Certified Blockchain Security Professional

I sat for the Certified Blockchain Security Professional(CBSP) Exam from the Blockchain Training Alliance today and had some insight to share.

Insight to help you study but also understand whats being tested. Ive also included the Top Five areas to focus on for the very challenging exam.

The CBSP exam was clearly well written and focused on what appeared to be very straight forward areas of focus, essentially any blockchain or cryptocurrency related to security and governance

Now to be honest here is my take on the objectives, not the BTAs..

  1. Blockchain Fundamentals (20%)
  2. Blockchain Security Fundamentals(30%)
  3. Blockchain Smart Contracts(20%).
  4. Blockchain Vulnerabilities (15%)
  5. Bitcoin, Hyperledger, Corda and Ethereum (15%)

Exam Basics

  • Exam was 70 Questions.
  • Exam had mainly multiple choice with True/False type Questions.
  • Exam had graphics of smart contracts to review
  • Plenty of time to take it. 90 minutes.
  • Exam Cost $300 Link is below. Save 30% which is $90 on the exam by using CODE JH30SM

Certified Blockchain Security Professional (CBSP)
The Certified Blockchain Security Professional (CBSP) exam is an elite way to demonstrate your knowledge and skills in…bit.ly


  1. Vulnerabilities — I would not recommend someone who has not prepared well to take this exam. This area will slam you if you dont know 15 plus hacks well for both Ethereum and a ton of cryptocurrency no one uses. It clearly has some advanced areas and you will need to memorize around “blockchain vulnerabilities” that perhaps you will never care about or deal with (WTF is Verge?). The vulnerabilities were also focused not just on BTC or Ether but the question expected you to know what happenend in Lisk, NEO, EOS and a few others I would waste not a nickel on like Verge or Pigeoncoin from an investment standpoint. I am just relaying my experience, nothing more. It was a good exam just seemed the area of scope was a bit far, wide and not in tune with an enterprise. Sorry, fact is that if your an enterprise dude you wont be playing with Lisk, Verge nor Piggycoin, not sure what the exam developers were thinking

Pigeoncoin (PGN) Hacked Through Bitcoin Protocol Bug, Other Small Coins Eventually at Risk
Pigeoncoin (PGN), a small-scale digital asset traded in two obscure exchanges, has finally got the spotlight but for…www.newsbtc.com

2. Smart Contracts — The main area I would focus on is trying to focus on weakness in coding around smart contracts. For example make sure you all know the following and be able to recite these front and back. Race Conditions, DOS, Bad Randomness, Arithmetic, Unchecked Return Value, Reentrancy, Access Control and a few others. 

The exam questions will have questions that have code to view and you need to select the type of code issue. Or the other way was that they ask what kind of a hack can be ran from a smart contract or not for example. Get this area or fail

3. Consensus and Security Measures— Know the consensus for Ethereum, Corda, Hyperledger and Bitcoin. Understand what Proof of Work, Proof of Stake, Proof of Burn, BFT, etc. It would also be wise to know the benefits and cons of each as well. Know the security measures of each. 

For example in Hyperledger Fabric you have Pluggable Identity Management, Channels and Private Data and then understand what can be done in Corda and Ethereum. Corda is different since its a need to know approach and uses Notaries. Ethereum is opened up to all the basement dwellers, essentially has no real security features. Why Permissioned vs Permisionless.

4. Regulatory Requirements.. Ok, so once again you need to know a few things before you can do well in the area. First, know benefits of Open/Private/Permissioned blockchains, this is straight forward. Then ensure you know why a company wants transparency, data redundancy, data encryption, PII data and privacy.

Understand how these play into regulatory requirements and risk management. For example if you use a blockchain that is decentralized then what would happen if you had sensitive data? For example: The blockchain is designed to be publicly visible and immutable. Smart contract code is stored on the blockchain, making it visible to malicious users. So basically once its on the blockchain its there for the taking.

Check out my Facebook Libra Live Online Course where I walk thru deploying Facebook Libra Testnet on Google Cloud and AWS. LIVE!


5. Basics of Blockchains- This area of focus to consider mainly “worked you” on how well you know the different blockchains, wallets and consensus methods. For example what type of wallet would you use if you wanted to go low tech? Paper of course. Another basic area to consider is the area of poor network security. 

For Example: What would happen you did not update patches or components. What would happen if Honey Boo Boo put together the network and forgot to setup a firewall or how to mitigate a DDOS attack. You may also want to ensure what a Turing Complete Machine is and why it correlates to blockchain security?

If your thinking of taking the Certified Blockchain Solutions Architect (CBSA) Exam then join in on my CBSA Exam Live Online Cram Session on Pearson Safari.

Certified Blockchain Solutions Architect (CBSA) Certification Crash Course
This training is focused on preparing IT professionals to successfully pass the Certified Blockchain Solutions…learning.oreilly.com

Pre Order my book on Amazon! Architecting Enterprise Blockchain Solutions from Wiley Sybex.


Check out my Youtube as well for helpful videos!

Leave a Reply