Incident Response Cyber Security Incident Response (CSIR)

Provided by

Enquire about this course

About the course

Cyber Security Incident Responder (CSIR)
Specialist - level course

This specialist-level course is for professionals who are looking to develop and improve their knowledge or ability in the Cyber Security Incident Response (CSIR) field.  The course follows the CREST incident response model and focuses on the knowledge required to effectively respond to a cyber incident. 

How will I benefit?
This course will enable you to:

  • Learn the knowledge required to undertake incident response activities
  • Gain confidence to identify and capturing live Operating System artefacts.

7Safe's CSIR courses are aligned with the CREST Intrusion Analysis and Incident Response Syllabus, which identifies at a high level the technical skills and knowledge that CREST expects candidates to possess for the Certification examinations in the area of Intrusion Analysis.

"The instructors delivered a highly engaging, technical and modern course in this ever-changing field.  I would not hesitate to recommend this course for colleagues and other persons looking to advance in this field"

CSIR delegate
National Law Enforcement body

About this course
You will need some experience or a good understanding of:

  • The CSIR process
  • Windows Operating Systems
  • Command line interface
  • Computer networks
  • Forensic investigations
  • Malware investigation

What will I learn?
This 7Safe course will cover aspects of the CREST Intrusion Analysis and Incident Management Syllabus. You can download a free copy by following the link below:

Who should attend?

  • Cyber security incident responders / investigators
  • Cyber security practitioners with advanced IT skills
  • IT administrators and IT technicians responsible for Cyber Security Incident Response
  • IT & IS managers with technical skills who want to better understand the CSIR process
  • Anyone with advanced IT skills considering a career in cyber incident response work

You will learn and practice the skills and understanding needed to conduct a thorough threat hunt within a live enterprise environment


  • How to effectively conduct and automate data collection from remote locations using built-in and third-party tools so that vital clues and potential threats will not be missed
  • How to correlate and analyse data to successfully identify active and passive threats already existing within a network

This course will give you:

  • The skills to undertake your own threat hunts and develop your methodologies
  • The ability to understand and correlate separate artefacts into larger patterns to better identify potential threats

Experienced cyber security professionals, senior SOC analysts,
incident responders and penetration testers looking to enhance their skillsets to understand how to look for and collect artefacts pertaining to an attack or data breach.

This is an advanced course. Delegates wishing to attend should have a good working knowledge of PowerShell including WMI and command line
tools. A good working knowledge of attack techniques, networking, malware investigations, including network and forensic investigations are also prerequisites for attending this course.

Upon successful completion of the practical exam, you will be awarded
the Certified Cyber Threat Hunter qualification.

Throughout the course, your time will be split between learning the methods and principals required to conduct a successful threat hunt within an enterprise environment and applying these in practical, hands-on exercises based on real-life scenarios.

Topics covered will include:
1. Applicable law and standards
a. Relevant legislation
b. ISO Standards
c. Competency

2. Theory & models
a. What is Threat Hunting?
b. Hunting principals
c. Relevant frameworks
d. Threat types

3. Computer networks
& environments
a. Network infrastructure
b. Network nodes

4. Practical considerations
a. Security monitoring
b. Operating System-based
c. File System-based
d. Network-based

5. Information gathering
& data collection
a. Scoping
b. Existing information
c. Scripting and automation
d. Tools & techniques
e. Data collection

6. Interpretation and analysis
a. Data aggregation & normalisation
b. Interpretation
c. Analysis

7. Threat hunting exercises
a. Three 1 day labs
b. Realistic threat hunting scenarios
c. In-depth learning of relevant attacker tactics, threats and

8. Practical final exercise and exam based on the methods and
techniques learned throughout the course



Start date Location / delivery
01 Nov 2021 Cambridge

Related article

If you're looking for a career in cloud security, you should be considering one of these four vendor-agnostic certifications.