🔎Practical Junior OSINT Researcher (PJOR) : A Practical Review for a Practical Cert
By Evan Kirstein (Guest Writer)
Disclaimer: At the time of this review, I am not affiliated with TCM Security and paid for the course and exam out of my own pocket. This article was reproduced and adjusted with the authors permission from his website at: https://barebones-cyber.gitbook.io/tcm-pjor-review
Introduction
Before we begin I have a few questions for you:
Do you want to know what it feels like to have the power of the internet at your fingertips?
Do you want to hone your skills to impress your friends or partner with how quickly you can find places to eat or where the heck you’ve seen that actor/actress before?
Did you stumble across JoseMonkey’s videos online about using OSINT (Open-Source Intelligence) and Geolocation?
Do you want to expand your Red / Blue team skillsets with OSINT?
If any, or all of these peak your interest, then OSINT is a fantastic skill to learn regardless of professional experience and job description! TCM Security recently released the Practical Junior OSINT Researcher (PJOR) certification aimed at people just starting out in the industry. Today I will be going over the training and my experience earning the PJOR.
What is OSINT?
OSINT (Open-Source Intelligence) is the overall umbrella term for intelligence that is gathered and analyzed using publicly available information. This information can be gained from sources such as social media, news articles, websites, and even publicly available geographical data (satellite imagery, Google Street View, etc).
If it is publicly available information (digital or physical), it is considered OSINT.
Certification and Course of Study Background:
The Practical Junior OSINT Researcher (PJOR) exam was written by Angela Brown, an Offensive Security Engineer with TCM Security who has a background in OSINT and DFIR.
The PJOR certification sits in a unique space in the industry. While there are certainly other OSINT certifications available, the only mainstream recognized ones I am aware of (SANS, MacAfee Institute, and a few others) are all aimed at more advanced practitioners. The certifications mentioned above cost 10+ times more than the PJOR material.
This positions TCM Security's PJOR certification as the cost-effective, entry level gateway, into the wonderful world of OSINT.
The Fundamentals Course
The TCM Security's Open-Source Intelligence (OSINT) Fundamentals course is the supporting course for the PJOR certification exam. Access to this course is available to anyone with a membership to the TCM Security Academy ($29.99) or if you purchase the certification exam ($249). If you want to figure out if OSINT is your thing, you can access the first five hours on The Cyber-Mentor's youtube channel here.
The OSINT Fundamentals course is over 9 hours of video content that generally covers all aspects of OSINT and provides complete coverage of all concepts included in the exam, with hands-on challenges and local labs included.
My Thoughts on the Training
While everyone’s most effective method of information intake differs, personally I found the pacing of the course easy to follow and digest. It was very well written for the ‘Beginner’ level target audience with no assumption of any significant experience in either IT or Cybersecurity.
All the information presented during the course of study is practical in nature, preparing you well for the practical nature of the exam. Additionally, the PNPT exam has OSINT elements in it, and the PJOR and PJPT certifications pair well to position the student for success should they pursue the PNPT certification.
In terms of the exam itself, it is 100% practical in nature. Students are given 72 hours to complete the exam and formulate a professional report to submit for grading.
At the time of this review, the exam voucher costs $249 USD (There are additional discounts that apply for Military/Veterans/and First Responders as well) and includes 1 exam attempt, 1 retake, and the supported training. The best part? It does not expire!
Exam Impressions
Above all else, I had a blast during my time taking the PJOR exam!
Every challenge included in the exam had real-world practical applications and set the student up well in terms of producing a professional OSINT report in a production environment. Every element of course was useful. Passing the certification required the student to have a practical knowledge of the techniques and concepts required to solve each challenge, as well as the ability to convert the data found into a meaningful and actionable information.
While you are given 72 hours may seem like a long time it can go by fast. Make sure you are spending your time wisely and document as you go to prevent the need to go back for additional information while writing the report.
Ask me how I know? I realized about 80% of the way through my investigation that my primary method of capturing documentation was causing me more issues than benefits. I had to backtrack to re-capture, and annotate, previously identified documentation.
Additionally, this certification heavily focuses on the methodologies of OSINT rather than individual tool knowledge, and the exam follows suit. I did not need to rely on a Kali Linux instance, or any other tools to succeed outside of whatever your note-taking method of choice is, and a good screen-grabber.
For screen grabbing, I personally use Greenshot on Windows and Flameshot on Linux. As long as you have SOMETHING to use for grabbing screenshots for documentation, then you are set for success. While additional tool usage might help speed things up in a few cases here and there, I felt that the exam was written specifically to be tool-less in nature, and any experienced tool usage would only result in a minor benefit.
My advice: Spend the study time to get comfortable with the fundamental methodologies covered in the OSINT Fundamentals course and especially get familiar with report-writing. That will lead you towards success!
Conclusion
I think the PJOR succeeds in what Ang and the rest of the team at TCM Security set out to accomplish! The PJOR is an entry-level friendly, practical, and cost-effective gateway into the world of OSINT that is widely applicable to almost all career paths and walks of life, not just IT and Cybersecurity.
I feel that this certificate firmly confirms a fundamental and practical knowledge of OSINT and how to use it in a professional setting. I have high hopes that the mid-level/advanced-level OSINT cert will come out from TCM Academy in the near future!
Evan Kirstein, CISSP is a seasoned Chaotic Neurospicy Information Security Analyst with almost a decade of experience in Systems Administration within the MSP and financial sectors and are currently pursuing a Bachelor of Science in Cybersecurity and Information Assurance at Western Governors University. Evan holds numerous certifications, including ISC2's CISSP, TCM Security’s Practical Junior OSINT Researcher, CompTIA’s Security+, Network+, and Server+ certifications, and Security Blue Team’s Blue Team Level 1. Passionate about community and education, they actively participate in and moderate several cybersecurity-focused Discord servers and contribute to The CyberSleuth Chronicles as well as playing and dungeon-mastering Dungeons & Dragons, Backdoors & Breaches, and other tabletop games with a love for nurturing the next generation of nerdlings and IT professionals.
Last updated
Was this helpful?