Join us at APCO 2022 Conference & Expo, August 7-10 in Anaheim, CA.   Learn more.


IR500 – Incident Response equips students with the needed tools to implement robust defense-in-depth practices within the workplace. IR provides detailed training on proper documentation and planning for computer network defense.

The course exposes students to a variety of real-world scenarios and provides hands-on experience in event detection and recovery in an enterprise environment.

Target Audience

IT and Cyber Security professionals looking to acquire hands-on experience, in the identification of and recovery from security events, and to establish and maintain a robust computer network defense posture.


Provide in-depth exposure to network and systems intrusion protection methods, what to do before, during and after an event, and how to recover from events and strengthen organizational security.

  • Day 1 introduces students to sound IR concepts focusing on proper awareness of information systems and networks, clear and up-to-date documentation and effective use of risk management theory.

  • Students use the tools learned on Day 1 to detect a possible incident and conduct a full-spectrum analysis on a selection of corporate network systems in order to judge impact and threat to business or company data.

  • Students learn to formulate a fully-realized recovery plan based on data received on a confirmed cyber incident on their company network. They will contain and eradicate threats to the network and use security auditing tools to verify success . Recovery efforts will be completed by verifying no new vulnerabilities were introduced to the network. Day 3 ends with students reporting on details of the event identification, response and recovery to organizational management.

  • Students apply forensically-sound principles to image a machine and recover useful information from additional imaged systems. Students participate in the recovery experience and are required to update a response plan.

  • Day 5 comprises a full-spectrum IR scenario that requires students to recover from a series of attacks discovered on a corporate network. They must scope the impacted systems, create a mitigation plan, harden weak defenses and conduct recovery efforts. This final exercise replicates a variety of network services, hardware, and configurations. The capstone reinforces exposure to tools and techniques learned during the previous four days.

Course Duration

Estimated Course Length: 24 hours.

Course Datasheet
IR500 – Incident Response
Download Datasheet