Threat Detection and Response (TDR) Training in Alabama

This instructor-led, live training in Alabama (online or onsite) is aimed at intermediate-level cybersecurity professionals who wish to implement CTEM in their organizations for government use.

By the end of this training, participants will be able to:

• Understand the principles and stages of CTEM for government applications.
• Identify and prioritize risks using CTEM methodologies tailored for government environments.
• Integrate CTEM practices into existing security protocols for enhanced governance and accountability.
• Utilize tools and technologies for continuous threat management in a public sector context.
• Develop strategies to validate and improve security measures continuously, ensuring alignment with public sector workflows and standards.

This instructor-led, live training in Alabama (online or onsite) is aimed at intermediate-level cybersecurity professionals who wish to leverage DeepSeek for advanced threat detection and automation for government.

By the end of this training, participants will be able to:

• Utilize DeepSeek AI for real-time threat detection and analysis in public sector environments.
• Implement AI-driven anomaly detection techniques aligned with government cybersecurity standards.
• Automate security monitoring and response using DeepSeek to enhance operational efficiency for government agencies.
• Integrate DeepSeek into existing cybersecurity frameworks to support robust governance and accountability practices.

OpenEDR is an open-source endpoint detection and response platform that provides continuous telemetry, detection, and analysis of adversarial activity on endpoints.

This instructor-led, live training (online or onsite) is aimed at IT and security professionals at beginner to intermediate levels who wish to deploy, configure, and operate OpenEDR to detect and respond to cyber threats for government agencies.

By the end of this training, participants will be able to:

• Deploy and configure OpenEDR agents and server components for telemetry collection in a government environment.
• Perform basic detection and monitoring using OpenEDR dashboards and event views to support public sector workflows.
• Analyze endpoint events to identify suspicious activity and potential threats, ensuring alignment with government security protocols.
• Integrate OpenEDR alerts into incident response workflows and reporting for enhanced governance and accountability.

Format of the Course

• Interactive lecture and discussion to facilitate understanding of key concepts for government.
• Extensive exercises and practice sessions to reinforce learning.
• Hands-on implementation in a live-lab environment, simulating real-world scenarios for government agencies.

Course Customization Options

• To request a customized training for this course tailored to specific needs of your government agency, please contact Govtra to arrange.

OpenEDR is an open-source endpoint detection and response platform designed to provide analytic detection with MITRE ATT&CK visibility. It supports real-time event correlation and root cause analysis of adversarial activity.

This instructor-led, live training (online or onsite) is aimed at advanced-level SOC analysts, threat hunters, and incident responders who wish to design and operate threat-hunting programs using OpenEDR and map detections to the MITRE ATT&CK framework for government use.

By the end of this training, participants will be able to:

• Deploy and configure OpenEDR agents and server components for telemetry collection and analysis in a secure environment.
• Map observable endpoint telemetry to MITRE ATT&CK techniques and develop detection logic accordingly.
• Design and execute threat-hunting workflows that utilize behavioral analytics and event correlation to identify adversarial activity.
• Integrate OpenEDR findings into incident response playbooks and conduct thorough root cause analysis.

Format of the Course

• Interactive lecture and discussion tailored to government workflows and governance.
• Extensive exercises and practice sessions to reinforce learning.
• Hands-on implementation in a live-lab environment to simulate real-world scenarios for government.

Course Customization Options

• To request a customized training for this course, please contact Govtra to arrange.

Ransomware is a type of malicious software designed to encrypt data and extort organizations.

This instructor-led, live training (online or onsite) is aimed at intermediate-level security professionals who wish to enhance their negotiation strategies and improve their intelligence capabilities during ransomware incidents for government agencies.

After completing this training, participants will gain the ability to:

• Evaluate the structure, behavior, and lifecycle of modern ransomware campaigns.
• Implement proven negotiation frameworks in real-world ransomware scenarios.
• Collect, analyze, and operationalize threat intelligence for robust ransomware defense.
• Effectively coordinate with stakeholders, law enforcement, and external partners during an attack.

