The Certified Blue Team Professional (CBTP) certification is a comprehensive, industry-aligned exam designed to validate real-world defensive cybersecurity skills. It is built for professionals aiming to work in Security Operations Centers (SOC), blue team roles, and defensive security environments.

CBTP focuses on practical detection, investigation, and response skills required to defend modern enterprise environments against real threats. The exam emphasizes log analysis, threat detection, incident response, and blue team methodologies used by security teams worldwide.

This certification is vendor-neutral, scenario-driven, and aligned with real SOC workflows rather than theoretical knowledge alone.

Who This Exam Is For

• Aspiring SOC Analysts

• Blue Team Engineers

• Incident Responders

• Cybersecurity Students & Professionals

• Red Teamers transitioning into defense

• Security Professionals seeking validation of defensive skills

Exam Details

• Exam Duration: 6 Hours

• Total Questions: 600

• Question Format:

  • Scenario-based questions

  • Log & alert analysis

  • Technical multiple-choice

  • Defensive decision-making

• Attempts Included: 3

• Exam Mode: Online (Proctored)

• Difficulty Level: Intermediate to Advanced

• Certification Validity: Lifetime (no expiry)

Skills Validated by CBTP

• Blue team fundamentals & SOC operations

• Log analysis and alert investigation

• Threat detection and triage

• Incident response lifecycle

• Network and endpoint security

• Attack behavior understanding from a defensive perspective

• Mapping attacker techniques to defensive controls

CBTP – 30-Module Syllabus

Domain 1: Blue Team Foundations

1. Introduction to Blue Team Operations

2. SOC Roles, Responsibilities, and Workflows

3. Cyber Kill Chain & Defensive Mapping

4. Blue Team vs Red Team vs Purple Team

Domain 2: Networking for Defense

5. TCP/IP Fundamentals for Security

6. Network Traffic Analysis

7. Common Network Attacks & Detection

8. DNS, HTTP, HTTPS & Email Security

Domain 3: Operating System Security

9. Windows Security Architecture

10. Linux Security Fundamentals

11. User Privileges, Processes & Services

12. OS Logs & Event Monitoring

Domain 4: Logging & Monitoring

13. Log Types and Log Sources

14. Log Collection & Normalization

15. SIEM Fundamentals

16. Alert Generation & Tuning

Domain 5: Threat Detection

17. Indicators of Compromise (IOCs)

18. Behavioral & Anomaly Detection

19. Signature-Based vs Behavior-Based Detection

20. False Positives & Noise Reduction

Domain 6: Incident Response

21. Incident Response Lifecycle

22. Incident Triage & Prioritization

23. Containment, Eradication & Recovery

24. Post-Incident Analysis & Reporting

Domain 7: Endpoint & Malware Defense

25. Endpoint Detection & Response (EDR)

26. Malware Types & Infection Vectors

27. Malware Detection Techniques

Domain 8: Threat Intelligence & Frameworks

28. Threat Intelligence Fundamentals

29. MITRE ATT&CK for Blue Teams

30. Defensive Strategy & Continuous Improvement