7 min read

Launching HTB CDSA: Certified Defensive Security Analyst by Hack The Box

Become a market-ready professional with a new job-role path and certification covering multiple defensive security domains.

b3rt0ll0 Dimitris, Sep 28,

We are thrilled to announce a new milestone for the community and introduce our first Blue Team certification: HTB Certified Defensive Security Analyst (HTB CDSA)

With this exciting release, Hack The Box is officially expanding to a wider audience, becoming an all-in-one solution for any security enthusiast or professional. HTB CDSA is here to set a new standard on how individuals and organizations approach threats with the goal of making humans the strongest link in cybersecurity. 

"Traditional upskilling methods are no longer working. Defensive teams, already grappling with the talent shortage for day-to-day tasks, struggle to find time to strengthen their skills and expand their knowledge. By the time traditional training is complete, new vulnerabilities and technologies have emerged. Traditional training feels like a checkbox exercise rather than an exciting opportunity to enhance a career with relevant skills. Our paths and certifications align with the latest real-world threats, offering gamified, engaging content."

Haris Pylarinos (aka ch4p), Founder & CEO @ Hack The Box

We interviewed 400 cybersecurity professionals to discover what skills are required to be a modern SOC analyst and the future trends in the industry.

More about HTB CDSA.

The current threat landscape and the level of sophistication of modern attacks dictated the creation of a new-generation security analysis certification targeted toward aspiring SOC professionals via a highly practical curriculum that provides actionable knowledge.

The HTB Certified Defensive Security Analyst (aka HTB CDSA) is a highly hands-on certification that assesses candidates on multiple domains, techniques, and concepts of defensive security. HTB Certified Defensive Security Analyst (HTB CDSA) certification holders will possess technical competency in the security analysis, SOC operations, and incident handling domains at an intermediate level. 

HTB aims to create SOC professionals who are not just skilled but are also able to assess the risk at which a defended infrastructure is exposed and compose a commercial-grade as well as actionable security incident report.

Students will be able to access the Certified Defensive Security Analyst exam upon completing the SOC Analyst job-role path on HTB Academy. While studying through the path, students will have the opportunity to investigate simulated security incidents, analyze attacks, and deliver tasks that are essential in the current job market landscape.

SOC Processes & Methodologies

  • Incident Handling Process

  • Security Incident Reporting

SIEM Operations (ELK/Splunk) & Tactical Analytics

  • Security Monitoring & SIEM Fundamentals

  • Understanding Log Sources & Investigating with Splunk

  • Detecting Windows Attacks with Splunk

Log Analysis

  • Windows Event Logs & Finding Evil

Threat Hunting

  • Introduction to Threat Hunting & Hunting With Elastic

Active Directory Attack Analysis

  • Windows Attacks & Defense

Network Traffic Analysis

  • Intro to Network Traffic Analysis

  • Intermediate Network Traffic Analysis

  • Working with IDS/IPS

Malware Analysis

  • Introduction to Malware Analysis

  • JavaScript Deobfuscation

DFIR Operations

  • YARA & Sigma for SOC Analysts

  • Introduction to Digital Forensics

The SOC Analyst path is designed to take you from a beginner level all the way to an intermediate level as all-around security analyst via a guided, content-rich, and highly practical curriculum.

Become a certified security analyst

The Exam.

The HTB Certified Defensive Security Analyst (HTB CDSA) is a certification for individuals who want to obtain technical competency in the security analysis, SOC operations, and incident handling domains.

The following is a list of prerequisites for a successful outcome:

  • Interpreting a letter of engagement.

  • Having intermediate knowledge of web and infrastructure penetration testing concepts.

  • Knowledge of web applications, operating systems, and networking basics.

  • Comfortably navigating a plethora of data.

  • Understanding the available data sources and their usage.

  • Conducting manual and automated security analysis, SOC operations, and incident handling activities.

  • Professionally communicating and reporting security incidents.

How can you take the exam?