Format of the Course

• Expert-led presentations supported by real-world case studies.
• Interactive exercises simulating ransomware negotiations.
• Practical hands-on experience with intelligence tools in a controlled lab environment.

Course Customization Options

• If your organization requires a tailored version of this training, please contact us for customization options.

This instructor-led, live training in Alabama (online or onsite) is designed for advanced-level cyber security professionals who wish to gain a comprehensive understanding of Cyber Threat Intelligence and develop the skills necessary to effectively manage and mitigate cyber threats for government.

By the end of this training, participants will be able to:

• Understand the foundational principles of Cyber Threat Intelligence (CTI).
• Evaluate the current landscape of cyber threats relevant to public sector operations.
• Gather and process intelligence data in alignment with government workflows.
• Conduct advanced threat analysis to support informed decision-making.
• Utilize Threat Intelligence Platforms (TIPs) and automate threat intelligence processes for enhanced efficiency and accuracy.

Detection engineering is the practice of designing, implementing, and refining methods to identify malicious behavior across systems and networks.

This instructor-led, live training (online or onsite) is aimed at beginner-level cybersecurity practitioners who wish to gain practical skills in building and tuning security detections for government.

Upon completion of this training, participants will have the skills needed to:

• Develop effective detection rules and signatures using common security tools.
• Interpret logs and telemetry to identify suspicious behaviors.
• Apply threat intelligence to strengthen detection logic.
• Optimize alerts and reduce false positives within a Security Operations Center (SOC) workflow.

Format of the Course

• Guided instruction with practical demonstrations.
• Scenario-driven exercises and hands-on analysis.
• Real-world detection building within an interactive lab environment.

Course Customization Options

• If your organization requires a tailored version of this program, please contact Govtra to discuss customization options for government.

The Certified Incident Handler course provides a structured approach to managing and responding to cybersecurity incidents effectively and efficiently for government agencies.

This instructor-led, live training (online or onsite) is aimed at intermediate-level IT security professionals who wish to develop the tactical skills and knowledge needed to plan, classify, contain, and manage security incidents within public sector environments.

By the end of this training, participants will be able to:

• Understand the incident response lifecycle and its phases for government operations.
• Execute incident detection, classification, and notification procedures in alignment with public sector workflows.
• Apply containment, eradication, and recovery strategies effectively within government frameworks.
• Develop post-incident reporting and continuous improvement plans that enhance governance and accountability.

Format of the Course

• Interactive lecture and discussion tailored to government needs.
• Hands-on use of incident handling procedures in simulated scenarios relevant to public sector challenges.
• Guided exercises focused on detection, containment, and response workflows for government agencies.

Course Customization Options

• To request a customized training for this course based on your organization's incident response procedures or tools, please contact us to arrange a session that meets your specific requirements for government operations.

The Bug Bounty: Advanced Techniques and Automation course provides an in-depth exploration of high-impact vulnerabilities, automation frameworks, reconnaissance techniques, and the strategic tooling used by top-tier bug bounty hunters.

This instructor-led, live training (available online or onsite) is designed for intermediate to advanced-level security researchers, penetration testers, and bug bounty hunters who aim to automate their workflows, scale reconnaissance efforts, and identify complex vulnerabilities across multiple targets for government and other public sector entities.

By the end of this training, participants will be able to:

• Automate reconnaissance and scanning processes for multiple targets.
• Utilize cutting-edge tools and scripts for bounty automation.
• Identify complex, logic-based vulnerabilities beyond standard scans.
• Develop custom workflows for subdomain enumeration, fuzzing, and reporting.

Format of the Course

• Interactive lecture and discussion sessions.
• Hands-on use of advanced tools and scripting for automation.
• Guided labs focused on real-world bounty workflows and advanced attack chains.

