Description
We deliver training live-on-line, on site, and on demand.
This course is a practical way to demonstrate knowledge and advance a career as a member of a computer security incident response team.
Students will become cybersecurity professional community members. Practice in this course will lead to excellence in cybersecurity. It shows students have what it takes to be a functioning member of a blue team.
The actual certification exam will be easier than the course practice exams.
If your organization would like this course at a particular time or location, it is available for groups greater than 8 with a contract.
- CFR
- CyberSec First Responder™
- Governing Body: CertNexus
- External exam costs: $300 in United States
- Price does/does not include exam
Security / Technical / Certification
This course fulfills NICE/NICCS Categories and Roles:
- Protect and Defend (PR) Cyber Defense Incident Responder PR-CIR-001
This is a DOD 8570 compliant course for the following roles:
- CSSP An,Ir, Au
Since the computing environment specific to tools is critical to success in the field, we offer the tools and operating systems in our cyber range setup that match most students’ live environment.
DOD acronyms
- Information Assurance Technical (IAT)
- Information Assurance Management (IAM)
- Computer Network Defense Service Providers (CND-SPs)
- IA System Architects and Engineers (IASAEs)
- Cyber Security Service Providers (CCSP)
- Analyst – An
- Infrastructure support -In
- Incident responder – Ir
- Auditor – Au
- Manager – Ma
We expect every student to build a functioning complete enterprise security system in a virtual environment. This activity will help them to develop and support an enterprise security program. As a side benefit of the course, students will pass the exam and validate their skills as a cybersecurity professional via certification.
- Identify and use computer networking concepts, protocols, and network security methodologies.
- Understand basic risk management processes.
- Execute secure network administration principles.
- Distinguish and differentiate cyber threats and vulnerabilities.
- Replace suitable certification for security experience such as with CompTIA Security+.
- Configure and implement virtual machine and basic virtual network environments.
- Configure and implement client server operating systems of both Linux and Microsoft.
- Knowledge and skills necessary to troubleshoot, install, operate and configure basic network infrastructure.
- Replace suitable certification for technical experience such as with CompTIA Network+.
Upon completion of the course the student should be able to:
- Use Security Onion and Wireshark in a production environment.
- Identify tools and techniques to use to perform an environmental reconnaissance of a target network or security system.
- Collect, analyze, and interpret security data from multiple log and monitoring sources.
- Use network host and web application vulnerability assessment tools and interpret the results to provide effective mitigation.
- Understand and remediate identity management, authentication, and access control issues.
- Participate in a senior role within an incident response team and use forensic tools to identify the source of an attack.
- Understand the use of frameworks, policies, and procedures and report on security architecture with recommendations for effective compensating controls.
- Compare and contrast various threats and classify threat profiles
- Explain the purpose and use of attack methods and techniques
- Explain the purpose and use of post exploitation tools and tactics
- Perform ongoing threat landscape research and use data to prepare for incidents
- Explain the purpose and characteristics of various data sources
- Use real-time data analysis to detect anomalies
- Analyze common indicators of potential compromise
- Use appropriate tools to analyze logs
- Use appropriate containment methods or tools
- Use appropriate asset discovery methods or tools
- Use Windows tools to analyze incidents
- Use Linux-based tools to analyze incidents
- Execute the incident response process
- Explain the importance of best practices in preparation for incident response
- Identify applicable compliance, standards, frameworks, and best practices
- Explain the importance of concepts that are unique to forensic analysis
- Identify common areas of vulnerability
- Identify the steps of the vulnerability assessment process
All courses are available in live-on-line format.
Technical labs will consume 20-40 hours outside class time. They require basic skills in operating systems and virtualization.
There are 9 different methods of possible exercises used throughout the course in one-hour class meetings. As soon as students become accustomed to a particular flow, or they get comfortable, the instructor will switch methods. Some examples include: packet analysis, what went wrong, and tooltime.
Before class students will complete mindmaps, assigned readings, take practice quizzes, submit case study information, and build flashcards. Each activity is graded as needed.
We use a customized text developed by our internal experts. This text covers the latest best practices, current state of security and technology. All students are required to have a working computer, microphone, and earbuds.
- 1 hour per session
- 3 sessions per week
- 8 weeks with 2 break weeks (also called ‘dark weeks’)
- Orientation is held for 90 minutes before first live class.
- Class meeting times are listed on the public calendar.