Incident Detection, Analysis & Response – for IT [CSR101]

To respond effectively to cyber security challenges, SOC-Members must constantly develop and test their knowledge and effectiveness. One of the best ways to do this is to test their readiness against simulated attack scenarios at a hyper-realisitic Cyber Simulation Range (CSR). This course sets the stage for future security analysts to deal with cyber-attack scenarios – ranging from basic to complex – which include legacy, current and emerging threat vectors.

By the end of this course, participants will be able to:

• understand the functionality of a state-of-the-art CDC
• utilize integrated tools of the complete CDC technology stack
• efficiently detect, assess and determine the scope of incidents
• enrich event information utilizing external threat intelligence
• perform tasks in various CDC roles in situations of stress

• Cyber Defense Center (CDC)
• Cyber Simulation Range (CSR)
• Understand the hyper-realistic CSR architecture
• Work with the CDC technology stack and toolbase
• Identfiy criticalities of assets and information
• Slip into different CDC roles
• Perform teamwork and individual tasks
• Practical training sessions in IT environments

• CDC analysts who are faced with security incidents on a regular basis and need to know how to detect, investigate, remediate, and recover from compromised systems across an IT infrastructure
• Threat hunters who are seeking to understand threats more fully and who want to learn from incidents in order to more effectively hunt threats and respond to future threats
• Technically oriented CISOs, risk managers and security experts who are responsible for the organisational management of serious cyber crises

• Most important: a passion for IT security
• Must: OS basics for Windows and Linux
• Must: Network basics regarding the OSI model
• Must: Logging and log analysis basics
• Nice to have: Hacking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)

ISH certificate "SECURITY INCIDENT ANALYST – LEVEL 1"

After graduating in computer science in 2002, Pierre Kroma’s professional focus was on IT security. Over the past 16 years, he has been able to acquire a wealth of experience in the most diverse areas of cyber security. The implementation of complex IT security audits in the form of penetration / web application / black box / vulnerability tests (external / internal), as well as consulting in the field of incident handling and IT forensics covered several years of his professional career. Several years as head of a Tactical Intrusion development department for investigative authorities round off his profile. All these experiences form the basis for him to advise customers in the area of cyber attacks and appropriate protective measures. As speaker and trainer he is internationally responsible for the development and implementation of technically demanding cyber security workshops and hands-on trainings. A meaningful transfer of knowledge through individual methodology and didactics (in German and English) are very important to him and offer an exciting alternative to pass on his broad IT security knowledge.