Blue Team Level 2
SECURITY OPS
CERTIFICATION

Vulnerability Management
Malware Analysis
Threat Hunting
Advanced SIEM

BTL2 HAS LAUNCHED!

The first 100 orders will receive a gold commemorative challenge coin titled “First 100 Defenders” when they pass the BTL2 exam, also receiving their silver or gold coin depending on their score. (First 100 students will be emailed on Friday confirming their reward).

170+

lessons, activities, and tests

30+

CLOUD LABS WITH 120 HOURS OF ACCESS

5 Months

ACCESS TO THE TRAINING MATERIAL

£1999 £1500

certification launch price (-25%) for 31 days ONLY

BTL2 Academic Advisory Board & Technical Writers

With almost 100 years experience in the security industry, these security experts have ensured that the content and practical exam for BTL2 are scoped correctly, and reflect industry best-practice. This ensures that our students will have the most beneficial experience, and get the most value out of our certification. 






Sean Pattee

Senior Threat Analyst
CISSP, OSCP, GCFA, GCIA, GCIH, GDAT
Sean is a Senior Threat Analyst, Incident Responder, and co-runs a Cybersecurity & Digital Forensics firm located in Phoenix, AZ.






Mat Lyons

Senior Security Consultant
GCED
Mat is an Enterprise Incident Management Consultant focusing on incident response, threat hunting, and proactive services.






Andrew Tomlinson

Senior Security Analyst
GCIA, GDAT, eCPPTv2
Andrew is a Senior Security Analyst, working as the defensive use case and assurance function lead with an adjacent focus on vulnerability risk management. Previously worked as a network security engineer consultant.






Jai Minton

Principal Security Analyst
OSCP, CCFH, CCFR





Ismael Briones-Vilar

Senior Security Analyst
GCFA, GREM, GASF, ENCE
Ismael is a Senior Security Analyst, specializing in malware analysis and digital forensics, with 15 years experience in this field.






Joshua Beaman

CSIRT Analyst
GCED, GCIA, GCIH, GDAT, GEVA
Joshua is the lead Course Author, responsible for writing the Vulnerability Management domain and editing all other domains.






Sabastian Hague

CSIRT Analyst
GMON, GCDA, GCIH, GCIA
Sabastian is the primary writer for the Advanced SIEM domain, bringing 4+ years of experience from the UK Military.






Venkatesh Sathya

Senior Security Analyst
Venkatesh is the primary writer for the Malware Analysis domain, bringing 8 years experience from various Security Analyst positions.






Andrew Huang

Security Engineer
GNFA, OSCP, SSCP
Andrew is the primary writer for the Threat Hunting domain, bringing almost 12 years experience working in Security Operations defending 5 datacenters.

WHY TAKE OUR TRAINING?

We may be a “new” training company, as we were founded in early 2020, but we have proven that our training changes lives. Our students have broken into industry or secured promotions as a result of taking our certifications. We have developed the skills of entire security teams and forged stronger technical defenders. Don’t believe us? Believe them! Read our BTL1 success stories at the link below. We’ll look to release BTL2 success stories after the certification exam is released.

Read BTL1 Student Success Stories >

Overview

A hands-on defensive security training course and certification, showcasing advanced practical ability in defending networks and systems from sophisticated cyber threats. No more multiple choice exams, get genuine security operations experience with content developed by industry experts and a challenging practical assessment.

WHAT'S INCLUDED?

Individual Students:

  • 5 months access to our on-demand training course
  • 5 months access to our brand-new lab platform & 120 hours of lab time
  • Step-by-step guides to setup your own small-scale labs to keep learning even after the course
  • 2 exam attempts (initial and a free resit, with feedback after each exam)
  • Dedicated student forum supported by SBT staff
  • BTL2 Acclaim digital badge and badge on Blue Team Labs Online
  • High quality PDF certificate and physical card certificate
  • BTL2 silver challenge coin or gold if score 90% or above on first exam attempt

Corporate Clients:

  • All of the above
  • Team Leader management portal. Track course and lab progress for all your team members
  • Corporate discounts starting at 3 students (including voucher scheme to ‘buy now, use later’)
  • Corporate discounts for Blue Team Labs Online, BTL1, and BTL2 bundles

benefits of btl2

BTL2 is designed to strengthen technical defenders that already have experience and exposure to security operations. BTL2 will develop you in niche areas that make you stand out as an advanced defender. Below are some examples of the skills and experience you will gain.

  • Identify, analyze, prioritize, and remediate vulnerabilities to effectively reduce risk.
  • Conduct static and dynamic malware analysis to gather indicators of compromise and document details of the malware’s purpose and utilized techniques.
  • Writing SIEM detection rules and tuning them to ensure they’re as efficient as possible by conducting adversary emulation activities.
  • Perform threat hunts to detect adversaries that have already breached the perimeter.

Who is the course for?

