Cyber Security Incident Command w/ Gerard Johansen
October 8 @ 10:30 am – October 9 @ 7:00 pm EDT
Instructor: Gerard Johansen
Course Length: 16 Hours
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.
Class Dates | Class Times |
---|---|
Tuesday, October 8th, 2024: | 8:30 AM – 5:00 PM MT |
Wednesday, October 9th, 2024: | 8:30 AM – 5:00 PM MT |
These classes are a part of Wild West Hackin’ Fest 2024 . Conference occurs both virtually and in person. For more information about the conference visit our website!
Clicking on the button above will take you
to our registration page on the website.
Pricing:
Course Description
The Cyber Incident Command course is designed to provide students with the foundational concepts and techniques necessary to manage a cyber security incident. The focus is on building knowledge and skills in the operational and strategic levels of incident response such as crisis communications, crafting containment and eradication plans and managing the various teams leveraged during an incident.
Students will first be exposed to incident command fundamentals. From here, they will be guided through the various stages of incident response activities such as properly scoping an incident response, addressing escalations, crafting a containment plan, removing the threat actor from the network, and returning to normal. Throughout this process, they will also be shown how to incorporate technical actions such as digital forensics and network modifications in response to an incident. In addition to the technical aspects, students will also be instructed to address the operational concerns in incorporating various business units such as legal, senior management, marketing, and facilities during an incident.
To reinforce these concepts, students will work through a realistic incident scenario during which they will be required to apply the concepts taught using the IRIS-DFIR platform and document templates.
What You Will Learn
Students will be guided through managing a cyber security incident through a combination of instructions and practical exercises that will leverage IR Tools and techniques. Specific focus will be on specific decisions and actions that take place during an incident, how to coordinate strategic, operational, and technical teams, addressing crisis communications and getting the organization back to normal.
To put these concepts into a practical framework, a realistic scenario will be used throughout the course where they will have to put into action the key concepts such as assisting an executive committee with crisis communications or integrating digital forensic concepts into the IR process.
- The critical role that the Cyber Security Incident Commander plays.
- Managing the entire incident response process
- Key actions and decisions that the IC needs to consider.
- Managing the various teams that are part of an incident response.
- How to leverage applications and IR templates to capture key data points.
- Getting back to normal operations.
- Properly documenting and closing out an incident.
Who Should Take The Course
This course is geared toward security operations, incident response or security managers that may have to assume responsibility for handling cyber security incidents. Other cyber defenders that also have roles or responsibilities associated with cyber security handling will gain value as well.
Note: This will not be a technically heavy course and even junior level security operations personnel or novices will gain value.
Laptop Requirements
System Hardware Requirements:
- Supports VMWare
- Virtual Box
Host Configuration and Software Requirements:
Students will be provided an OVA file containing a Linux system with the Incident Management application IRIS-DFIR. Students will need either a version of VMWare or Virtual Box.
Pre-Requisites for the Course
Students should have a basic understanding of security operations and digital forensics. Further, they should be comfortable preparing short PowerPoint briefings and working in software applications.
Trainer & Author
Gerard Johansen is a cyber security professional with over a decade of experience in Incident Response, Digital Forensics, Security Operations and Cyber Threat Intelligence. During his tenure in the cyber security field, Gerard has served as both a digital forensics and instruction analysis professional as well as an Incident Commander, managing large scale network intrusions and ransomware cases. Currently Gerard works within a Managed Detection and Response vendor where he works directly with customers providing consultation and guidance around forensics, log management and incident resolution. A frequent speaker, Gerard has presented at various conferences including Wild West Hackin’ Fest. He is also completing a fourth edition of his book; Digital Forensics and Incident Response.