My thoughts on the Certified Defensive Security Analyst exam
Why?
I wanted to provide a no fluff review of the Hack the Box CDSA exam, what I did to prepare for the exam, how I took the exam, and just my overall thoughts about Hack the Box's CDSA.
I'll start by saying this exam is perfect if you are someone that likes to learn by being hands-on. Personally I learn better by doing and this exam is exactly that - you start with having to complete the SOC Analyst path which provides you with everything you need. As you navigate through the path, you can take notes (100% take notes if you dont have any prior cybersecurity experience) but that arent entirely necessary as you can also refer back to the modules during the exam if you are stuck.
Exam preparation
After completing the modules I would suggest purchasing your voucher and jumping straight in - because in all honesty everything you need to complete the exam is in the modules. But if you are like me and want to be over prepared (and forget everything you learned in the modules cause you didnt take any notes 🥲 ) you can do a few Sherlocks to further hone your skills. The Sherlocks I completed were:
- Brutus
- Origins
- Reaper
- Noxious
- Compromised
- Takedown
- RogueOne
- Meerkat
Getting into the exam
Without giving to much away the exam is very closely tied to the modules. But if there is one piece of advice I would give you its think like an attacker - because like any real world incident, a trail of breadcrumbs is what you are following. Really read the incident, maybe even do some research online before diving in. A book I read right before the exam was Adversarial Tradecraft in Cybersecurity: Offense versus defense in real-time computer conflict by Dan Borges, who presents some amazing examples on protecing your network from real hackers. Plus to be honest looking at the cybersecurity from the lens of an attacker and a defender can be a real benefit!
The final gate
My takeaways from the exam itself were great, not only did I learn some new techniques from the modules that I can use in my day-to-day work, it was just nice to take an exam where I didnt have to answer 50 questions. Where the studying didnt feel like I was cramming random knowledge in just to memorize what a specific tool does, or what framework to use where - its just you and the incidents, goodluck. With all that said, dont over think it and just remember to always keep digging cause the answer might just be in the next log you look at.
No AI used in the making of this post that I know of atleast 😀