BTL2 is aimed at security professionals with 2-4 years experience in a practical role, but can be suitable for individuals with less experience provided they can commit to the intense training. Roles that we believe would benefit from this course include:

  • Mid-Senior Security Analysts
  • Mid-Senior Incident Responders
  • Mid-Senior Security Consultants
  • DFIR Specialists
  • Threat Hunters
  • Malware Analysts

COURSE CONTENT

Below you can download our course syllabus to learn more about the content that is covered in the training course and tested in the practical assessment (we’ve also provided a high-level overview in the tabs below!). The certification is split into 4 domains.

  • Introduction to Vulnerability Management
  • Host Discovery
  • Vulnerability Discovery
  • Analysis, Prioritization, and Threat Intelligence
  • Reporting and Remediation
This domain features 10 hands-on cloud labs.
  • Introduction to Malware Analysis
  • Build Your Own Analysis Lab
  • Static Analysis Tools and Techniques
  • Dynamic Analysis Tools and Techniques
  • Malware Analysis Practice
This domain features 15 hands-on cloud labs.
  • Introduction to Advanced SIEM
  • SIEM Architecture
  • Build Your Own SIEM Lab
  • Proactive SIEM (Hunting)
  • Adversary Emulation, Detection, and Analysis
  • Introduction to Threat Hunting
  • Build Your Own Hunting Lab
  • Endpoint Threat Hunting
  • Network Threat Hunting
  • Hunt Reflection and Report Writing
This domain features 12 hands-on cloud labs.

CERTIFICATION PROCESS

We have not yet announced all of the details regarding the certification process for BTL2. We will provide more information at the launch event.

The BTL2 exam is designed to practically assess students on the four domains covered in the training course by utilising a range of tools and techniques to investigate a realistic intrusion scenario. The exam is comprised of two components:

  • A number of questions that must be answered during the investigation
  • A written report based on a provided template
Students must score 70% or higher to pass and earn the silver BTL2 challenge coin, and 90% or above on their first attempt to earn the gold challenge coin.

EXAM FEEDBACK

We believe feedback is absolutely crucial to developing your skills, rather than just passing the certification. We will provide feedback to all students regardless of whether they pass or fail our exam, so you can understand your weak areas, and become a stronger security professional.

FREQUENTLY ASKED QUESTIONS

HOW LONG WILL I HAVE ACCESS TO THE TRAINING COURSE and labs?

You will have access to the on-demand course and lab platform (with 120 lab hours) for 5 months/155 days from the date of purchase. Your certification exam vouchers are valid for 12 months from purchase. We have guides to create your own labs for the Advanced SIEM, Threat Hunting, and Malware Analysis domains, so you can continue to practice even after your access expires.

do you offer discounts FOR INDIVIDUALS?

The only discount we have planned is the launch discount of 25% from 6th September – 6th October, which will be the heaviest discount we will have for BTL2 (both for individuals and organisations). Please do not email us asking for discounts or free vouchers – if we decide to run a discount or giveaway, we will post it on our social media accounts and website.

why is this course so expensive?

While it may seem like a lot, BTL2 is an extremely large course and is very competitively priced compared to other companies on the market, based on the scope and quality of the content, labs, and importantly, our practical exam. It is not cheap to build and maintain a course and certification of this scale, including technology, employees, and certified rewards.

I'm NEW TO SECURITY, CAN I TAKE BTL2? IS BTL1 REQUIRED FIRST?

After feedback from our community, we decided that BTL1 is not required to take BTL2. While BTL2 is aimed at security professionals with a recommended minimum experience of 2 years in a technical role, it is definitely possible for an individual with less experience to take and pass BTL2, but it will require discipline and dedication.

DO YOU OFFER DISCOUNTS FOR ORGANISATIONS?

Of course! We offer discounts on BTL2 vouchers in progressive tiers, starting at 3 students in one order. We also offer discounts for BTLO, BTL1, and BTL2 bundles. Another benefit includes a Team Leader console to track the progress of your team members across our training courses. You can request a quote via the button at the top of this page where you’ll be passed to one of our Account Managers.

What happens if my training access expires? Can i still access the labs and exam?

Yes, BTL2 separates the certification into three elements; the training, the labs, and the exam. This means even if your training access expires you can still practice and take the exam, giving you up to 5 full months of studying (if your training access ends and you start the exam, we’ll even give you access to the course for the exam duration!).

IF I NEED MORE TIME, CAN I GET AN EXTENSION?

Yes, we provide one-time paid extensions for either 31 days or 62 days. These can be purchased from the store on our new lab platform and will automatically add the number of days to your existing total. This will extend your access to the course, lab platform, and forum.

My friend wants to take the training and labs but he cannot afford it - can i just share my account with them?

Account sharing or leaking course materials to non-paying individuals is a breach of the BTL2 Terms and Conditions and will lead to us automatically remove BTL2 from your account with no refund. We also reserve the right to claim for legal damages based on the extent of the T&C breach.

Security Blue Team is dedicated to providing affordable, practical, and high-quality defensive cybersecurity training, certifications, and community events.