1. Buy a voucher

After an Academy student has successfully completed the job-role path, they will be able to become a candidate for the certification. Keep in mind that each exam voucher includes two (2) exam attempts.

2. Enter the exam and start the analysis

Once you have completed the SOC Analyst job-role path and you have also obtained an exam voucher, you can start the examination process by clicking "Exams" then "EXAM INFORMATION" and finally "ENTER EXAM."

The lab and report submission deadlines will always be visible on the exam lab page. Reminder emails will be sent to ensure that you deliver everything on time and that your voucher does not expire (1 year).

Upon clicking the "ENTER EXAM" button and accepting the terms and conditions of the exam, a letter of engagement will be provided that will clearly state all engagement details, requirements, and objectives, as well as the scope. A report template will also be provided to you. The exam lab will be accessible for seven (7) days without restrictions.

To ensure that you have fully achieved the objectives of the exam, you will also be asked to submit several flags on the exam lab’s page.

Each candidate will be provided with a dedicated instance of the exam lab. This means that you can perform your security analysis without interruptions caused by others and reset the lab at any time.

3. Upload your report

You must professionally document any security incident and the related evidence on the provided template report. You will have seven (7) days to upload your report on the exam lab page from the time you enter the exam.

4. Obtain your results

An HTB Academy instructor will first check if you gathered the minimum amount of points and then evaluate your submitted report meticulously. Should the report meet specific quality requirements, you will be awarded the HTB Certified Defensive Security Analyst (HTB CDSA) certification. The results will be presented to you within 20 business days.

By the time you successfully pass the exam, you can claim the digital certificate and download it. If you fail the first attempt, an HTB Academy instructor will identify areas where you are lacking and provide constructive feedback for improvement. The instructor’s feedback will be available on the exam page, "EXAM HISTORY" tab.


You can submit the ID of an HTB Certified Defensive Security Analyst (HTB CDSA) on the Certificate Validation page to verify its validity. In addition, all successfully certified students will be able to claim the HTB CDSA digital badge on Credly, and it will arrive directly in your email. Accept it and share it on your social media so that third parties can verify your obtained skills!

Optimize your results with the fundamentals.

Complete the SOC Analyst Prerequisites before jumping to more complex security concepts!

Become a market-ready security professional.

In the era of more than enough certificates circling the internet and more yet to come, it is more than reasonable to choose the one that will provide you with a top-quality experience, prepare you for real-world scenarios and make you stand out. 

Here’s what makes HTB CDSA different from the typical certifications currently in the market:

  1. Continuous evaluation - To be eligible to start the examination process, one should have completed all modules of the SOC Analyst job-role path 100% first. Evaluation takes place throughout the journey, not only during the examination!

  2. Hands-on & real-world exam environment - Candidates will be required to perform actual security analysis, SOC operations, and incident handling activities against a real-world and heterogeneous network. HTB certifications are not based on and do not include multiple-choice questions!

  3. Outside-the-box thinking & vulnerability chaining - candidates will be required to correlate different data and evidence to achieve the exam's objectives. Creativity and in-depth knowledge will be necessary for a successful outcome like in real-world engagements.

  4. Commercial-grade report requirement - Successfully completing all security analysis activities is not enough to obtain the HTB CDSA certification. Candidates will also be required to compose a commercial-grade report as part of their evaluation.

  5. Seamless experience powered by Pwnbox – The entire exam and certification process can be conducted through the candidates’ browser from start to finish.

Why CDSA is the best SOC analyst exam



Defensive security for enterprises.

The average cost of an attack is about $2.5M. At the same time, companies find it challenging to source and retain talented security professionals. This shortage leads to increased workloads and burnout among existing team members.

HTB CDSA provides threat-informed and market-connected courses, with an exam designed to confirm the skills acquired through a practical on-the-job assessment and continuous evaluation. Get in touch with our team to know more.

Hack The Blog

The latest news and updates, direct from Hack The Box