Critical Knowledge:

Incident Response

CyberVista now offers an expansion to our Critical Knowledge role-based training with a 100% online training program designed for Incident Responders and similar roles. Leverage this course to enhance and harden your CERT, CSIRT, CIRT, or greater SOC.


Build and enhance incident response skills.

Enterprise organizations are bombarded by cybersecurity attacks on a daily basis. It’s not a matter of if a breach will occur; rather it’s a question of when and to what extent. Incident Response teams can work quickly to contain and mitigate a breach.  Yet, upskilling individuals to act in a full IR capacity is not an easy task. The industry doesn’t yet offer an incremental learning path from a SOC Analyst or Cybersecurity Specialist role directly feeding into IR.

CyberVista now offers a 100% online training program designed to develop Incident Responders quickly and cost effectively. Critical Knowledge: Incident Response is a comprehensive offering that builds on the Critical Knowledge training program. This course goes beyond fundamental concepts and dives into technical and task-oriented subject matter designed specifically for Incident Responders. Team members working within a CERT (computer emergency response team), CSIRT (computer security incident response team), CIRT (computer/cybersecurity incident response team), or broader SOC (security operations center) would benefit greatly from this course.

  • CyberVista’s Incident Response role-based training is the comprehensive course that builds off of the baseline Critical Knowledge training program as well as the SOC Analyst curriculum. It is recommended that individuals pursuing this role have either completed Critical Knowledge and SOC Analyst training either through CyberVista or another reputable provider as a prerequisite to this training course. 

  • This course is designed to train individuals entering or with limited experience within Incident Responder roles.  Individuals expanding their careers from prior SOC Analysts roles are an excellent fit for this course. Enterprise organizations and federal agencies that house a dedicated IR team (CSIRT, CERT, or CIRT) can benefit from the program given the extent of confidential information and private client intel.

    Overall, these groups can benefit from this course work:

    • Incident Response Teams
    • SOC Analysts
    • Threat Hunters
    • InfoSec/Cybersecurity Professionals
    • Federal and State Employees
    • Pentesters and Red Teams
  • Organizations participating in this offering will experience the following major benefits:

    • Efficiently improve knowledge, skills, and abilities related to IR responsibilities
    • Mitigate immediate weaknesses across critical cybersecurity knowledge and skill areas
    • Create a career pathway with upward mobility for long-term retention and employee satisfaction among IR team members

Request Course Demonstration


An intelligent solution.

Diagnostic Assessment

Easily administer a diagnostic assessment is used to determine each team member’s strengths and weaknesses.

CyberVista Advance Screenshot

Video Lessons

Engage with introductory videos, modular lessons, and lab walk-through videos.

Kali Linux

Practical Labs

Work with both guided and problem-oriented labs to reinforce practical applications, utilizing Kali Linux and Security Onion virtual machines.

Final Assessment

Participants conclude training with a final assessment to determine improvement across knowledge and skills.

Practice Exam Preparation

Retain valuable knowledge with exam-quality practice questions and exams.

Course content

IR_Foundational Knowledge

00. Foundational Knowledge

Learners will establish or revisit foundational concepts necessary to building knowledge and skills in later units.

    • 0.1       Networking Basics
    • 0.2       Host Basics
    • 0.3       Indicators of Compromise
IR_IR Overview

01. IR Overview

Learners will understand various roles within an organization and their responsibilities prior to, during, and after an incident occurs.

    • 1.1       Incident Response Overview
    • 1.2       Roles and Responsibilities
    • 1.3       Policies and Procedures
IR_Attack Lifecycle

02. Attack Lifecycle

Learners will understand the Cyber KillChain and the Mitre Attack Framework. These are important to understanding the phases of an attack and how to determine a resolution.

    • 2.1       Cyber Kill Chain
    • 2.2       Mitre Attack Framework
IR_Host and Network

03. Host and Network-Based Detection and Resolution

Learners will become familiarized with means of detection and resolution of network intrusions and malware attacks. 

    • 3.1       Network Analysis and Attack Identification
    • 3.2       Host and Network Intrusions
    • 3.3       Malware and Rogue Device Detection
IR_Attack Patterns

04. Attack Patterns and Mechanisms

Learners will be able to understand attacks listed in the OWASP Top Ten, the methods that these attacks propagate and affect an organization, and remediation techniques.

    • 4.1       Network-Based Attacks
    • 4.2       Host-Based Attacks
    • 4.3       Attack Methods

05. Forensics

Learners will become familiar with digital forensics, techniques used, case studies, and additional hands-on exercises.

    • 5.1       Forensics in IR
    • 5.2       Forensics Methodologies
    • 5.3       IR Case Study
    • 5.4       IR Activity

“We had excellent help from the account management to the instructors — a great experience all around. Really great business and people.”

Director of SOC, Fortune 100 Retail Company