HTB CDSA

As someone who primarily walks the path of the Red Team, I’ve always been immersed in penetration testing, adversarial simulation, and offensive operations. But lately, I’ve realized something crucial — truly mastering offensive security requires seeing things from the defender’s perspective too. That’s why I decided to take on the Hack The Box Certified Defensive Security Analyst (CDSA) certification.

🛡️ What is HTB CDSA?

The HTB Certified Defensive Security Analyst (CDSA) is a highly hands-on certification offered by (Hack The Box ). It focuses on security analysis, SOC operations, and incident handling at an intermediate level. Unlike many traditional certifications that focus on theory, CDSA emphasizes practical, real-world skills — the kind you’ll actually need working in or alongside a SOC.

By earning this cert, one proves they have a strong technical understanding of blue team practices and can navigate the defensive side of cybersecurity with confidence.

📚 Knowledge Domains Covered

HTB CDSA

The CDSA certification evaluates knowledge and skills across the following domains — many of which are highly complementary to offensive operations:

  • SOC Processes & Methodologies
  • SIEM Operations (ELK/Splunk)
  • Tactical Analytics
  • Log Analysis
  • Threat Hunting
  • Active Directory Attack Analysis
  • Network Traffic Analysis (Incl. IDS/IPS)
  • Malware Analysis
  • DFIR Operations

This depth and range make it a valuable addition to my skillset, especially in understanding how real-world defenses are structured and how attacks are detected and responded to.

🔄 Why I Decided to Pursue a Blue Team Certification

Although my primary focus has always been red teaming and penetration testing, I’ve come to understand that to be an effective offensive security professional, I must also understand how defenders think and operate.

Learning how security analysts detect, respond to, and analyze attacks provides invaluable insight that can level up offensive tradecraft. Knowing what alerts you trigger, how logs are analyzed, and how incidents are handled gives you the upper hand in crafting stealthier, more effective attacks — and also helps when communicating findings with SOC teams during engagements.

This path isn’t just for blue teamers — it’s also a powerful resource for anyone in offensive security.

🚧 Progress So Far

HTB CDSA

At the time of writing, the SOC Analyst role path on HTB is divided into 15 modules. So far, I’ve completed the first 3 modules, with 12 more to go. I’m learning a lot of new material, especially about SOC operations, which is already making me think differently about logs and telemetry.

🗓️ Estimated completion time per HackTheBox Academy: 23 days

Here’s a look at the module list:

  1. Incident Handling Process
  2. Security Monitoring & SIEM Fundamentals
  3. Windows Event Logs & Finding Evil
  4. Introduction to Threat Hunting & Hunting With Elastic
  5. Understanding Log Sources & Investigating with Splunk
  6. Windows Attacks & Defense
  7. Intro to Network Traffic Analysis
  8. Intermediate Network Traffic Analysis
  9. Working with IDS/IPS
  10. Introduction to Malware Analysis
  11. JavaScript Deobfuscation
  12. YARA & Sigma for SOC Analysts
  13. Introduction to Digital Forensics
  14. Detecting Windows Attacks with Splunk
  15. Security Incident Reporting

Each of these modules builds on the last, and they combine theory with practical labs and real-world scenarios. It’s been an engaging experience so far.

🎯 My Plan Moving Forward

The goal is clear — complete the full role path and then take on the CDSA exam.

The exam itself spans 7 days, which means preparation is key — not just technically, but mentally too. HTB is known for challenging, real-world exams that demand focus, patience, and persistence.

Once I complete the exam, I’ll be sharing a follow-up blog post detailing:

  • Lessons learned
  • Skills gained
  • Full exam experience

So stay tuned for that!

Thanks for reading — and if you’re also considering improving your defensive skills (whether you’re red team or blue team), the CDSA path might be worth exploring. Understanding both sides of the cyber battlefield is what truly builds a well-rounded operator.