When you like something, where does that interest take you?
For “Beer Varakorn,” a Senior Cybersecurity Consultant at Bluebik, his passion for being a blue teamer or an expert in cybersecurity assessment and protection led him to the forefront on the leaderboard of the renowned Blue Team training platforms, CyberDefenders and Blue Team Labs Online. These platforms offer hands-on labs for developing digital forensic investigation skills, and to participate in these labs is also known as “playing in the lab.”
The term “forefront” is aptly used here, as Beer is literally at the front. He was ranked #1 in Thailand on both platforms, and at one point, he also achieved the #1 rank globally on CyberDefenders!
Furthermore, Beer is also the first Thai to be a “Certified CyberDefender” and is one of the few Thais to hold both Security Blue Team certifications: Blue Team Level 1 and Blue Team Level 2.
How did Beer do it? Let’s hear his story.
A Blue Teamer Inspired by Movies
Because he grew up enjoying movies about hackers, Beer dreamt of “kicking hackers off their feet and protecting systems because it seemed cool.” He studied network engineering and the internet before starting his career in a Security Operation Center (SOC), gradually advancing from an SOC Analyst to an SOC Specialist, and then to an SOC Team Lead.
After gaining considerable experience in SOC work, Beer began to feel that this field no longer presented a challenge. Coupled with his passion for cybersecurity, he started looking for ways to upskill, broaden his knowledge, and enhance his capabilities, paving his way for future growth as a Blue Teamer.
This search led Beer into the world of “playing in the lab.”
“Playing in the Lab” for Career Advancement
Recently, the Blue Team field has seen the emergence of new platforms for honing skills, with Blue Team Labs Online and CyberDefenders being the main platforms of interest for Blue Teamers.
On these platforms, those interested in Blue Team work can investigate digital cases in Hands-On Labs. The platforms present scenarios that one might encounter in real work situations, providing some data or evidence, such as a file from an organization that was attacked. The player’s role is to examine and discover when the attack happened, where the hacker accessed the system, and how to close that vulnerability.
These labs often feature a variety of challenges that allow players to practice analytical thinking and the use of different tools for investigation and truth-finding, such as SIEM, Autopsy, or FTK. Moreover, the platforms have a leaderboard that ranks participants who “play in the lab.”
It is worth mentioning here that Beer has been ranked #1 in Thailand on both platforms and even reached the top position of #1 in the world on CyberDefenders at one point!
Besides the numerous labs available, sometimes the platforms organize online events where all players can compete against each other. Beer has participated in these and found many benefits.
“At first, I only played labs related to SOC, which involved analyzing logs with SIEM programs because I was already familiar with them. But then the platform organized an online event on a topic I had never worked on but was interested in, so I decided to give it a try.
“The first event was about malware. I wanted to know why malware could hack into systems, why it’s more intelligent than humans, and how people create it. So, I signed up for the event just to see, and it turned out I liked it. I ranked 17th out of 30 teams, because I was new to the topic, but it was a starting point for me to do malware Analysis.
“The second time I participated in an online event, it was about forensics. It was the first time I used analytical tools such as Autopsy and FTK. I ranked towards the bottom because I was still not proficient with the tools, but I found it fun and really enjoyed it.”
Even though he was at the bottom, being open and trying new skills led Beer to shift his career path from SOC to digital forensics and incident response (DFIR) at Bluebik.
Started out as “playing in the lab,” but ended up as a career advancement!
“Playing in the Lab” for Certifications
Previously, the blue team field of work did have some certifications, but they often involved multiple-choice questions that assess one’s theoretical knowledge. Although these could be challenging and require significant preparation, Beer felt that such certifications didn’t accurately measure practical skills.
The concept of practical exams in certifications is a relatively new development in the last 3-4 years, led by pioneers in the field such as CyberDefenders and Security Blue Team, the owners of skill-developing platforms themselves. When Beer learned that these two were offering certifications, he set his goals on acquiring every certificate available.
The certification process involves enrolling in online courses and completing them before attempting the exams. At this stage, he must apply both the knowledge from the courses and the experience from “playing in the lab.” Despite Beer’s extensive practice through “playing in the lab,” he still found the exams challenging.
“It’s true that playing in the lab helps with principles and techniques, but the tools required in the exams might not be the same as those we used in the labs. Moreover, the exams are more like real work scenarios. In labs, they simulate situations and evidence that are quite isolated and unconnected, sometimes with just one computer. But for the exams, they simulate an entire network system with multiple servers and clients’ computers with external attacks, and we have to choose the right tools for each situation and analyze how everything is connected.
“The exams are like a new challenge that nobody has solved before. There’s no information on what they’re about, just a scenario set up by them, and us trying to find the answers. It’s pressuring and exciting because there’s a time limit. For example, the Certified CyberDefender gives you 48 hours, Blue Team Level 1 gives you 24 hours, and Blue Team Level 2 gives you 72 hours.
“You might think that’s a lot of time, but when you’re actually taking the exam, you have to divide your time between taking the exam and sleeping. Because on the first night, you’re so energized that you might not sleep at all, and then when you’re exhausted, you might oversleep and not finish the exam in time. So, time management is crucial.”
Despite the challenges, Beer successfully passed the exams, and as mentioned earlier, he became the first Thai to pass the Certified CyberDefender with flying colors and is one of the few Thais to hold both Blue Team Level 1 and Level 2 certifications. For Blue Team Level 2, he was also among the first 100 people in the world to pass.
These certifications not only validate Beer’s skills as a blue teamer but also symbolize his relentless effort and self-improvement.
Self-Improvement is in Bluebik’s DNA
Despite having cool credentials as described, Beer doesn’t stop there with his self-improvement. He is currently preparing to study for and take the Computer Hacking Forensic Investigator (C|HFI) certification to boost his forensics skills and be ready for any case. No matter what type of case comes his way, Beer is prepared to delve into the truth to help “kick hackers off their feet” and ensure the ultimate security for Bluebik’s clients’ systems.
And of course, now that Beer is part of Bluebik, the company supports the expenses 100% because we believe that constant skill development is crucial. We want everyone in Bluebik to unlock their true potential like a Ferrari with no brakes! Our scholarship isn’t limited in quantity; just meet the criteria, and it’s yours. Anyone interested can inquire more at Happy Helper or [email protected].
And for those interested in getting tested for certifications, whether from Security Blue Team or CyberDefenders, you can read Beer’s reviews (in Thai) at the links below. Enjoy defending!
- Review of the BTL1 Certification course and exam
- Review of the BTL2 Certification course and exam
- Review of the CCD Certification course and exam
