Students learn the necessary concepts and skills for responding effectively to cyber security incidents. The goal is to provide participants with the equivalent skills and experience one would obtain working a full month on a professional Incident Response team dealing with an Advanced Persistent Threat intrusion. Students are trained on the three core pillars of incident response: Host Forensics, Network Archaeology and Malware Analysis. Students are also given the opportunity to learn about Incident Coordination and Operational Technology.
In addition to classroom training and lectures, students spend most of their time working on a small team project investigating real data from a historical incident. At the conclusion of the program, students present their findings to senior management in standard incident reporting format.
The first 5 weeks consist of morning classes. Each of our five core classes are taught for 4 hours in the morning, with some lab work in the afternoons.
Soon after the beginning of the school, students are given their first piece of the dataset. Using techniques taught in the classes, you will begin disassembling the dataset, looking for indicators of compromise and better evidence fragments, such as command and control traffic, transferred files, malware executables, and more.
Cyber Fire Staff will be accessible to help guide direction.
The school ends with a presentation of findings to senior site management. You play the role of an incident response team, presenting your findings to senior management. You will be required to package your findings in a standard report template, then give a verbal presentation, and field questions.