Certified CyberDefender Review

Certified CyberDefender (CCD) A vendor-neutral, hands-on cyber defense training and certification.

Course Overview

The Certified CyberDefender (CCD) is a blue team oriented training course with high quality, in depth material. The learning material is reinforced with multiple hands on, practical, online labs that are very similar to their BlueYard CTF platform. After completing the training material you can attempt the Certified CyberDefender exam which is a practical exam setup just like the online labs.

The CCD course includes 6 modules covering the following topics:

  • Security Operations Fundamentals
  • Incident Response
  • Threat Intelligence
  • Digital Forensics
  • Threat Hunting and Emulation
  • Perimeter Defense (Email Security)

Check the CyberDefenders page on this course and certification for more information: https://cyberdefenders.org/blueteam-training/courses/certified-cyberdefender/

Learning Material Review

The course material is excellent quality, and I often compare it to the SANS SEC504 in quality (my only SANS course that I've taken.) The content is densly packed, without any fluff. If anything is mentioned in the material it is very important. There's not much you can skim on, or would even want to skim, as all the learning objectives and labs are aimed at helping you obtain both the knowledge and mindset required of a CyberDefender.

The Digital Forensics module was the most impactful to me, and I learned an absolute ton of new information and became much more comfortable in my responsibilities at work when an incident required investigation and forensics. The lab guide that went along with the online labs and guided me through an investigation was both fun and a great opportunity to learn and put my newfound knowledge to the test.

Lab Review

In addition to the course content you will gain access to multiple online labs. While some are associated directly with course content (and they have associated walkthroughs and guides) you are encouraged to seek out additional answers beyond what the training course taught.

That's not to say that the course does not cover everything you need, it does, but there may be faster or easier ways that if you take the time to read tool documentation and get familiar with the tools you could find new ways to answer the questions for the labs.

Overall, I think the labs were the best part of the course.

Exam Experience

When you start the exam (which can be done at any time, no scheduling required) you have 48 hours of access to the exam site. This is almost identical to the online labs you will have done during the course, so the process should be very familiar. It is a practical exam where you are provided with a virtual environment and questions. It's up to you to answer those questions as best you can. The answers are free form, and you are encouraged to provide additional information with the answer such as how you came to the conclusion or what track you were on.

The exam is graded by real people, and partial points can be awarded. So by providing additional context with your answers you might be able to get a few points for a "Wrong" answer if you were on the right path but didn't quite get what they were asking.

There are more than one way to find the answers, and answers to questions further on can give you hints on how to answer earlier questions. There were a few questions I had to go back on, after getting further I had a better idea of what I should have been looking for. I don't know if that helped, but I did get a passing grade!

All aspects of the course are fair game for the exam, so make sure you have a good familiarity and understanding of all the modules. Each module is well represented in the exam, and you have plenty of time. I still lived my life during the exam, I went to dinner and lunch, took the family on a grocery shopping trip. The exam was still waiting for me, and I still had plenty of time to complete it.

I even had to take a step back and start Googling and referencing the course material during the exam to get me back on track if I had forgotten how a particular tool works, or wasn't sure which direction I needed to be heading.


Passing the exam at 70% will you reward you with the Certified CyberDefender certification and digital badge:

Value Considerations

The course and exam are currently available with a retail price of $799.99. It is absolutely worth the cost as the content is such great quality, it is worth the price.

For someone looking for some good blue team training, and an up and coming certification, the value is absolutely there. I paid for it out of my own pocket, and if you can get an employwer to fund the training even better!