All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Security
    •

Cyber Defense Incident Responder | Work Role ID: 531 (NIST: PD-WRL-003)

27 Courses
14 Labs
49 Hours
Skill IQ

A **cyber defense incident responder** investigates, analyzes, and responds to cyber incidents within the network environment or enclave.

This path will get you started on your journey to becoming a cyber defense incident responder! Begin with the fundamental concepts of network protocols and common network analysis and incident response techniques through hands-on labs, dive into the essential skills necessary to perform the day-to-day functions security event triage and then expand your skill set with, automation, deeper/advanced concepts and additional knowledge from adjacent roles!

This path aligns to the Knowledge, Skills, Abilities and Tasks (KSAs) within the **Workforce Framework for Cybersecurity (CSWF)** and the **DoD Cyber Workforce Framework (DCWF)** for the work role of:

**Cyber Defense Incident Responder** Work Role 531 or PD-WRL-007

Get started

Content in this path

Fundamentals

Begin your learning journey with the fundamental concepts of networking and security!

Course

Network Protocols for Security: IPv4 and ARP

  • by Brandon DeVault
  • 18m
  • Apr 20, 2023
Lab

Network Protocols for Security: IPv4 and ARP

  • by Brandon DeVault
  • 2h 5m
  • Aug 04, 2025
Course

Network Protocols for Security: TCP and UDP

  • by Brandon DeVault
  • 20m
  • Feb 09, 2023
Lab

Network Protocols for Security: TCP and UDP

  • by Brandon DeVault
  • 2h 5m
  • Aug 04, 2025
Course

Network Protocols for Security: DNS

  • by Brandon DeVault
  • 17m
  • Sep 28, 2023
Lab

Network Protocols for Security: DNS

  • by Brandon DeVault
  • 2h 5m
  • Aug 04, 2025
Lab

Linux Endpoint Security: Networking

  • by Aaron Rosenmund
  • 2h 5m
  • Aug 04, 2025
Course

Windows Endpoint Security: Networking

  • by Michael Teske
  • 21m
  • Jan 13, 2023
Lab

Windows Endpoint Security: Networking

  • by Michael Teske
  • 1h 55m
  • Aug 05, 2025
Lab

System Protection: System Hardening

  • by Craig Stansbury
  • 50m
  • Aug 04, 2025
Course

OWASP Top 10: The Big Picture

  • by Hampton Paulk
  • 1h 24m
  • Oct 27, 2023
Course

IT Security Champion: Incident Response

  • by Matt Glass
  • 13m
  • Sep 13, 2024
Course

IT Security Champion: Cyber Threat Intel and Emerging Threats

  • by Christopher Rees
  • 16m
  • Feb 29, 2024

Skill Essentials

Now that you know the fundamentals, dive into the essential skills necessary to perform the day-to-day functions of a cyber defense incident responder including detection, analysis, containment, and eradication!

Course

Incident Response: Detection and Analysis

  • by Aaron Rosenmund
  • 2h 19m
  • Dec 16, 2021
Course

Incident Response: Containment, Eradication and Recovery

  • by Aaron Rosenmund
  • 1h 6m
  • May 12, 2023
Course

Incident Response: Host Analysis

  • by Aaron Rosenmund
  • 1h 37m
  • Jun 14, 2022
Course

Incident Response: Network Analysis

  • by Brandon DeVault
  • 1h 10m
  • Mar 09, 2022
Lab

Respond to Ransomware

  • by Shimon Brathwaite
  • 1h 45m
  • Jul 30, 2025
Course

Malware Analysis: Initial Access Techniques

  • by Josh Stroschein
  • 1h 40m
  • Nov 10, 2023
Course

Malware Analysis: Malicious Activity Detection

  • by Josh Stroschein
  • 1h 48m
  • Jan 19, 2024
Course

Security Event Triage: Detecting Network Anomalies with Behavioral Analysis

  • by Aaron Rosenmund
  • 2h 1m
  • May 07, 2019
Course

Specialized DFIR: Windows Registry Forensics

  • by Tyler Hudak
  • 1h 10m
  • Apr 13, 2023
Course

Specialized DFIR: Windows File System and Browser Forensics

  • by Tyler Hudak
  • 54m
  • Sep 25, 2023
Lab

Unpacking Malware: Analyzing Formbook

  • by Shimon Brathwaite
  • 1h 15m
  • Aug 04, 2025
Lab

Malware Analysis: Debugging and Reverse Engineering

  • by Shimon Brathwaite
  • 45m
  • Jul 30, 2025

Expanded Skillset

It's time to expand your skill set with tools, and more advanced concepts! This section gives you a brief introduction into many, additional skills that you will find helpful as a cyber defense incident responder. We have full training paths on all of these skills; see the Supplemental Skill Paths section to learn more.

