Free Incident Response Training Plan

This plan is based on what I wish I knew before starting in Incident Response and is divided into two parts. Just go to either Part 1 or Part 2 to start.

Part 1: The Core Training Plan

The Core Training Plan starts out with a course for complete beginners to IT and includes the four core training categories listed on the homepage (General IT/Cybersecurity, Linux, Networking & Programming/Scripting).

As far as programming/scripting goes, so far I am required to learn to read and write Python, be able to modify JSON, and be able to read assembly and other languages. For more information regarding coding and incident response, check out the SANS Whitepaper Coding For Incident Response: Solving the Language Dilemma by Shelly Giesbrecht

Part 2: The Training Plan for New (or aspiring) Incident Responders

I based this part of the plan on a talk I saw by Ryan Chapman about implementing an incident response training plan. This includes the DFIR Related Categories listed on the homepage (Digital Forensics, Incident Response, Malware Analysis, OSINT).

Note: Being relatively new, I keep coming across things I didn’t know I needed to know so I will update these accordingly.


If you’re wondering exactly what Incident Response is, here are a couple of videos.

What is Incident Response? – Mossé Cyber Security Institute
Cybersecurity: What Is “Security Incident Response,” & Why Is It SO Important? – Cybersecurity Meg