Course Customization Options

• To request a customized training program based on your specific bounty targets, automation needs, or internal security challenges for government use, please contact us to arrange.

Bug Bounty Hunting is the practice of identifying security vulnerabilities in software, websites, or systems and responsibly reporting them for rewards or recognition.

This instructor-led, live training (online or onsite) is aimed at beginner-level security researchers, developers, and IT professionals who wish to learn the fundamentals of ethical bug hunting and how to participate in bug bounty programs for government.

By the end of this training, participants will be able to:

• Understand the core concepts of vulnerability discovery and bug bounty programs.
• Use key tools like Burp Suite and browser development tools for testing applications.
• Identify common web security flaws such as Cross-Site Scripting (XSS), SQL Injection (SQLi), and Cross-Site Request Forgery (CSRF).
• Submit clear, actionable vulnerability reports to bug bounty platforms.

Format of the Course

• Interactive lecture and discussion.
• Hands-on use of bug bounty tools in simulated testing environments.
• Guided exercises focused on discovering, exploiting, and reporting vulnerabilities.

Course Customization Options

• To request a customized training for this course based on your organization's applications or testing needs, please contact to arrange.

This instructor-led, live training in Alabama (online or onsite) is aimed at intermediate-level duty managers and operational leaders who wish to develop robust cyber resilience strategies to protect their organizations from cyber threats for government operations.

By the end of this training, participants will be able to:

• Comprehend the fundamentals of cyber resilience and their importance in duty management.
• Create incident response plans to ensure operational continuity.
• Recognize potential cyber threats and vulnerabilities within their organizational environment.
• Enact security protocols to reduce risk exposure.
• Facilitate coordinated team responses during cyber incidents and recovery processes.

This instructor-led, live training in Alabama (online or onsite) is aimed at intermediate-level IT security professionals who wish to enhance their skills in security monitoring, analysis, and response for government environments.

By the end of this training, participants will be able to:

• Understand the role of a Blue Team in cybersecurity operations for government agencies.
• Utilize SIEM tools for comprehensive security monitoring and log analysis.
• Detect, analyze, and respond to security incidents effectively within government networks.
• Conduct network traffic analysis and gather threat intelligence to support government security initiatives.
• Implement best practices in security operations center (SOC) workflows tailored for government operations.

This instructor-led, live training in Alabama (online or onsite) is aimed at intermediate to advanced cybersecurity professionals who wish to enhance their skills in AI-driven threat detection and incident response for government.

By the end of this training, participants will be able to:

• Implement advanced AI algorithms for real-time threat detection.
• Customize AI models to address specific cybersecurity challenges.
• Develop automation workflows for efficient threat response.
• Secure AI-driven security tools against adversarial attacks.

This instructor-led, live training in Alabama (online or onsite) is designed for beginner-level cybersecurity professionals who wish to learn how to utilize artificial intelligence (AI) for enhanced threat detection and response capabilities.

By the end of this training, participants will be able to:

• Comprehend AI applications in the field of cybersecurity.
• Implement AI algorithms for effective threat detection.
• Automate incident response using AI tools.
• Integrate AI into existing cybersecurity infrastructure to improve operational efficiency and security measures for government.

Discover how to investigate, respond to, and proactively hunt for cyber threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. This course is designed to equip you with the skills needed to mitigate cyber threats using these advanced technologies. You will learn to configure and utilize Azure Sentinel effectively, as well as employ Kusto Query Language (KQL) for detection, analysis, and reporting. The course is tailored for individuals in Security Operations roles and helps prepare learners for the SC-200: Microsoft Security Operations Analyst exam.

Audience Profile

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for government. Their primary objective is to reduce organizational risk by rapidly addressing active threats, recommending enhancements to threat protection practices, and referring policy violations to the appropriate parties. Responsibilities include comprehensive threat management, monitoring, and response using a variety of security solutions across their environment. The Security Operations Analyst primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. As they rely on the operational output of these tools, they are also critical stakeholders in their configuration and deployment.