Course

Identify Common Cyber Network Attacks with Wireshark

  • 2h 34m
  • Oct 12, 2021
Lab

Investigate Cyber Network Attacks with Wireshark

  • by Laurentiu Raducu
  • 55m
  • Aug 05, 2025
Lab

Network Forensics: tcpdump

  • by Jeff Christman
  • 45m
  • Jul 30, 2025
Course

Network Analysis with Arkime

  • by Josh Stroschein
  • 45m
  • Dec 11, 2020
Course

Writing Zeek Rules and Scripts

  • by Joe Abraham
  • 2h 6m
  • Aug 04, 2025
Course

Incident Management with TheHive

  • by Nick Mitropoulos
  • 27m
  • Jan 18, 2022
Lab

Threat Hunting: Host IOCs

  • by Shimon Brathwaite
  • 45m
  • Aug 05, 2025

Adjacent Skill Knowledge

Now that you've mastered all the skills for a cyber defense incident responder, learn about additional cyber roles and their responsibilities.

Course

Information and Cyber Security GRC: Risk Management

  • 1h 36m
  • Feb 27, 2024
Course

Information and Cyber Security GRC: Governance

  • by Dominique West
  • 1h
  • Nov 09, 2023
Course

Incident Management for CISM®

  • by Kevin Henry
  • 2h 12m
  • May 17, 2022
Course

Pen Testing: Planning, Scoping, and Recon

  • by Alexander Tushinsky
  • 1h 13m
  • Oct 10, 2022
Course

Specialized Testing: SQL Injection

  • by Christian Wenz
  • 1h 13m
  • Oct 06, 2022
Course

Sandworm: C2 over HTTP Emulation

  • by Matthew Lloyd Davies
  • 5m
  • Nov 12, 2024
Lab

Sandworm: C2 over HTTP Emulation Lab

  • by Matthew Lloyd Davies
  • 55m
  • Aug 05, 2025
Course

Sandworm: Keylogging Emulation

  • by Matthew Lloyd Davies
  • 5m
  • Nov 18, 2024
Lab

Sandworm: Keylogging Emulation Lab

  • by Matthew Lloyd Davies
  • 30m
  • Jul 30, 2025
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
What You'll Learn
Prerequisites
  • None
Related topics
  • cswf
  • dcwf
  • Incident Response
  • nice framework
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Brandon DeVault
Brandon DeVault
Brandon DeVault is a Security Researcher focused on threat hunting at CrowdStrike. He is also a member of the Florida Air National Guard with a variety of offensive and defensive experience. Prior to joining CrowdStrike, Brandon worked full-time as an author with Pluralsight and at Elastic, creating and delivering security content. He also worked with Special Operations Command, where he had two deployments to Afghanistan on deployable communications teams. His experience spans incident response...
Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur...
Michael Teske
Michael Teske
Michael Teske is a principal security author with Pluralsight helping people build their skills toolkit. Michael has 25+ years of experience in the IT Ops/Cloud/Cybersecurity industry including 17 of those years as an IT instructor at a technical college, focusing on Microsoft server infrastructure, security and automation. Michael attained his MBA with an emphasis in Computer Information System Security several years ago. Michael still keeps up with the industry as an independent consultant in ...
Craig Stansbury
Craig Stansbury
Craig has over 10 years of IT experience, including working on Palo Alto Firewalls, Cisco Routes and Switches, Microsoft Servers, and VMWare ESXi. Craig started in IT in the United States Marine Corps and began teaching his Marines all the design and implementation concepts that they needed to know. He loves when his students have the "lightbulb moment" and are able to understand the concepts he is teaching them. Aside from teaching, Craig also owns a business that consults with enterprises to h...
Hampton Paulk
Hampton Paulk
Hampton brings 25+ years of hands-on technology experience to every course he creates. His teaching philosophy is simple: meet learners where they are and make complex topics accessible. Whether breaking down emerging technologies, explaining foundational concepts, or exploring advanced implementations, he draws from decades of real-world experience building, breaking, and fixing systems. His approach combines practical insights with clear explanations, helping professionals at all levels gain t...
Matt Glass
Matt Glass
Matt Glass is a Service Delivery Manager in Naples, Italy, working as a government contractor. Matt has 17 years of IT experience in a variety of roles. Consistently finding joy in developing the skills of others and helping their careers, he joined Pluralsight in 2017 to pass on the lessons he learned. Matt is married and the father of four children.
Christopher Rees
Christopher Rees
Chris is a professional information technologist, author, trainer, manager and a lifelong learner. He is married with 3 beautiful children and interested in working out, spending time with family and friends and being creative whenever possible. He has been an author for over 25 years and has created over 60 IT Certification training courses. Chris really enjoys helping people advance in their careers through training and personal development.
