Certified Cyber Incident Response Manager

Certified Cyber Incident Response Manager

As organizations continue to rely on expanding infrastructure in an increasingly hostile threat landscape, the escalation of incidents involving malicious actors poses critical risks to information systems and networks. The ability to identify threats, respond to incidents, restore systems, and enhance security postures is vital to the survival of the operation.

The Certified Cyber Incident Response Manager certification course brings Incident Response core competencies to advanced levels by presenting students with 16 detailed learning objectives. Students will be provided with the knowledge and the practical skills needed to investigate and respond to network and system incidents. With a specific focus on the identification and remediation of incidents involving host and network devices, students will cover topics such as Threat Intelligence Collection, Investigative Techniques, Creating Playbooks, and Malware Triage. Practical lab exercises utilize Wireshark, a packet capturing tool used in real-world investigations.

Course Outline and Learning Objectives

01) Overview of The Incident Response Life Cycle
02) Understanding the Threat Landscape
03) Building an Effective Incident Response Capability
04) Preparing for Incident Response Investigations
05) Vulnerability Assessment and Management
06) Identifying Network and System Baselines
07) Indicators of Compromise and Threat Identification
08) Investigative Principles and Lead Development

09) Threat Intelligence Collection and Analysis
10) Overview of Data Forensics and Analysis
11) Host-Based Data Collection Practices
12) Network-Based Data Collection Practices
13) Static and Dynamic Malware Triage
14) Incident Containment and Remediation
15) Incident Reporting and Lessons Learned
16) Creating Playbooks and Response Scenarios

Wireshark Lab Exercises

01) Virtual Machine Setup in Kali Linux
02) The Wireshark User Interface
03) Customizing Wireshark Settings
04) Applying Capture Filters
05) Applying Display Filters

06) Color Rules and Packet Export
07) Creating Tables and Graphs
08) File and Object Reassembly
09) Adding Comments to Trace Files
10) Command-Line Capture Tools

Course Prerequisites

Students should possess a working knowledge of networks, TCP/IP, and have 24 months of professional experience in Information Security, Information Assurance, or Information Technology (with a focus in security).

Laptop with Lab Software Included

Phase2 Advantage: Certified Network Forensic Analysis Manager

All students attending the Certified Cyber Incident Response Manager course will be provided with a Dell laptop loaded with all software required for the practical labs.  The software includes:

1) Oracle Virtual Box
2) Kali Linux O/S
3) Wireshark Packet Capturing Tool
4) Kali Tools Suite
5) Original ISO’s for VM Set-Up / Restoration

Students are encouraged to continue their course studies after the course completion.¬† A laptop carrying case will be provided for convenient transport to the students’ home location.

Course Materials

Course Textbook
Lab Textbook
Lecture / Lab Workbook
Dell Computer with Lab Software

Exam Prep Guide
Course Certification Certificate
CPE Completion Certificate
Certification Exam

Certification Exam and Daily Lunches Included in Course Fee.

Additional Information







5 Days


40 CPE Credits


Ask About Our Training Discounts

Phase2 Advantage offers discounts to non-profit organizations, federal agencies, law enforcement personnel, and the military affiliate community. We also offer group discounts. Email training@phase2advantage.com to see if your organization qualifies for one or more of our discount programs.

The Certified Cyber Incident Response  Manager course is a component of the career progression track that supports the following Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework:

Exploitation Analyst

Cyber Crime Investigator

Threat/Warning Analyst

Cyber Defense Incident Responder

Information Systems Security Manager

Vulnerability Assessment Analyst

Average Yearly Salary:

Certification Examination

Phase2 Advantage Certification Exam

Upon completion of this course, students will be prepared to sit for the Cyber Incident Response Manager certification examination. A proctored examination will be offered at the conclusion of the final training day consisting of True/False, Multiple Choice, and Fill in the Blank questions.

Students will have two hours to complete a computer-based examination consisting of 100 questions. A score of 70% or higher is required to earn the certification. Upon successful completion of the exam, students will receive a hardcopy of their certification and a proctor validation document from the course instructor. Students will also receive a 40-hour CPE Certificate regardless of their exam score.

The examination is “open book.” However, students will only be allowed to use reference materials and notes presented during the course. Proctored examinations and proctor validation documents are only available for courses taken in a physical classroom environment.

View the Phase2 listing on