Certified CyberDefender (CCD) Review
At A Glance
- Intermediate course/exam geared toward SOC Analysts
- 4 months of access to course material
- 120 hours of lab time
- 2 exam attempts
- 48-hour practical exam covering all domains except for Incident Response
- Student discount — $100 off with .edu email
Domains include:
- SOC Fundamentals
- Incident Response
- Perimeter Defense — Email Security
- Forensics Evidence Collection
- Disk Forensics
- Memory Forensics
- Network Forensics
- Threat Hunting and Emulation
Overview
Certified CyberDefender is an intermediate certification course on CyberDefender’s platform. The course covers SOC fundamentals, incident response, digital forensics (network, memory, disk), and threat hunting. The exam is a 48-hour practical covering each domain of the course except for incident response. To ensure that students are prepared to succeed in the course, CyberDefenders recommends students complete at least one challenge on their CTF platform BlueYard without assistance. Once purchased, you receive access to the course material for 4 months, 120 hours of lab time, and 2 exam attempts. There is also a discord server for students to get help, make suggestions, etc.
They also offer a student discount of $100 off.
The content creators are both very established security practitioners; you can read about some of their experience here.
Prerequisites
As per the CCD course page:
- Solid understanding of Windows and Linux operating systems.
- Solid research and problem-solving skills.
- Familiarity with basic system administration, networks, and security concepts.
Course
The course itself is well put together and straight to the point. Each domain goes in-depth into the methodology and tools analysts need to utilize. As you progress through each domain, you will be presented with a lab to capstone that section of the material.
Each domain consists of several modules. The modules cover individual topics of the domain. For example, the Disk Forensics domain consists of over 50 modules, including “Deleted File Analysis” and “Exploring Network Shares.” Most modules also include links to additional reading material for those looking to take a deeper dive into a particular subject. CCD also provides cheat sheets at the end of some domains, which can be very helpful later.
Although it is unfortunate that students only have access to the course material for 4 months, I found it to be more than enough to complete all the material. It took me roughly 2.5 months to work through the material and complete each lab twice. Course extensions are also available, should they be required.
As of the time of writing, the content is purely reading material, interspersed with images/gifs demonstrating tools. The team at CCD has received many requests for videos to supplement the reading material and are currently looking into producing this content.
Labs
The labs are the meat of the course. While the difficulty of the labs will vary depending on the student’s background and the topic, some will likely take several hours to complete. One of the Disk Forensics labs, for example, can easily take students 8+ hours to complete.
The 120 hours of lab time is more than enough to complete all the labs. I completed each lab twice and have only used 57 hours of the allotted time. You can also purchase extensions if you need to.
The lab machines are typically reasonably responsive. However, they are cloud-based, and there can be some lag, but it is generally not an issue. I will say that I did have some issues with lab performance early on, but they have since increased the resources of the lab machines, making them much more responsive.
Exam
The exam for CCD is practical and completely hands-on. You have 48 hours to perform investigations on each domain. A score of 70% is required to pass.
The exam went above and beyond my expectations; it was very challenging and engaging. The exam machines were well-provisioned, and I had zero issues/lag. You are given a maximum of 5 machine resets, should you need them, though I found no use for them.
The answer to each question is freeform, and you are required to provide a write-up of your methodology. They do award partial credit, so it is important to write what you’ve tried and why.
Since the exam is freeform, it is graded by hand. It can take up to 10 business days to receive your results. It took about a week to receive mine. They also include a summary of your performance for each domain, which will help determine what areas you need to brush up on.
There is a lot of work to be done in the exam, and it will thoroughly test your knowledge of each domain. Having notes and cheat sheets can be very helpful during this time.
After passing the exam you receive a certification and badge, as well as a physical coin. Scores of 85% or higher receive a gold coin.
Conclusion
The course, labs, and exam are of high caliber. I am glad I took a chance and grabbed this course. At the current price of $500, or $400 with the student discount, I think it’s well worth the price. From my experience, the team at CCD is committed to making their student’s experience as positive as possible. They listen to feedback and add new features regularly. The few times I have seen issues, they were resolved very quickly.