CyberSec First Responder (CFR)

The CyberSec First Responder course covers network defense and incident response methods, tactics, and procedures that are in alignment with industry frameworks such as NIST 800-61r2 (Computer Security Incident Handling Guide), US-CERT’s National Cyber Incident Response Plan (NCIRP), and Presidential Policy Directive (PPD)-41 on Cyber Incident Coordination. It is ideal for candidates who have been tasked with the responsibility of monitoring and detecting security incidents in information systems and networks, and for executing standardized responses to such incidents. The course introduces tools, tactics, and procedures to manage cybersecurity risks, defend cybersecurity assets, identify various types of common threats, evaluate the organization’s security, collect and analyze cybersecurity intelligence, and remediate and report incidents as they occur. This course provides a comprehensive methodology for individuals responsible for defending the cybersecurity of their organization. In addition, this course and subsequent certification (CFR-410) meet all requirements for personnel requiring DoD directive 8570.01-M position certification baselines:

CSSP Analyst
CSSP Infrastructure Support CSSP Incident Responder CSSP Auditor
The course and certification also meet all criteria for the following Cybersecurity Maturity Model Certification (CMMC) domains:

Incident Response (IR)
Audit and Accountability (AU) Risk Management (RM)

Course Overview

Overall Proficiency Level

2 - Intermediate

Course Prerequisites

At least two years (recommended) of experience or education in computer network security technology or a related field.

Training Purpose

Skill Development

Specific Audience

All

Delivery Method

Online, Instructor-Led

Classroom

Course Locations

201 Biscayne Blvd
Suite 2800
Miami, FL 33131

1050 Connecticut Ave NW
Suite 500
Washington D.C., DC 20036

1177 6th Ave
Suite 500
New York, NY 10036

125 S Wacker Dr
Suite 300
Chicago, MI 60606

1751 River Run Westbend
Suite 200
Fort Worth, TX 76107

1420 5th Ave
Suite 2200
Seattle, WA 98101

1 Market St
Suite 3600
San Francisco, CA 94105

402 W Broadway
Suite 400
San Diego, CA 92101

Online, Instructor-Led
Classroom

Learning Objectives

In this course, you will identify, assess, respond to, and protect against security threats and operate a system and network security analysis platform. You will:

Assess cybersecurity risks to the organization.
Analyze the threat landscape.
Analyze various reconnaissance threats to computing and network environments.
Analyze various attacks on computing and network environments.
Analyze various post-attack techniques.
Assess the organization’s security posture through auditing, vulnerability management, and penetration testing.
Collect cybersecurity intelligence from various network-based and host-based sources.
Analyze log data to reveal evidence of threats and incidents.
Perform active asset and network analysis to detect incidents.
Respond to cybersecurity incidents using containment, mitigation, and recovery tactics.
Investigate cybersecurity incidents using forensic analysis techniques.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas

Work Roles

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: April 22, 2025