Passing the BTL1, Raleigh ISSA, and “Countdown to Zero Day…”

Three weeks ago I passed the Blue Team Level One (BTL1) certification exam. If you’re not familiar with this certification, head over to and look at the domains that are tested on the exam. While it’s impossible for me to touch on much that isn’t mentioned there (due to the tight NDA over what’s actually considered test material), I can say that it’s a really enjoyable incident-response scenario that you have 24 hours to work out, in which you are tested on nearly everything that’s covered in the course. It was probably the best time I’ve had taking an exam due to the pracitcal nature of it. Now, the BTL1 hasn’t been mentioned on any job listings I’ve seen, and it can be rather expensive if you’re paying out of pocket, but as far as I’m concerned, it provided the best organization of topics and practical experience for blue team or defensive cybersecurity skills that I’ve encountered so far. While the CySA+ from CompTIA is more widely recognized and does appear on job listings, I feel that the hands on nature of the BTL1 will put me at an advantage due to having more famliarity with the techniques that goes beyond just answering questions on a multiple choice exam.

A while back I joined an organization called the Information Systems Security Association, which has a local branch in Raleigh. It’s as local as it can be for me, and what the ISSA Raleigh offers me is not only a chance to hear some good presentations on relevant topics in Cybersecurity, but also a chance to network with people in the industry here in my home state. The Raleigh ISSA has meetings every month, and I’m excited to go to my first one this week.

The book, “Countdown to Zero Day: Stuxnet and the Launch of the First Digital Weapon” is a comprehensive look at the events surrouding the deployment, execution, and aftermath of the Stuxnet malware that crippled the Iranian nuclear enrichment program. It’s a fascinating read as much of the content so far explains things in ways that I can readily correspond to things I’ve learned about in Cybersecurity, especially the MITRE ATT&CK framework, and the Cyber Kill Chain. I’m four chapters in, and I can honestly say I enjoy reading the events that surrounded the malware, politically, as political happenings are an important part of threat intelligence.

Leave a Reply

Your email address will not be published. Required fields are marked *