Incident Detection, Analysis & Response – for IT [CSR101]

To respond effectively to cyber security challenges, SOC-Members must constantly develop and test their knowledge and effectiveness. One of the best ways to do this is to test their readiness against simulated attack scenarios at a hyper-realisitic Cyber Simulation Range (CSR). This course sets the stage for future security analysts to deal with cyber-attack scenarios – ranging from basic to complex – which include legacy, current and emerging threat vectors.

By the end of this course, participants will be able to:

• understand the functionality of a state-of-the-art CDC
• utilize integrated tools of the complete CDC technology stack
• efficiently detect, assess and determine the scope of incidents
• enrich event information utilizing external threat intelligence
• perform tasks in various CDC roles in situations of stress

• Cyber Defense Center (CDC)
• Cyber Simulation Range (CSR)
• Understand the hyper-realistic CSR architecture
• Work with the CDC technology stack and toolbase
• Identfiy criticalities of assets and information
• Slip into different CDC roles
• Perform teamwork and individual tasks
• Practical training sessions in IT environments

• CDC analysts who are faced with security incidents on a regular basis and need to know how to detect, investigate, remediate, and recover from compromised systems across an IT infrastructure
• Threat hunters who are seeking to understand threats more fully and who want to learn from incidents in order to more effectively hunt threats and respond to future threats
• Technically oriented CISOs, risk managers and security experts who are responsible for the organisational management of serious cyber crises

• Most important: a passion for IT security
• Must: OS basics for Windows and Linux
• Must: Network basics regarding the OSI model
• Must: Logging and log analysis basics
• Nice to have: Hacking basics (Metasploit, Mimikatz, Kali, WebApp hacking etc.)

ISH certificate "SECURITY INCIDENT ANALYST – LEVEL 1"

Pierre Kroma has been working in the field of cybersecurity for over two decades and combines in-depth operational experience with teaching expertise. After completing his computer science studies in 2002, he worked in various roles as a penetration tester, forensic analyst, incident responder, and SOC manager. His focus is on establishing and developing SOC and incident response structures, optimizing SIEM and EDR platforms, developing detection rules, playbooks, and automations, and conducting complex purple teaming exercises in KRITIS and corporate environments. As a trainer and speaker, he develops and leads international, hands-on training courses and workshops on SOC operations, threat detection, forensics, and incident response and handling. He places particular emphasis on individual teaching methods, realistic scenarios, and sustainable knowledge transfer—always with the aim of strengthening analysts and organizations in their operational cyber defense.