Job role: Security Engineer

Preparation for exam: SC-200

Features: none

Skills Gained

• Explain how Microsoft Defender for Endpoint can mitigate risks in your environment
• Create a Microsoft Defender for Endpoint environment
• Configure Attack Surface Reduction rules on Windows 10 devices
• Perform actions on a device using Microsoft Defender for Endpoint
• Investigate domains and IP addresses in Microsoft Defender for Endpoint
• Investigate user accounts in Microsoft Defender for Endpoint
• Configure alert settings in Microsoft Defender for Endpoint
• Explain how the threat landscape is evolving
• Conduct advanced hunting in Microsoft 365 Defender
• Manage incidents in Microsoft 365 Defender
• Explain how Microsoft Defender for Identity can mitigate risks in your environment
• Investigate DLP alerts in Microsoft Cloud App Security
• Explain the types of actions you can take on an insider risk management case
• Configure auto-provisioning in Azure Defender
• Remediate alerts in Azure Defender
• Construct KQL statements
• Filter searches based on event time, severity, domain, and other relevant data using KQL
• Extract data from unstructured string fields using KQL
• Manage an Azure Sentinel workspace
• Use KQL to access the watchlist in Azure Sentinel
• Manage threat indicators in Azure Sentinel
• Explain the differences between Common Event Format and Syslog connectors in Azure Sentinel
• Connect Azure Windows Virtual Machines to Azure Sentinel
• Configure Log Analytics agent to collect Sysmon events
• Create new analytics rules and queries using the analytics rule wizard
• Create a playbook to automate an incident response
• Use queries to hunt for threats
• Observe threats over time with livestream

This instructor-led, live training in Alabama (online or onsite) is designed for government security analysts and system administrators at the beginner to intermediate level who seek to establish a foundational understanding of Cyber Defence (SOC) analysis.

By the end of this training, participants will be able to:

• Understand the principles of Security Management within a Cyber Defence context for government.
• Execute effective Incident Response strategies to mitigate security incidents in public sector environments.
• Implement Security Education practices to enhance organizational awareness and preparedness for government operations.
• Manage and analyze Security Information to proactively identify threats for government systems.
• Utilize Event Management techniques to monitor and respond to security events within government networks.
• Implement Vulnerability Management processes to identify and address system vulnerabilities in government IT infrastructure.
• Develop skills in Threat Detection to identify and respond to potential cyber threats affecting government operations.
• Participate in Simulated Attacks to test and improve incident response capabilities for government agencies.

The Certified Digital Forensics Examiner vendor-neutral certification is designed to train cyber crime and fraud investigators. This course teaches students electronic discovery and advanced investigation techniques, making it essential for anyone encountering digital evidence while conducting an investigation.

The Certified Digital Forensics Examiner training provides instruction on the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report.

The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence for government.

This course addresses how to manage an incident response team, focusing on the role of the first responder. Given the frequency and complexity of today's cyber attacks, incident response is a critical function for government organizations.

Incident response serves as the last line of defense, and detecting and efficiently responding to incidents necessitates robust management processes. Managing an incident response team requires specialized skills and knowledge, particularly for government agencies.

This instructor-led, live training in Alabama (online or onsite) for government covers the various aspects of enterprise security, ranging from artificial intelligence to database protection. The course also includes an overview of the latest tools, processes, and strategies necessary to defend against cyber threats.

In this course, you will gain a comprehensive understanding of the principles and techniques essential for digital forensics investigations and the range of available computer forensics tools. You will explore core forensic procedures to ensure the court admissibility of evidence, as well as delve into the legal and ethical implications relevant to these practices.

This course will equip you with the skills to conduct a thorough forensic investigation on both Unix/Linux and Windows systems, encompassing various file systems. Additionally, it covers advanced topics such as wireless, network, web, database, and mobile crime investigations, ensuring that you are well-prepared for government and public sector workflows.

