise Security Monitoring

Threat Detection and Incident Response
Module 3: Threat Detection Techniques

  • Threat Intelligence Integration

  • Introduction to Threat Intelligence: Types, Sources, and Platforms

  • Integrating Threat Intelligence into SOC Operations

  • Automating Threat Detection with Threat Intelligence Feeds

  • Malware Analysis and Detection

  • Basics of Malware Analysis: Static and Dynamic Analysis Techniques

  • Detecting Malware in Network Traffic and Host Systems

  • Case Study: Analyzing a Malware Incident in a Corporate Network

Module 4: Incident Response

  • Developing an Incident Response Plan

  • Key Components of an Incident Response Plan: Preparation, Detection, Containment, Eradication, Recovery

  • Incident Response Team Roles and Responsibilities

  • Best Practices for Effective Incident Response

  • Handling Security Incidents

  • Steps for Containing and Mitigating Security Incidents

  • Forensic Analysis of Compromised Systems

  • Case Study: Incident Response for a Ransomware Attack

Threat Hunting and Advanced Defense Techniques
Module 5: Threat Hunting

  • Introduction to Threat Hunting

  • What is Threat Hunting: Objectives, Methodologies, and Tools

  • Setting Up a Threat Hunting Environment

  • Developing Threat Hunting Hypotheses and Playbooks

  • Conducting Threat Hunts

  • Techniques for Proactive Threat Hunting: Indicators of Compromise (IoCs), Anomalous Behavior, and TTPs

  • Using EDR (Endpoint Detection and Response) Tools for Threat Hunting

  • Case Study: Conducting a Threat Hunt in a Live Network Environment

Module 6: Advanced Defense Techniques

  • Endpoint Securit

  • Implementing Endpoint Security Solutions: Antivirus, EDR, and Application Whitelisting

  • Protecting Endpoints from Advanced Threats: Ransomware, APTs, and Fileless Malware

  • Case Study: Implementing EDR in a Large Enterprise

  • Defensive PowerShell Scripting

  • Using PowerShell for Defensive Security: Monitoring, Detection, and Response

  • Writing Scripts for Automating Security Tasks

  • Case Study: Automating Incident Response with PowerShell Scripts

Security Operations Center (SOC) Management
Module 7: SOC Management

  • SOC Design and Implementation

  • Designing a SOC: Architecture, Roles, and Responsibilities

  • Implementing SOC Processes and Workflows

  • Case Study: Building a SOC from the Ground Up

  • SOC Operations and Best Practices

  • Day-to-Day Operations in a SOC: Monitoring, Alerting, and Reporting

  • Implementing Security Metrics and KPIs for SOC Performance

  • Case Study: Optimizing SOC Operations for Improved Threat Detection

Module 8: Compliance and Reporting

  • Regulatory Compliance

  • Overview of Key Cybersecurity Regulations: GDPR, HIPAA, PCI-DSS

  • Ensuring SOC Compliance with Regulatory Requirements

  • Case Study: Achieving Compliance in a SOC Environment

  • Security Reporting

  • Writing Effective Security Reports: Incident Reports, Executive Summaries, Technical Reports

  • Communicating with Stakeholders: Presenting Findings and Recommendations

  • Case Study: Reporting on a Major Security Incident

Practical Application and Capstone Project
Module 9: : Blue Team Simulation

  • End-to-End Blue Team Exercise

  • Participants Execute a Full Blue Team Operation: Monitoring, Detection, Incident Response, and Reporting

  • Real-World Scenario Simulation: Defending a Corporate Network Against Simulated AttacksPeer Review and Instructor Feedback on Blue Team Performance

  • Advanced Blue Team Techniques

  • Exploring Cutting-Edge Defense Techniques: Machine Learning for Threat Detection, Automation of SOC Operations

  • Case Study: Implementing Advanced Defense Techniques in a Live Blue Team Exercise

Module 10: Capstone Project and Exam Preparation

  • Capstone Project

  • Participants Work on a Comprehensive Capstone Project that Encapsulates All Skills Learned Throughout the Course

  • Focus on Real-World Application, Reporting, and Analysis

  • Peer Review and Presentation of Capstone Project

  • Exam Preparation and Review

  • Review of Key Concepts and Techniques Covered During the Course

  • Sample Exam Questions and Group Discussions

  • Final Q&A Session and Wrap-U

bottom of page