Certified CyberDefender (CCD) — Certification Review
Introduction
I was delighted to recently pass the Certified CyberDefender (CCD) exam and found the overall experience to be very positive. Therefore, I decided to write this short article to share my thoughts and experience with the CCD training course and practical exam.
If you would like to learn more, then you can visit the CyberDefenders website using the link below.
CCD Course Overview
I first came across the CCD certification through completing labs on their CyberRange, a place where students or professionals could attempt blue team focused labs and gain practical cyber defense skills. I have written multiple articles that walkthrough some of these labs and had really appreciated the care and attention put into creating these blue team exercises. Therefore, when I learnt that the same creators of these labs also had a certification available, I decided to take the plunge and purchase the course.
According to the CyberDefenders website:
CCD is a vendor-neutral, hands-on cybersecurity training and certification. It is designed to prepare the next generation of SOC analysts, security blue teams, threat hunters, and DFIR professionals. This training introduces you to real-world threats defenders experience in their networks and the tools used to defend against them. You will learn defense strategies, threat-hunting techniques, adversary detection, and how to investigate security intrusions and perform forensic analysis.
The CCD certification caught my attention because of its emphasis on hands-on, practical training and the inclusion of a practical exam for certification. I think this aspect adds significant value to the certification process, as it instills confidence in the knowledge gained and the ability to apply it effectively in real-world scenarios.
CCD Training
At the time of writing this article, the CCD Certification Syllabus consists of 9 modules. I purchased the course before the malware analysis module had been included and since I had passed the PJMR and malware analysis is not tested in the exam, I elected to not purchase the module as an extra, so therefore I will only speak to the other modules in this article.
Each module is compromised of written lessons, video lessons and quizzes. In addition, each module was accompanied with a set of practical labs that could be completed by answering questions. Students had around 4 months of access to the course. There was a lot of material covered in each module and good note taking during the training was crucial for the practical exam. I found the DFIR modules to be especially challenging and contained lots of new knowledge which I really enjoyed.
The practical labs were also quite challenging at times. Unlike some courses, where the labs could be simple checkbox exercises, the labs in CCD felt more like real challenges and forced you to think critically about what an attacker might be trying to do and what you could try to do in order to detect them. In particular, I found the Disk Forensics and Memory Forensics labs quite challenging and learnt a lot by completing them.
I could also see that the team behind this certification were constantly making improvements and updates to the training. While working through the training material, I could see that new video lessons were constantly being added to support the existing written material and a new module around malware analysis was now also being worked on. The speed and availability of the labs were also being improved, with the engineering team successfully deploying AWS regional servers across 4 more continents. These are quite positive observations and highlights how the creators are constantly working on the quality of the training and providing a good experience for student.
CCD Practical Exam Experience
The CCD exam is fully practical and lasts 48 hours. It evaluates your skills across threat hunting, perimeter defense, disk forensics, memory forensics, and network forensics. You have two attempts when you purchase the course, the first of which must be used before your 4 months of access expires.
I started my exam by going to the exam portal and launching the environment for my first attempt. It took a couple of minutes for the environment to be created and I did not experience any performance issues throughout the entire exam. Each section of the exam provided a scenario and questions that needed to be answered.
I spent a full weekend to take the exam, taking breaks for meals, exercise and sleep. I found the 48 hours was sufficient time to complete the exam. A private discord was also created for you and the CD team in case there were any issues. Once you complete and pass the certification, you receive a CCD physical coin (Gold ≥ 85% or Silver), a electronic certificate and a digital Credly badge.
CCD Exam Advice
For anyone considering the CCD exam and looking for advice, I would provide the following recommendations.
- Read the FAQ before starting the exam! It contains important advice and details about the exam, including how to answer questions, domains tested, what to practice, passing score, etc.
- Complete the full CCD training course and take notes of any commands or tools that could be useful during the practical exam. Good notes will really help to save time during the exam.
- Complete all CCD labs. According to the FAQ, if all labs our completed, a bonus of 5% is applied to your initial score if it does not meet the passing threshold (see FAQ).
- Read each exam investigation scenario and questions carefully. Make sure you understand what is being asked and provide a clear answer.
- Don’t over think! Keep your hypothesis simple and develop a methodology to follow so you do not not overlook any areas in the exam. If you get stuck on a question, leave it and move on. You can always come back to it later.
- Manage your time! The 48 hours for the exam is sufficient but make sure to leave enough time for each section and take into account time for meals, sleep, family, etc.
Final Thoughts
I really enjoyed the CCD certification and was delighted to pass the practical exam. I found the course material, particularly the Forensics material to be really impressive and I would recommend the CCD to anyone looking for a solid blue team certification. Thank you for reading till the end and best of luck in your exams! 😃
