Path icon Learning Paths
Skills

Cyber Defense Incident Responder | PR-CIR-001 | Work Role 531

  • Number of Courses20 courses
  • Duration31 hours

A cyber defense incident responder responds to crises or urgent situations to mitigate immediate and potential threats while investigating and analyzing all relevant response activities. Responsibilities include using mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security.  

This path will get you started on your journey to becoming a cyber defense incident responder! Begin with the fundamental concepts of network protocols and traffic analysis through hands-on labs, dive into the essential skills necessary to perform the day-to-day functions of response and remediation and then expand your skill set with tools, more advanced concepts and knowledge from adjacent roles!

Path estimated completion time is ~40 hours for total content.

 

This path aligns to the Knowledge, Skills, Abilities and Tasks (KSAs) within the Workforce Framework for Cybersecurity (CSWF) and the DoD Cyber Workforce Framework (DCWF) for the work role of:

Cyber Defense Incident Responder Work Role 531 or PR-CIR-001

 

For complete coverage of skill paths and tooling for the Cyber Defense Incident Responder role, please navigate to the Incident Responder Channel

Courses in this path

Fundamentals

Begin your learning journey with the fundamental concepts of network protocols, packet analysis and security monitoring and detection through some hands-on labs and courses!

*Note the lab length is showing the allotted time that the environment will be open and available before resetting. The estimated completion time of each lab is 45 minutes.

Enterprise Security: Executive Briefing

  • by Aaron Rosenmund
  • 39m Duration
  •  (35)

Network Activity and Packet Analysis with Python

  • by Sean Wilkins
  • 2h 15m Duration

Security Event Triage: Operationalizing Security Analysis

  • by Aaron Rosenmund
  • 54m Duration
  •  (29)

Security Event Triage: Detecting System Anomalies

  • by Aaron Rosenmund
  • 1h 47m Duration
  •  (19)

Skill Essentials

Now that you know the fundamentals, dive into the essential skills necessary to perform the day-to-day functions of a cyber defense incident responder including analysis, response and remediation.

Incident Response: Detection and Analysis

  • by Aaron Rosenmund
  • 2h 18m Duration
  •  (25)

Incident Response: Host Analysis

  • by Aaron Rosenmund
  • 1h 37m Duration

Incident Response: Network Analysis

  • by Brandon DeVault
  • 1h 10m Duration
  •  (11)

Incident Response: Containment, Eradication and Recovery

  • by Aaron Rosenmund
  • 1h 6m Duration

Live Response and Forensics with PowerShell

  • by Liam Cleary
  • 2h 51m Duration

Getting Started Analyzing Malware Infections

  • by Cristian Pascariu
  • 2h 17m Duration
  •  (42)

Malware Detection and Analysis with Python

  • by Cristian Pascariu
  • 1h 8m Duration

Expanded Skillset

It's time to expand your skill set with tools, more advanced concepts and emerging trends and vulnerabilities!

This section gives you a brief introduction into many, additional skills that you will find helpful as a cyber defense incident responder. We have full training paths on all of these skills; see the Supplemental Skill Paths section to learn more.

Specialized DFIR: Windows Registry Forensics

  • by Tyler Hudak
  • 1h 9m Duration

Incident Management with TheHive

  • by Nick Mitropoulos
  • 27m Duration

Advanced Cyber Defense Analysis with Wireshark

  • by Sean Wilkins
  • 2h 31m Duration

Advanced Malware Analysis: Ransomware

  • by Cristian Pascariu
  • 1h 29m Duration
  •  (37)

Adjacent Skill Knowledge

Now that you've mastered all the skills for cyber defense incident responder, learn about additional cyber roles and their responsibilities.

Threat Hunting: Network Hunting

  • by Brandon DeVault
  • 1h 29m Duration
  •  (19)

Threat Intelligence: The Big Picture

  • by Cristian Pascariu
  • 1h 43m Duration
  •  (36)

Information and Cyber Security Literacy: Governance, Risk, and Compliance

  • by John Elliott
  • 59m Duration

Law, Ethics, and Security Compliance Management

  • by Christopher Rees
  • 2h 8m Duration
  •  (14)

Specialized Testing: SQL Injection

  • by Christian Wenz
  • 1h 13m Duration

Learn with the best

Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more
Sean Wilkins
Sean Wilkins
Sean Wilkins is an accomplished networking consultant and writer for Tech Building Blocks (www.techbuildingblocks.com) who has been in the IT field for over 20 years working with several large enterprises. Sean holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE) and CompTIA (A+ and Network+). His educational accomplishments include: a Master’s of Science in Information Technology with a focus in Network Architecture and Design, and a Master’s of Science in Organizational Management.
Brandon DeVault
Brandon DeVault
Brandon DeVault is an Sr. Security Author focusing on general blue team operations, incident response, and threat hunting at Pluralsight. He is also a member of the Florida Air National Guard and works as a threat hunter on a Mission Defense Team (MDT) defending North America’s air tracks. Prior to joining Pluralsight, Brandon worked with Elastic as an Education Architect creating and delivering security content. He also worked with Special Operations Command where he had two deployments to Af... more
Liam Cleary
Liam Cleary
Liam began his career as a trainer of all things computer-related. He quickly realized that programming, breaking, and hacking were much more fun. Liam spent the next few years working within core infrastructure and security services. He is the founder and owner of SharePlicity, a consulting company that focuses on Microsoft 365 and Azure technology. His role within SharePlicity is to help organizations implement Microsoft 365 and Azure technology to enhance internal and external collaboration, ... more
Cristian Pascariu
Cristian Pascariu
Cristian took part in auditing and implementation of infosec capabilities to uplift security posture. He managed codification efforts to extract indicators of compromise and created rules in the scope of defending against new emerging threats. He has also developed tools and scripts to overcome security gaps within the corporate network. Cristian has mentored L1 and L2 analysts to increase triage efficiency and combat new threats. He has experience in the field of Application Security and has pr... more
Tyler Hudak
Tyler Hudak
Tyler Hudak has more than 15 years of extensive real-world experience in incident handling, malware analysis, computer forensics, and information security for multiple Fortune 500 firms. He has spoken and taught at a number of security conferences on the topics of malware analysis, incident response, and penetration testing, and brings his frontl ine experience and proven techniques to bear in his training.
Nick Mitropoulos
Nick Mitropoulos
Nick is the CEO of Scarlet Dragonfly and has numerous years of experience in security training, cyber security, incident handling, vulnerability management, security operations, threat intelligence and data loss prevention. He is a certified ISC2 & EC-Council instructor, a GIAC advisory board member, an EC-Council global CISO member, a CEH Hall of Fame holder, a senior IEEE member and has an MSc in Advanced Security and Digital Forensics from Edinburgh Napier University.
John Elliott
John Elliott
John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S... more
Christopher Rees
Christopher Rees
Chris is a professional information technologist, trainer, manager and lifelong learner. He is married with 3 beautiful children and interested in martial arts, working out, spending time with family and friends and being creative whenever possible. He has created a number of IT Certification training courses over the past 10 years and really enjoys helping people advance their careers through training and personal development.
Christian Wenz
Christian Wenz
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... more

Join our learners and upskill
in leading technologies