This course, designed for cybersecurity incident management and security operations center (SOC) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging cybersecurity threats and attacks. Building on the methods and tools discussed in the Foundations of Incident Management course, this course provides guidance that incident handlers can use in responding to more complex threats and attacks, including persistent threats.

Through interactive instruction, facilitated discussions, and group exercises, instructors help participants identify and analyze a set of events and then propose appropriate response strategies. Participants work as a team throughout the week to handle a series of escalating incidents that are presented as part of an ongoing scenario.

Work includes team analysis of information and presentation of findings and response strategies. Participants also review more advanced types of activities related to incident handling such as threat hunting, artifact and malware analysis, vulnerability handling, major or crisis events, and publishing and communicating information.