Shimon Brathwaite
Shimon Brathwaite
Shimon Brathwaite is a seven-year cybersecurity professional with extensive experience in Incident Response, Vulnerability Management, Identity and Access Management and Consulting. He has worked at one of the Big Four consulting firms, multiple of Canada’s largest banks and in startup environments. In addition to his full-time work, he runs a blog securitymadesimple.org, a consulting company and is a published author with four books on cybersecurity. He is open for engagements related to cybers...
Josh Stroschein
Josh Stroschein
Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineer...
Tyler Hudak
Tyler Hudak
Tyler Hudak has more than 15 years of extensive real-world experience in incident handling, malware analysis, computer forensics, and information security for multiple Fortune 500 firms. He has spoken and taught at a number of security conferences on the topics of malware analysis, incident response, and penetration testing, and brings his frontl ine experience and proven techniques to bear in his training.
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ...
Jeff Christman
Jeff Christman
Jeff Christman is an experienced professional with over 20 years in the information technology field. Getting his start in the US Navy, he is now a consultant helping companies of all sizes migrate and secure cloud services. He is a passionate technologist and contributes regularly to several technology publications including Technsips.io, Adamtheautomator.com, and Pluralsight. Currently, he works for a large technology consulting company providing strategy, architecture, and planning expertise ...
Joe Abraham
Joe Abraham
Joe Abraham, CCIE #62417, is a Cybersecurity Architect working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three child...
Nick Mitropoulos
Nick Mitropoulos
Nick is the CEO of Scarlet Dragonfly and has numerous years of experience in security training, cyber security, incident handling, vulnerability management, security operations, threat intelligence and data loss prevention. He is a certified ISC2 & EC-Council instructor, a GIAC advisory board member, an EC-Council global CISO member, a CEH Hall of Fame holder, a senior IEEE member and has an MSc in Advanced Security and Digital Forensics from Edinburgh Napier University.
Dominique West
Dominique West
With 10 years in the Technology industry, Dominique West currently manages Datadog's compliance management function within the Information Security Department. As a leader, she is responsible for maintaining and executing the regulatory compliance roadmap, ensuring that it supports the business, sales and revenue objectives while maintaining alliance with existing information security standards. Prior to her time at Datadog, Dominique worked for as a Senior Cloud Security Consultant for Ernst ...
Kevin Henry
Kevin Henry
Kevin Henry is a well-known and respected educator and lecturer in the fields of information security and audit. Kevin uses his more than 30 years of practical experience as a network technician, computer programmer, and information systems auditor to deliver outstanding presentations that make each topic interesting, relevant, and useful. Often described by students as "The best instructor I have ever had," Kevin has the ability to provide quality instruction that engages the audience and provi...
Alexander Tushinsky
Alexander Tushinsky
Alex has spent the past 30+ years working as a software developer, application architect, cybersecurity professional, and technical trainer. He is a lifelong learner and holds over 20 active certifications in IT. Alex is a Microsoft Certified Trainer and enjoys sharing his knowledge with others. He has taught at Rutgers University, Bergen Community College, County College of Morris, College of Southern Nevada, and UNLV. He holds a BS in Software Development and a Masters in Cybersecurity from We...
Christian Wenz
Christian Wenz
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an...
Matthew Lloyd Davies
Matthew Lloyd Davies
Matt is a cyber security author and researcher here at Pluralsight. A certified penetration tester and incident handler, he created Pluralsight's CompTIA Pentest+ Specialized Attacks courses as well our courses on wireless, ICS/OT and hardware hacking. Matt has also helped to build our security labs portfolio; labs that help you get hands-on to understand the threats and vulnerabilities your organization faces today. With a background in Chemical Engineering, Matt's focus is on the security ...

Join our learners and upskill
in leading technologies