TCM Security – Practical Junior OSINT Researcher (PJOR) : A Practical Review for a Practical Cert
Last updated
Last updated
So, you want to know what it feels like to have the power of the collective knowledge of the internet at your fingertips? Want to hone your skills to impress your friends or partner with how quickly you can find places to eat or where the heck you’ve seen that actor/actress before? Maybe you’ve stumbled across JoseMonkey’s videos online using OSINT (Open-Source Intelligence) and Geolocation, or you want to expand your Red / Blue team skillsets with OSINT? OSINT is a fantastic skill and knowledge set for anyone to have, regardless of professional experience and job description!
Since the TCM Security PJOR certificate is aimed at Junior OSINT practitioners, it primarily focuses on those with Little to No experience with OSINT. To give us a baseline of what is going to be covered by this cert, let’s quickly discuss what OSINT is. OSINT (Open-Source Intelligence) is the overall umbrella term for intelligence that is gathered and analyzed using publicly available information such as social media, news articles, websites, and even publicly available geographical data (satellite imagery, Google Street View, etc). If it is publicly available information (digital or physical), it is considered OSINT.
At the time of this review, I am not affiliated with TCM Security and paid for the course and exam out of my own pocket.
The Practical Junior OSINT Researcher (PJOR) exam was written by Angela Brown, an Offensive Security Engineer with TCM Security who has a background in OSINT and DFIR.
Overall, the PJOR certification sits in a unique space in the industry. While there are certainly other OSINT certifications available, the only mainstream recognized ones I am aware of (SANS, MacAfee Institute, etc) are all aimed at more advanced practitioners and the majority are theoretical exams in nature, rather than a practical exam such as the TCM Security PJOR exam. Additionally, the alternative certifications mentioned above cost 10x or more than the PJOR. This positions the TCM Security PJOR certification to be the entry level friendly and cost-effective gateway into the wonderful wide world of OSINT.
The TCM Security ‘Open-Source Intelligence (OSINT) Fundamentals’ course is the course of study for the PJOR certification exam, and is available to anyone with a membership to the TCM Security Academy online training portal (membership cost is $29.99/mo, but TCM additionally offers a 20% discount for military, veterans, students, teachers, and first responders, as well as hosting several sales throughout the year), so you can have access to the course material and study for the exam without needing to pay for the exam voucher up front in case you decide that OSINT really just isn’t your thing. The OSINT Fundamentals course is over 9 hours of video content that generally covers all aspects of OSINT and providing complete coverage of all concepts included in the exam, with hands-on challenges and local labs included.
While everyone’s most effective method of information intake differs, personally I found the pacing of the course easy to follow and digest, and very well written for the more ‘Beginner’ level target audience with no assumption of any significant experience in either IT or Cybersecurity. Additionally, all the information presented during the course of study is practical in nature, preparing you well for the practical nature of the exam. Additionally, the PNPT exam has OSINT elements in it, and the PJOR and PJPT certifications pair well to position the student for success should they pursue the PNPT certification.
In terms of the exam itself, it is 100% practical in nature, and students are given 72 hours to complete the exam and formulate a professional report to submit for grading. At the time of this review, the exam voucher costs $249 USD (previously mentioned discounts apply to voucher purchase as well) and includes 1 exam attempt and 1 retake, and does not expire.
Above all else, I had a blast during my time taking the PJOR exam. Every challenge included in the exam had real-world practical applications and sets the student up well in terms of producing a professional OSINT report in a production environment. Every element of OSINT covered by the course of study was leveraged, and passing required the student to have a practical knowledge of the techniques and concepts required to solve each challenge, as well as the ability to convert the data found into a meaningful and actionable report in the end.
While you are given 72 hours to perform your investigation and write a report, make sure to be spending your time wisely and document as you go to prevent the necessity of going back to re-capture documentation while you are writing the report. Ask me how I know. I realized about 80% of the way through my investigation that my primary method of capturing documentation was causing me more issues than benefits, so I had to backtrack to re-capture and annotate visual documentation.
Additionally, this certification heavily focuses on the methodologies of OSINT rather than individual tool knowledge, and the exam follows suit. I did not need to rely on a Kali Linux instance, or any other tools to succeed outside of whatever your note-taking method of choice is, and a good screen-grabber. I personally use Greenshot on Windows and Flameshot on Linux, but as long as you have SOMETHING to use for grabbing screenshots for documentation, then you are set for success. While additional tool usage might help speed things up in a few cases here and there, I felt that the exam was written specifically to be tool-less in nature, and any experienced tool usage would only result in a minor benefit. Spend the study time to get comfortable with the fundamental methodologies covered in the OSINT Fundamentals course and especially get familiar with report-writing.
Overall, I think the PJOR succeeds in what Ang and the rest of the team at TCM Security set out to accomplish, and I don't think I can commend them highly enough on their success. The PJOR is an entry-level friendly, practical, and cost-effective gateway into the world of OSINT that is widely applicable to almost all career paths and walks of life, not just IT and Cybersecurity. I feel that this certificate firmly confirms a fundamental and practical knowledge and understanding of OSINT and how to use it in a professional setting, and I look forward to job listings including the PJOR in them! I will cross my fingers while I wait for the mid/advanced-level OSINT cert to come out from TCM, as I have high hopes for that!
