An understanding of typical IT and security organizations and workflows such as SOCs, network operations centers (NOCs), service desks, incident response teams, The National Institute of Standards and Technology (NIST) Cybersecurity Framework, version 1.1.
An understanding of common attack vectors, such as phishing attacks, social engineering, ransomware, web application attacks, and others. Note – a deep understanding of each is not required, but the overall understanding of how an organization is commonly compromised is necessary.
A general understanding of common tools used during an incident response such as security information and event management (SIEM) tools, enterprise forensic capabilities, endpoint detection and response (EDR) tools, network-based intrusion detection & prevention (NIDPS) tools, firewalls, host-based intrusion detection & prevention (HIDPS), and vulnerability scanning engines.
An understanding of common cyber hygiene practices such as the Center for Internet Security (CIS) top 20 controls.
An understanding of what indicators of compromise (IOCs) are and how they apply during an incident response.