CyberSec First Responder (Exam CFR-210) certification

My Review for CyberSec First Responder (Exam CFR-210)

I am happy to share that I have passed the CyberSec First Responder (Exam CFR-210) certification!

The CyberSec First Responder (Exam CFR-210) certification is designed for security professionals who are interested in pursuing a career in the defensive aspect of security. For example, to work on tasks such as to perform an analysis of threats, to design a secure network environment, to defend a network or to investigate a security incident.

CyberSec First Responder (Exam CFR-210) certification
Official Badge for CyberSec First Responder (Exam CFR-210) certification

Check out the official website of the CyberSec First Responder (Exam CFR-210) certification to read more about their official introduction.

My Background before taking the exams

My current job as a penetration tester is focused on the offensive aspect of security, which is also the first area where I started my career in the information security industry. Now, I still enjoy the offensive side of security very much.

As a penetration tester, it is almost mandatory to have the Offensive Security Certified Professional (OSCP) certification, so if you like the offensive side of security, go for their Penetration Testing with Kali (PWK) course and “try harder”, the examination is hands-on and the number of things you get to learn from it is enormous. If you’re interested, check out My OSCP / PWK Course Review where I share my OSCP journey and also some tips to pass the exams and also to get started more effectively.

I have been working in the IT industry for over 5 years now, of which over 2 years were in the information security industry. I hold the following security certifications before I passed my CyberSec First Responder (Exam CFR-210) certification: OSCP, CREST CRT, CPSA, CEH.

For Learning and Gaining Exposure to Different Aspect of Security

What about the other aspects of security besides penetration testing? During my course of study at the National University of Singapore (NUS) as a candidate for Master of Computing (Infocomm Security), I was fortunate to meet many awesome friends who also work in the information security industry. They are all specialised and experienced in their own domain in the field of information security. Hence, it was very fun and interesting to chat with them and discuss the kind of things that they encountered at work. It makes me curious and keen to learn more. We took up many classes together and along the way, we were frequently impressed by the vast diversity of knowledge in the domain of information security.

Tip of an iceberg
We only know the tip of an iceberg, there are so many more things to learn.

All these encounters made me felt that what we currently know is only the tip of an iceberg, and every day is an opportunity to learn something new. It makes me curious about many things and wants to learn more about each of them to expand my horizons in the information security industry.

Why CFR?

When I first came to know about the CFR certification, I find it very interesting! Here are three reasons at the back of my mind now: 

Reason #1: Because I felt that the certification will become well recognised soon.

Although not many people in Singapore know about this certification, I believe it will quickly grow in its popularity in the next few years. As of 2017, it was already well recognised in the United States (US):

Logical Operations is pleased to announce that the United States Department of Defense (DoD) has approved the CyberSec First Responder™ (CFR-210) cyber security certification program as DoD Directive 8570 compliant. CFR is now an approved Baseline Certification for the CSSP Analyst and CSSP Incident Responder categories, and verifies the skills necessary to perform these job functions.

I also see how Logical Operations and OUTCERT are promoting this certification. I always feel that a certification is only useful if its standard is being maintained. It have to be of good quality, or it will not be worth having it.

The message that I have gotten from the creators of this certification is that they are putting in a lot of effort to promote it and to improve the quality of their material.

CyberSec First Responder (Exam CFR-210) certification
CyberSec First Responder (Exam CFR-210) certification

Reason #2: Because I want to learn more about cyber defense

Many people that I have spoken to, told me that learning cyber defense skills and techniques is useless to me and my career as a penetration tester. I do not agree. It is always good to learn about different stuff, gain different skills, especially when both areas are closely knitted.

A good cyber defender should possess the knowledge to identify attacks. What if you’re an attacker yourself and you know exactly what the attacker is trying to do while you’re defending the network? And vice versa.

All these would become even more interesting if you look at it from the perspective of Red Team versus Blue Team, where both teams are constantly learning new things from each other and improve their game.

Furthermore, I am interested in it, so why not?

All these encounters made me felt that what we currently know is only the tip of an iceberg, and every day is an opportunity to learn something new. It makes me curious about many things and wants to learn more about each of them to expand my horizons in the information security industry.

Reason #3: Because I can

Yes, just because I love to learn. This is my learning journey, so I get to learn anything I want and share about it. I personally enjoyed the learning because there are quite a few things which I didn’t know previously, or I know about it but do not know why or how things are like this.

I felt that I learn a lot of things when I go in-depth and explore various things that I don’t previously know. The study materials of CFR consist of many different domains across the defensive aspect of security.

Tested Domains for the CFR-210 Exam 

Name of Domain Weightage in the Exams
1.0 Threat Landscape 25%
2.0 Passive Data-Driven Analysis 27%
3.0 Active Asset and Network Analysis 28%
4.0 Incident Response Lifecycle 20%
  100%

If you’re interested, check out the exam blueprint for the list of the breakdown in each domain.

CFR-210 Exam Format

The certification examination is 2 hours (120 minutes) and there are 100 questions to be answered.

The 100 questions consist of multiple choice questions and questions that you need to choose multiple responses.

In Singapore, you can take the examination at one of the PearsonVUE exam centers across the island.

How to Study for CFR-210 Exam?

After you have signed up for the course, you can download a PDF e-book that consists of over 300 pages.

The content of the book is exactly the things outlined in the exam blueprint. To be honest, I find that the content of the book is detailed and in-depth for good learning.

I tend to study more than what was covered in the book by searching for examples online and “digress” for a few hours then come back to the book. However, to pass the exam, you just need to study what is covered in the book.

The book will sometimes expect you to run some commands on your machine, so follow along if you have not done them before.

That’s right! Self-studying should be more than enough to pass the CFR-210 exam. 

Study hard for your exam!
Study hard for your exam!

Conclusion – is it worth it?

Honestly, I felt that the CyberSec First Responder (Exam CFR-210) certification is worth it, given that the study material is good quality and in-depth. It will prove to be useful for folks who want to pursue a career on the defensive side of information security.

At least for me, I felt that I learnt a bunch of stuff while taking it!

If you have also taken the CyberSec First Responder (Exam CFR-210) certification and have something more to share, please leave a comment below! 

If you have not taken the exam but intending to take it sometime soon, good luck and have fun! 


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.