This course will immerse participants into an interactive environment where they will be shown how to scan, test, hack, and secure their own systems. The lab-intensive environment provides each participant with in-depth knowledge and practical experience with the current essential security systems. Participants will begin by understanding how perimeter defenses work and then proceed to scanning and attacking their own networks, ensuring no real network is harmed. They will also learn how intruders escalate privileges and what steps can be taken to secure a system. Additionally, participants will gain insights into Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, and Virus Creation. Upon completing this intensive 5-day class, participants will have hands-on understanding and experience in Ethical Hacking for government environments.

The purpose of the Ethical Hacking Training is to:

• Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures for government agencies.
• Inform the public that credentialed individuals meet or exceed the minimum standards required for government roles.
• Reinforce ethical hacking as a unique and self-regulating profession, particularly within the context of government operations.

Audience:

The course is ideal for those working in positions such as, but not limited to:

• Security Engineers
• Security Consultants
• Security Managers
• IT Directors/Managers
• Security Auditors
• IT Systems Administrators
• IT Network Administrators
• Network Architects
• Developers

Why should you attend?

The Certified Lead Ethical Hacker training course equips participants with the essential expertise to conduct information system penetration tests by applying recognized principles, procedures, and penetration testing techniques. This training will help identify potential threats on a computer network. Throughout the course, attendees will gain the knowledge and skills necessary to manage a penetration testing project or team, as well as plan and execute internal and external pentests in accordance with various standards such as the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). Additionally, participants will develop a comprehensive understanding of how to draft reports and propose countermeasures. Practical exercises will enable attendees to master penetration testing techniques and acquire the skills needed to manage a pentest team, communicate effectively with clients, and resolve conflicts.

The Certified Lead Ethical Hacking training course offers a technical perspective on information security through ethical hacking, using common techniques such as information gathering and vulnerability detection, both within and outside of business networks. The training is also aligned with the NICE (National Initiative for Cybersecurity Education) Protect and Defend framework.

After acquiring the necessary knowledge and skills in ethical hacking, participants can take the exam and apply for the "PECB Certified Lead Ethical Hacker" credential. Holding a PECB Lead Ethical Hacker certificate demonstrates that you have acquired the practical skills required to perform and manage penetration tests according to best practices.

Who should attend?

• Individuals interested in IT Security, particularly in Ethical Hacking, either to deepen their understanding or to initiate a professional reorientation.
• Information security officers and professionals aiming to master ethical hacking and penetration testing techniques for government use.
• Managers or consultants seeking to control the penetration testing process effectively.
• Auditors who wish to perform and conduct professional penetration tests.
• Personnel responsible for maintaining the security of information systems within an organization.
• Technical experts looking to learn how to prepare a pentest.
• Cybersecurity professionals and information security team members.

This instructor-led, live training in Alabama (online or onsite) is designed for government computer users who wish to understand malware and implement appropriate measures to minimize its threat.

By the end of this training, participants will be able to:

• Understand the concept of malware.
• Identify various types of malware.
• Take necessary steps to mitigate malware threats through procedural, technological, and awareness measures.

Format of the Course

• Interactive lecture and discussion tailored for government audiences.
• Extensive exercises and practice sessions designed for government professionals.
• Hands-on implementation in a live-lab environment, ensuring practical application for government workflows.

Course Customization Options

• To request a customized training for this course for government, please contact us to arrange.

The Certified Ethical Hacker (CEH) certification is highly sought after in the field of cybersecurity, both domestically and internationally.

This program includes comprehensive instruction and practical exercises designed to prepare students for the CEH certification exam and the CEH Practical Exam. Successfully passing both exams confers the CEH Master credential along with the CEH certification.

Students have the option to add either the CPENT or the CHFI course to their training package.

