The HTB Defensive Operations Analyst Certificate Program is not currently available but is scheduled to go live around Q1 2025.
This Knowledge Base article provides detailed information about the upcoming HTB Defensive Operations Analyst Certificate Program.
Purpose
The Hack The Box certificate programs are designed to elevate participants' professional development by providing hands-on training and real-world simulations. These programs equip participants with the job-ready skills and practical experience needed to excel in the cybersecurity field. By validating technical proficiency, HTB certificates help participants stand out in the job market while contributing to the broader goal of ensuring a highly skilled and capable cybersecurity workforce.
Scope of the HTB Defensive Operations Analyst Certificate Program
The content covered includes:
SOC Processes & Methodologies
SIEM Operations (ELK/Splunk) & Tactical Analytics
Log Analysis
Threat Hunting
Active Directory Attack Analysis
Network Traffic Analysis (Incl. IDS/IPS)
Malware Analysis
DFIR Operations
Learning Objectives
Apply Elastic as a SIEM tool to analyze incidents and proficiently identify and respond to security breaches within compromised Windows network environments.
Integrate and synthesize evidence from multiple sources and pivot data effectively to uncover adversarial actions, demonstrating advanced analytical skills.
Apply Splunk as a SIEM tool to analyze incidents and proficiently identify and respond to security breaches within compromised Windows network environments.
Interpret data derived from Event Tracing for Windows (ETW) to accurately identify adversarial actions during security incidents.
Analyze logs and forensic data to identify and respond to security breaches within compromised Windows network environments, and accurately determine the root cause of incidents resulting from adversarial actions.
Perform endpoint digital forensics on Windows systems to accurately identify specific adversarial actions, focusing on practical application.
Perform memory forensics on Windows systems to effectively detect adversarial actions, applying forensic techniques to uncover hidden or latent threats.
Conduct memory forensics on Windows systems, utilizing YARA rules to detect adversarial actions and uncover hidden or latent threats by applying advanced forensic techniques.
Evaluate and document adversarial actions critically across different stages of the cyber kill chain, providing a detailed and structured analysis that reflects comprehensive understanding and interpretation of complex attack vectors.
Target Audience/Learners
Security Analysts
SOC Analysts
Incident Handlers/Responders
Forensics Analysts
Penetration Testers
IT Administrators
IT Security Personnel
Requirements to Earn the Certificate
To successfully earn the HTB Defensive Operations Analyst certificate, participants must:
Complete all coursework (including completing all module content and completing all learning activities such as Sherlocks and challenges).
Pass the final exam.
Certificate Term
The HTB Defensive Operations Analyst certificate is valid for three (3) years. There are no
maintenance requirements during this period. However, if you wish to continue using the HTB Defensive Operations Analyst designation beyond this term, you will need to requalify by meeting the program's current training and testing requirements, which will issue you a new active certificate for another 3-year period.
Technical Requirements
To participate in the certificate program, you must have:
A stable internet connection.
VPN software to access the required resources.
Participants will be expected to engage in a wide range of cybersecurity tasks, including security analysis, incident handling, and other DFIR operations. These activities will be conducted across real-world, heterogeneous networks hosted on HTB’s infrastructure, which you can access via VPN through Pwnbox or your own local virtual machine (VM). When you begin the examination process, you will receive a letter of engagement, clearly outlining the engagement details, requirements, objectives, and scope.
Privacy
The Hack The Box privacy policy applies. https://academy.hackthebox.com/privacy
Continuing Professional Education
The HTB Defensive Operations Analyst Certificate program, in full, is worth 131 CPEs for
individuals certified by ISC(2).
Certificate versus Certification
The HTB Defensive Operations Analyst program is a certificate program. A certificate program is a training program that concludes with a test to verify that participants have achieved the learning objectives. There are no ongoing requirements to maintain the program (e.g., compliance with a code of conduct or participation in continuing professional education). Instead, the HTB Defensive Operations Analyst certificate is granted for a period of three years. At that point, if you wish to maintain an active certificate, you will need to again meet the program’s training and testing requirements. We will send you a reminder and more details in advance of your certificate’s expiration.
When you earn the certificate, you will be able to use the following designation and acronym: HTB Defensive Operations Analyst or HTB DOA.
It is not appropriate to call yourself certified, certificated, licensed, registered, or accredited.
Instructional Personnel Qualifications
Hack The Box (HTB) is committed to delivering high-quality coursework. Our curriculum
developers are seasoned professionals with extensive expertise in diverse areas of
cybersecurity, including offensive and defensive security. Their practical, hands-on experience ensures that the learning materials are not only technically sound but also highly relevant to the evolving cybersecurity landscape. Each developer holds a combination of top-tier industry certifications, years of practical field experience, and strong academic backgrounds.
The curriculum development process is overseen by a Program Director with over eight years of experience in instructional design. The Program Director has contributed to prominent cybersecurity frameworks and regulations, such as TIBER-EU (developed by the European Central Bank) and iCAST (by the Hong Kong Monetary Authority). As an informal expert at The European Union Agency for Cybersecurity (ENISA), the Program Director ensures that HTB’s programs adhere to global best practices and align with the latest regulatory standards, further strengthening the credibility and relevance of our coursework.
In addition, we have engaged the technical lead on the ASTM E2659 standard, which is the basis of the ANAB certificate program accreditation program, to guide our programs’ development and to ensure the certificate program industry standards are followed.
Fees, Cancellations and Refunds
The HTB Defensive Operations Analyst Certificate Program provides comprehensive training materials, including Modules, Sherlocks, and Challenges, alongside an exam voucher. Enrollment starts at 4,558 USD per individual.
The refund policy outlined in our User Agreement and Refund Policy documents below applies.
https://resources.hackthebox.com/hubfs/Legal/UA.pdf (section 2.4) https://resources.hackthebox.com/hubfs/Legal/Refund_Policy.pdf
Accommodations
If you require an accommodation for any medical or learning disability, contact the program director using the contact information listed below.
Appeals and Complaints
If you wish to file an appeal about any decision made concerning your certificate program status or a complaint about any aspect of the program, contact the program director using the contact information listed below.
The full appeals and complaints policies and procedures can be found at the following link: