Introduction
This section introduces you to the course structure and resources.
Course Overview
Introduction
The Blue Team Level 1 (BTL1) certification validates practical skills for defending against modern cyber threats. The course introduces the training platform, outlines certification objectives, and prepares learners for the BTL1 exam.
Domains
The course is divided into six domains:
Security Fundamentals β Basics of controls, networking, and risk management
Phishing Analysis β Detecting, analyzing, and reporting phishing attacks
Threat Intelligence β Understanding intelligence types, threat actors, and IOCs
Digital Forensics β Collecting and analyzing digital evidence from Windows, Linux, and browsers
Security Information and Event Management β Using SIEM for log analysis and reporting
Incident Response β NIST SP 800-61r2 process: preparation, detection, containment, and post-incident review
Additional Information
Security Fundamentals can be skimmed by those with prior experience. Full completion is recommended but not required before taking the exam.
Navigating The Course
Introduction
Covers how to navigate lessons, labs, forums, and exam preparation areas in the BTL1 platform.
Key Features
Lessons & Quizzes β Accessed via the Domain List; quizzes require a 70% pass score
Bookmarks β Save lessons for review later from the top-right bookmark icon
Labs β Launch from the Labs tab, complete questions to finish
Forum β Exclusive to BTL1 students for discussions and troubleshooting
Exam β Start when confident; course contains guidance and exam details
Store β Purchase extensions for course time or lab hours
Student Support β SBT Bot for quick help, or tickets for direct support
Lab Login Credentials
Access Information
Lab credentials are found in the lab clientβs Details section.
Default username: BTLO
Default password: None (unless otherwise specified) If credentials differ, check the Details section for the correct login.
Credits & Special Mentions
SBT Staff and Advisory Board
Created by Joshua Beaman, Founder and Lead Trainer. Supported by the Academic Advisory Board:
James Weston β Senior Security Analyst
Shaun Thomas β SOC Manager
Jake β Tactical Threat Analyst
Filip Vlasic β Senior Security Analyst
Derek Scheller Jr β Senior Security Engineer
Ismael Briones-Vilar β Senior Security Analyst
Gabrielle Hempel β Senior Security Analyst
Michael Jenks β Training Program Lead
Practical Assessment Development
Acknowledgment to contributors for practical exam creation:
Joao Rodrigues β Web Development
Bruno Moreira β Web Development
Joshua Beaman β Exam Scenario and Development
Trevor Adams β Infrastructure Operations and Lab Integration
Sabastian Hague β Exam Scenario and Development
Frequently Asked Questions
Training
Access duration: 4 months (124 days) from course start
Notes: Allowed for personal use; not to be shared
Expired access: No content or lab availability; personal notes remain
Extensions: 31 days (Β£100) or 62 days (Β£150); one allowed unless special approval granted
After expiry: Extension possible but Exam Access continues counting down
Labs: May take 3β10 minutes to load; errors require ticket submission
Lab hours: 100 included, average use ~10 hours; close labs when not in use
Exam
Deadline: Must pass before Exam Access expires (12 months from start)
Failure: 10-day cooldown before retake; avoid first attempt in final 10 days of access
RDP requirement: Not needed; connections work like training labs
Platform: Works on Mac and Linux
During exam: Follow NDA and submit within time limit
Collaboration: Not allowed; violations lead to revocation and bans
Grade concerns: Request Review option available, typically resolved in 5 business days
Feedback: High-level only for fairness
Post-Exam
Certificate & coin: Shipping in 3β4 months; track via BTL1 page
Public posts: Allowed at a high level; no exam specifics or course material
Badge/title on BTLO: Request via support ticket
Requests for answers: Report via ticket; sharing is a violation leading to revocation
Last updated