uddannelse,

Certified Security Operations Manager (CSOM) Review

Follow May 16, 2024 · 4 mins read
Certified Security Operations Manager (CSOM) Review
Share this

Link: (https://www.securityblue.team/certified-security-operations-manager/)

Pricing: £1999

Pre-reqs: Two years relevant experience

Summary

Certified Security Operations Manager, CSOM, is SecurityBlueTeam’s latest certification. They are a fairly new security education company, who got renowned for their technical certifications BTL1 and BTL2. The certification was released in January 2024.

CSOM is their first take on a certification, where the focus is on management and development of operational cyber-capacities, and not in-depth technical skills. Unlike many other certifications, the CSOM requires two years of relevant experience, before you can get certified.

The certification isn’t hard, but I would recommend familiarizing yourself with blue team TTP’s before starting with CSOM.

Content

  • Modern Security Operations
    • Business Objectives, Legal Enablers and Considerations.
    • Security Operations Teams
  • Building a Security Operations Team
    • Threat Modelling
    • Building Your Team
    • SIEM & Detection Engineering
    • Case Management
    • Other Tools & Administration
    • Process and Documentation
  • Capability Development
    • Incident Response
    • Threat Intelligence
    • Vulnerability Management
    • Digital Forensics
    • Malware Analysis
    • Threat Hunting
  • Metrics, Maturity and Measuring Success
    • Maturity Models
    • Operationalizing MITRE ATT&CK
    • Cyber Deception
    • Security Orchestration, Automation, and Response
    • Reporting and Metrics
    • Security Research & Presentation
    • Retaining Talent

Even though the certification doesn’t focus in-depth on TTP’s, it was clear throughout the course that SecurityBlueTeam has a lot of knowledge when it comes to the technical aspects of security operations. There were labs along the way covering the different topics, and they introduced new ways of utilizing common tooling used in the industry, some examples include:

  • The Hive
  • Wazuh
  • MISP
  • MITRE
  • SOC-CMM
  • 4CERT

The course doesn’t cover the basics of the above mentioned tools and expects that you have already familiarized yourself with them, throughout your previous experience. This worked really well, since it allowed the focus to be on the concepts unique to the CSOM certification.

My personal highlights in the material were the chapters on measuring the maturity of operational capacities, using frameworks like SOC-CMM and 4CERT. I also liked the material covering establishment of a knowledge-base, and necessary operational documentation. The chapter on retaining and acquiring talent is well written and couldn’t be more relevant in today’s security environment.

If you are considering taking this certification, but don’t already have a basic technical skill set, I would recommend starting with a technical entry-level certification, for example SecurityBlueTeam’s BTL1. That way you don’t have to spend time learning the tools, in addition to the CSOM material; This will also help you in the exams.

Exams

The exams to CSOM is a new format, compared to BTL1 and BTL2. It covers a theory-element, which is a case study of a fictitious company, and a practical element which is reminiscent of their other CTF style examinations.

I liked the theory element, and I imagine this explains the price point. Manually having to audit exam submissions isn’t something SecurityBlueTeam is accustomed to. This was partially felt in the questions, which could have been scoped a little better; But it was also felt in the delays. The certification was released in January, but the theory exam was made available in March.

The difficulty wasn’t high, and I expect that many will complete their exams in the first try; especially considering the two-year experience required to get certified.

Conclusion

I would say the material could have been a bit more in-depth, and covered more facets of the management of operational capacities. It didn’t take long to move through the topics, and with a price of £1999, I honestly expected a bit more than what I got. I really liked the material, but I just wish there was more of it.

The labs were nice, but sometimes it felt like I was just in a re-used lab from one of their technical certifications. I would also have liked some more casework, which could have showcased the new concepts which isn’t covered in other certifications.

The CSOM is a great certification for blue teamers, who are starting a career in a managerial position, and there aren’t many alternatives within this price range.

I really liked the content and have already put the material to practical use. Overall I was satisfied with the certification, just as I was with the other SecurityBlueTeam certifications. I will definitely keep my eye out for their next steps; Fingers crossed for a CSOM2!!

Written by