online training course

INCIDENT RESPONSE

Effectively upskill employees and create a direct career development path into Incident Response with N2K’s IR course.

Course Overview

N2K’s Incident Response is a comprehensive role-based course that builds on N2K’s baseline Critical Knowledge program and SOC Analyst curriculum. Compiled into six (6) units, this training course covers highly technical and task-oriented topics parallel to explicit Incident Response functions.

Participants conduct guided lab exercises and complete tasks on virtual machines included in the course, with hours of on-demand lessons by an experienced instructor to help reinforce correct practice and application of skills. Practice exam assessments for CompTIA CySA+ are included as an added resource for employees interested in certification.

Our 100% online format makes it easier for your workforce to accommodate training. Courses are available either live online, with weekly live instruction over six consecutive weeks, or video on-demand. Both modalities include six months of access to all learning tools and materials in our proprietary LMS.

Workforce Framework for Cybersecurity

All N2K role-based courses are directly mapped to the Workforce Framework for Cybersecurity, or the NICE Framework, incorporating the knowledge, skills, abilities, and tasks (KSATs) to relevant cybersecurity job roles.

Prerequisites

It is recommended to have some professional work experience in security and hands-on skills with common security controls. However, there are no formal prerequisites. 

Related Courses

N2K recommends that individuals new to cybersecurity or who could use a refresher complete N2K’s baseline Critical Knowledge program or the SOC Analyst course prior to enrolling in the Incident Response course. Recommended certifications to pursue following the IR course are CompTIA’s CySA+, CASP+ or PenTest+.

Who should take this course?

Individuals in the following roles and teams are excellent candidates for this course: 

  • Newly hired Incident Response analysts
  • Current cybersecurity employees working in SOC or IR with 1-3 years of experience
  • Junior Pentesters and Red Teams who want a better understanding of Blue Team or defensive operations
  • CERT, CSIRT, CIRT, or greater SOC teams

Benefits of Training

There are a great number of benefits to taking the IR course, but a few highlights include:

  • Role-based training to fast-track new hires’ time to operational status
  • Real-life, hands-on scenarios to ensure long term comprehension and retention
  • Provide a clear, long term career development plan for employees

case study

Cost-Savings of 75% on SOC Training for Fortune 50 Retail Organization

Course Outline

The Incident Response course spans 5 units in addition to a foundational pre-course unit. Click on the sections below to see the topic areas within each unit.

  • Establish or revisit foundational concepts on networking basics, hosting, and indicators of compromise.

    • Networking Basics
    • Host Basics
    • Indicators of Compromise
  • Understand various roles within an organization and their responsibilities prior to, during, and after an incident occurs.

    • Incident Response Overview
    • Roles and Responsibilities
    • Policies and Procedures
  • Overview of the Cyber KillChain and the Mitre Attack Framework.

    • Cyber Kill Chain
    • Mitre Attack Framework
  • Become familiarized with means of detection and resolution of network intrusions and malware attacks.

    • Network Analysis and Attack Identification
    • Host and Network Intrusions
    • Malware and Rogue Device Detection
  • Understand attacks listed in the OWASP Top Ten, the methods these attacks propagate and affect an organization, and remediation techniques.

    • Network-Based Attacks
    • Host-Based Attacks
    • Attack Methods
  • Become familiarized with digital forensics and techniques used, review case studies, and partake in additional hands-on exercises.

    • Forensics in Incident Response
    • Forensics Methodologies
    • Incident Response Case Study
    • Incident Response Activity
This course includes:
  • 50 Question Diagnostic Assessment
  • 70+ Modular Video Lessons
  • Configured REMnux and Windows 10 Virtual Machines
  • 10+ Hours of Guided Labs
  • 50+ Knowledge Check Questions
  • IR SOP Manual (PDF)
  • 50 Question Final Assessment
  • (Optional) Practice Exam Preparation for CompTIA CySA+
  • Engagement and Performance Analytics
    • *For IR Managers or CIO


“We had excellent help from the account management to the instructors — a great experience all around. Really great business and people.”

Director of SOC, Fortune 50 Retail Company

GartnerPeerInsights_N2K

Why N2K?

When it comes to training, we know that you and your organization have several options to choose from. This is what separates N2K from the pack.

Data-Driven

Measure improvements with robust performance analytics

Relevant

Build the right knowledge and skills specific to roles

Efficient

Foster long-term retention without wasting time on cramming

Cost-Effective

Total costs average 50% less per person compared to the leading bootcamp

Request Pricing

Why N2K?

When it comes to certification training, we know that you and your organization have several options to choose from. This is what separates N2K from the pack.

DATA-DRIVEN

Measure improvements with robust performance analytics

EFFICIENT

Foster long-term retention without wasting time on cramming

RELEVANT

Build the right knowledge and skills specific to roles

COST-EFFECTIVE

Total costs average at least 50% less per person compared to the leading bootcamp

Request Pricing

Request more information on training options for your cybersecurity teams. Private classes are available.

Incident Response FAQ’s

  • While certain course units and topics align with the objectives of select certifications, this course is not intended for exam preparation. However, practice exam assessment tools for the CompTIA CySA+ certification are included as an optional resource for participants who wish to certify.

  • This course is delivered both live online over six consecutive weeks with live instruction weekly from a dedicated instructor or video-on-demand. Both modalities include six months of access to all learning tools and materials in our proprietary LMS.

    • Rebecca Blair, Manager of Security Operations
    • Jonathan Lanning, Senior Security Manager, Adjunct Instructor
    • Timothy Stover, Content Developer
  • Yes! Participants receive a digital badge once they have successfully completed the course. This badge can be displayed on social profiles or email signatures. Click here to learn more about N2K’s digital badging.