What is HTB Academy?

HTB Academy is the educational branch of Hack The Box, offering structured cybersecurity courses. Unlike the traditional HTB labs which focus on hacking boxes and solving challenges, the Academy provides modules and entire guided learning paths, covering everything in the cyber security field you can think of – such as penetration testing, red teaming, blue teaming, and malware analysis. They are constantly adding new modules and learning paths so keep an eye on their blog – https://www.hackthebox.com/blog

You have a choice of purchasing modules within job roles to own forever with “cubes” or purchase a subscription which will give you access to the modules required and provide you with one exam voucher. Whatever floats your boat, I’m not a sales representative. I personally picked HTB Academy over other platforms because of already established trust, glowing reviews I’ve seen on Reddit, and it has a great price point that doesn’t break the bank.

In order to supercharge my security analyst skillset, I pursued two key certifications on the platform: Certified Penetration Testing Specialist (CPTS) and Certified Defensive Security Analyst (CDSA). Why the Penetration Testing certification too you ask? I believed that these certifications would equip me with both the sword (offensive tactics) and the shield (defensive strategies) needed to become a more well-rounded and effective SOC analyst.

The cert badges even resemble a sword and shield!

Certified Penetration Testing Specialist (CPTS)

CPTS is designed for individuals looking to prove their penetration testing skills, covering the full lifecycle of an attack—from reconnaissance to post-exploitation and professional reporting:

• Reconnaissance & Enumeration: Network scanning, OSINT, and footprinting
• Exploitation & Lateral Movement: Attacking vulnerabilities, privilege escalation
• Post-Exploitation: Maintaining persistence
• Reporting & Documentation: Writing professional pentest reports

The CPTS has been described as a more cost effective OSCP, with many reporting that the CPTS certification is actually more difficult, and it covers more content than the OSCP. It manages to do this while also being far cheaper.

To be eligible to take the CPTS exam, you must first fully complete the Penetration Tester job role path. A job role path consists of a preset list of academy modules. Once all modules in the job role path are completed, the exam becomes available; and to pass it, the candidate must perform a hands-on penetration test spanning across 10 days, exploiting numerous vulnerabilities within a simulated Active Directory environment, and submit a comprehensive report detailing findings and remediation strategies. This mirrors real-world penetration testing engagements, ensuring all learned practical skills are tested. Along the way, you will uncover flag.txt files that you will need to record into the exam dashboard. You must recover 12 of the 14 flags to pass the exam.

Just from monitoring the official Discord server and subreddit, many candidates seem to slip up at the reporting part of the exam despite acquiring the passing number of flags – the report must read like a professional penetration report. If you don’t have this, you will fail the exam. Thankfully, you have 2 attempts at the exam with each exam voucher, so if you run out of time on completing the report or haven’t managed to retrieve the passing number of flags, don’t sweat it and try again another day. Just remember, everything needed to pass the exam is within the job path.

I passed on my first attempt, submitting a 106 page report that included all screenshots and appendices. While I spent more time than I’d like on the initial foothold, once I broke through, the rest of the exam went smoothly, and I secured a passing score. Unfortunately, I can’t share specific details about the exam itself for obvious reasons. They even give constructive feedback, proving they actually read your report:

Why CPTS Matters for SOC Analysts

• Enhances understanding of attacker techniques, enabling better detection and response.
• Provides hands-on experience with exploitation, sharpening skills to identify adversary tactics.
• Validates the ability to think critically and creatively under pressure in real-world scenarios.
• Improves proficiency in reporting and documentation, key skills for incident handling and communication.

Certified Defensive Security Analyst (CDSA)

CDSA is designed to train security professionals in threat detection, SIEM usage, incident response, and forensic analysis—all crucial SOC analyst skills.

• SIEM Operations: Using Splunk and ELK for log analysis
• Threat Hunting: Identifying and mitigating threats proactively
• Network Traffic Analysis: Detecting anomalies with Wireshark
• Malware Analysis & DFIR: Investigating and responding to security incidents

The most comparisons I’ve seen of this certification is to the Blue Team Level 1 (BTL1) certification, which has been described as being inferior to CDSA in terms of value for money:

To be eligible to take the CDSA exam, you must first fully complete the HTB Academy SOC Analyst job role path. Once completed, candidates can take the exam, which requires them to investigate and report on two simulated security incidents, identifying attacks and adversary actions from start to finish. A professional incident report must be written covering both incidents, detailing findings, attack timelines, and Incident Response recommendations. Candidates have 7 days to complete the exam. Again I’ll reiterate, the exam report is just as (if not more) important than finding the flags. For reference, my CDSA report was 47 pages long, including all screenshots and findings.

Why CDSA Matters for SOC Analysts

• Strengthens threat detection and investigation skills across diverse attacker TTPs.
• Enhances the ability to correlate attack patterns with real-world logs.
• Builds expertise in log analysis and security monitoring tools, such as Splunk and Elastic Stack.
• Focuses on creating security reports, empowering informed decision-making and response.

Conclusion

In my opinion, HTB Academy’s CPTS and CDSA certifications serve as the sword and shield for modern SOC analysts and security professionals. The CPTS arms professionals with offensive knowledge to understand attackers tactics, while the CDSA reinforces defensive skills to detect and mitigate threats effectively. Together, they create a well-rounded, highly skilled SOC analyst ready to excel in any modern SOC.

While they may not be as widely recognized as SANS or OffSec certifications, HTB Academy’s focus on practical exercises and real world exams makes them a valuable investment. Compared to traditional certifications that can cost thousands, HTB Academy offers a structured, job-role-based learning at a fraction of the price, making it an ideal choice for those looking to upskill on a budget. It’s a LOT of content to absorb, but it’s WORTH IT.

Disclaimer

I am in no way affiliated with HTB Academy. I was not paid to write this article, but feel free to use my referral link if you found this helpful and want to get free cubes to start with: https://referral.hackthebox.com/mzwYMtM