The Certified Penetration Testing Professional (CPENT) course or the Computer Hacking Forensic Investigator (CHFI) course will be provided to each student through EC-Council’s online, self-paced, streaming video program for government use.

CPENT (Pen-test):
This course teaches students how to apply the concepts and tools covered in the CEH program to a penetration testing methodology within a live cyber range environment.

CHFI (Computer Forensics):
This course provides a methodological approach to computer forensics, including techniques for searching and seizing digital evidence, maintaining chain-of-custody, acquiring, preserving, analyzing, and reporting on digital evidence.

Course Description

The CEH program offers an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will equip you with the knowledge to understand how hackers think and operate maliciously, thereby enabling you to better secure your organization’s infrastructure and defend against future attacks. An awareness of system weaknesses and vulnerabilities helps organizations enhance their security controls and minimize the risk of incidents.

The CEH curriculum is designed to provide a hands-on environment and systematic process across each ethical hacking domain and methodology, giving students the opportunity to demonstrate the knowledge and skills necessary to earn the CEH credential. You will gain a new perspective on the responsibilities and measures required to maintain security.

Who Should Attend

• Law enforcement personnel
• System administrators
• Security officers
• Defense and military personnel
• Legal professionals
• Bankers
• Security professionals

About the Certified Ethical Hacker Master

To earn the CEH Master certification, you must pass the CEH Practical exam. The CEH Practical Exam is designed to assess students' ability to apply the principles taught in the CEH course. This practical exam requires you to demonstrate ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, and more.

The CEH Practical does not include simulations; instead, it involves challenging a live range that mimics a corporate network using live virtual machines, networks, and applications. Successfully completing the challenges in the CEH Practical Exam is the next step after obtaining the Certified Ethical Hacker (CEH) certification. Passing both the CEH exam and the CEH Practical will earn you the additional certification of CEH Master.

About the Certified Ethical Hacker Practical

To demonstrate your proficiency in ethical hacking, we assess your abilities through real-world challenges in a realistic environment. This involves using labs and tools to complete specific ethical hacking tasks within a time limit, mirroring real-world scenarios.

The EC-Council CEH (Practical) exam features a complex network that simulates a large organization’s real-life network infrastructure, including various systems such as DMZs and firewalls. You must apply your ethical hacking skills to discover and exploit live vulnerabilities while also auditing the systems.

About CPENT

EC-Council’s Certified Penetration Tester (CPENT) program focuses on penetration testing in an enterprise network environment that requires attack, exploitation, evasion, and defense. If you have experience working only in flat networks, CPENT’s live practice range will elevate your skills by teaching you to test IoT systems, OT systems, write your own exploits, build custom tools, conduct advanced binary exploitation, double pivot to access hidden networks, and customize scripts and exploits to penetrate the innermost segments of a network.

About CHFI

The Computer Hacking Forensic Investigator (CHFI) course provides a vendor-neutral perspective on digital forensics. This comprehensive program covers major forensic investigation scenarios and equips students with hands-on experience in various forensic techniques and standard forensic tools necessary for conducting successful computer forensic investigations.

This instructor-led, live training in Alabama (online or onsite) is aimed at information system analysts who wish to utilize MITRE ATT&CK to reduce the risk of security compromises for government operations.

By the end of this training, participants will be able to:

• Configure the required development environment to begin implementing MITRE ATT&CK for government systems.
• Categorize how attackers interact with government information systems.
• Document adversary behaviors within government networks and systems.
• Monitor attacks, analyze patterns, and evaluate existing defense mechanisms for government use.

This instructor-led, live training in Alabama (online or onsite) is aimed at information analysts who wish to learn the techniques and processes behind social engineering to protect sensitive information for government use.

By the end of this training, participants will be able to:

• Configure the required development environment to begin creating custom malware.
• Undetectably backdoor legitimate web applications.
• Disguise malicious files as common file types.
• Utilize social engineering techniques to guide targets into accessing a fraudulent website.