Are you just getting started with Incident Response (IR) and not sure where to begin? Do you need to stand up an IR program or establish a Computer Security and Incident Response Team and need to get started on the right foot?
Incident Response can be one of the most difficult aspects of Information Security and foundational skills are critical.
The goal of this course is to provide the core components that make up a successful Incident Response program. Students will learn how to get started on their IR journey, what to prioritize, and why boring stuff like policies and procedures are just as important as technical digital forensics skills.
We will cover the logging and monitoring capabilities necessary to be able to successfully investigate and triage an incident as well as what to do when those log sources fail. The concepts and skills introduced in this class will lay the groundwork for the next steps in the IR journey of in-depth endpoint and network forensics and analysis.
- Fundamental concepts of Incident Response and the composition of successful IR Programs and Teams
- Necessary components of IR Policies and Procedures
- Network traffic monitoring options and instrumentation
- Endpoint logging requirements and what capabilities are needed when logging fails
- Key Active Directory Event IDs necessary to track down attacker activity
- IR considerations for cloud resources
- Learn how to run a successful Incident Response Tabletop Exercise
WHO SHOULD TAKE THIS COURSE
- Entry level Incident Responders and Threat Hunters
- CSIRT and SOC Management
AUDIENCE SKILL LEVEL
Basic computer and network knowledge
- A reliable Internet connection
- A computer with at least 8 GB of RAM (16 GB recommended)
WHAT EACH STUDENT SHOULD BRING
The above computer and a smile!
WHAT STUDENTS WILL BE PROVIDED WITH
- Back Doors & Breaches card deck for Incident Response Tabletop Exercises
- Incident Response handbook with example IR Policy and Procedure documentation.
- 6 months of free access to our Cyber Range.
TRAINER & AUTHOR
Derek Banks has been a Security Analyst and Penetration Tester for Black Hills Information Security (BHIS) since 2014, but he has been a part of the IT industry for his entire career. Since graduating college with a BS in Computer Information Systems, Derek has explored many different Information Technology jobs, from working at a help desk to being a network and systems administrator. He has experience in forensics, incident response, creating custom host and network-based monitoring solutions, penetration testing, vulnerability analysis, and threat modeling. Derek’s favorite aspects of working at BHIS include learning from his coworkers and helping customers better their security posture. When he isn’t participating in CtF competitions or red team engagements, Derek enjoys spending time with his family, staying physically fit, and playing the bass guitar.