Threat Detection and Response (TDR) Training in Georgia

This instructor-led, live training (conducted online or onsite) is designed for intermediate-level cybersecurity professionals who aim to implement CTEM in their organizations. By the end of this training, participants will be able to: - Understand the principles and stages of CTEM. - Identify and prioritize risks using CTEM methodologies. - Integrate CTEM practices into existing security protocols. - Utilize tools and technologies for continuous threat management. - Develop strategies to validate and improve security measures continuously, ensuring alignment with public sector workflows and governance for government.

This instructor-led, live training (available online or onsite) is designed for intermediate-level cybersecurity professionals who seek to leverage DeepSeek for advanced threat detection and automation.

By the end of this training, participants will be able to:

• Utilize DeepSeek AI for real-time threat detection and analysis in their operations.
• Implement AI-driven anomaly detection methods to enhance security protocols.
• Automate security monitoring and response processes using DeepSeek technology.
• Integrate DeepSeek into existing cybersecurity frameworks for government and other public sector entities.

OpenEDR is an open-source endpoint detection and response platform designed to provide continuous telemetry, detection, and analysis of adversarial activity on endpoints. This instructor-led, live training (online or onsite) is aimed at beginner to intermediate IT and security professionals who wish to deploy, configure, and operate OpenEDR to detect and respond to cyber threats for government agencies. By the end of this training, participants will be able to: - Deploy and configure OpenEDR agents and server components for telemetry collection. - Perform basic detection and monitoring using OpenEDR dashboards and event views. - Analyze endpoint events to identify suspicious activity and potential threats. - Integrate OpenEDR alerts into incident response workflows and reporting. **Format of the Course** - Interactive lecture and discussion. - Extensive exercises and practice sessions. - Hands-on implementation in a live-lab environment. **Course Customization Options** - To request a customized training for this course, please contact us to arrange.

OpenEDR is an open-source endpoint detection and response platform that offers analytic detection with MITRE ATT&CK visibility for event correlation and root cause analysis of adversarial activity in real time. This instructor-led, live training (online or onsite) is designed for advanced-level SOC analysts, threat hunters, and incident responders who aim to design and operate threat-hunting programs using OpenEDR and map detections to the MITRE ATT&CK framework. By the end of this training, participants will be able to: - Deploy and configure OpenEDR agents and server components for telemetry collection and analysis. - Map observable endpoint telemetry to MITRE ATT&CK techniques and develop detection logic accordingly. - Design and execute threat-hunting workflows that utilize behavioral analytics and event correlation to identify adversarial activity. - Integrate OpenEDR findings into incident response playbooks and conduct root cause analysis. **Format of the Course** - Interactive lecture and discussion. - Extensive exercises and practice. - Hands-on implementation in a live-lab environment. **Course Customization Options for Government** To request a customized training for this course, please contact us to arrange.

Ransomware is a type of malicious software designed to encrypt data and extort organizations. This instructor-led, live training (available online or onsite) is targeted at intermediate-level security professionals who wish to enhance their negotiation strategies and improve their intelligence capabilities during ransomware incidents for government agencies. After completing this training, participants will be able to: - Evaluate the structure, behavior, and lifecycle of modern ransomware campaigns. - Implement proven negotiation frameworks in real-world ransomware scenarios. - Collect, analyze, and operationalize threat intelligence for robust ransomware defense. - Effectively coordinate with stakeholders, law enforcement, and external partners during an attack. **Format of the Course:** - Expert-led presentations supported by real case studies. - Interactive exercises simulating ransomware negotiations. - Hands-on practice with intelligence tools in a controlled lab environment. **Course Customization Options:** - If your organization requires a tailored version of this training, please contact us for customization options.

This instructor-led, live training in Georgia (online or onsite) is designed for advanced-level cybersecurity professionals who seek to deepen their understanding of Cyber Threat Intelligence and acquire the skills necessary to effectively manage and mitigate cyber threats for government operations.

By the end of this training, participants will be able to:

• Understand the foundational principles of Cyber Threat Intelligence (CTI).
• Assess the current landscape of cyber threats relevant to government agencies.
• Gather and process intelligence data to support decision-making.
• Conduct advanced threat analysis to identify and respond to potential risks.
• Utilize Threat Intelligence Platforms (TIPs) and automate threat intelligence processes for enhanced operational efficiency.

Detection engineering is the practice of designing, implementing, and refining methods to identify malicious behavior across systems and networks for government. This instructor-led, live training (online or onsite) is aimed at beginner-level cybersecurity practitioners who wish to gain practical skills in building and tuning security detections. Upon completion of this training, participants will have the skills needed to: - Develop effective detection rules and signatures using common security tools. - Interpret logs and telemetry to identify suspicious behaviors. - Apply threat intelligence to strengthen detection logic. - Optimize alerts and reduce false positives within a SOC workflow. **Format of the Course** - Guided instruction with practical demonstrations. - Scenario-driven exercises and hands-on analysis. - Real-world detection building within an interactive lab environment. **Course Customization Options** - If your organization requires a tailored version of this program, please contact us to discuss customization options.

The Certified Incident Handler course provides a structured approach to managing and responding to cybersecurity incidents effectively and efficiently.

This instructor-led, live training (available online or onsite) is designed for intermediate-level IT security professionals who wish to develop the tactical skills and knowledge needed to plan, classify, contain, and manage security incidents for government agencies.

By the end of this training, participants will be able to:

• Understand the incident response lifecycle and its phases.
• Execute incident detection, classification, and notification procedures.
• Apply containment, eradication, and recovery strategies effectively.
• Develop post-incident reporting and continuous improvement plans.

Format of the Course

• Interactive lecture and discussion.
• Hands-on use of incident handling procedures in simulated scenarios.
• Guided exercises focused on detection, containment, and response workflows.

Course Customization Options

• To request a customized training for this course based on your organization's specific incident response procedures or tools, please contact us to arrange.

Bug Bounty: Advanced Techniques and Automation is an in-depth exploration of high-impact vulnerabilities, automation frameworks, reconnaissance techniques, and tooling strategies utilized by top bug bounty hunters.

This instructor-led, live training (available online or on-site) is designed for intermediate to advanced security researchers, penetration testers, and bug bounty hunters who aim to automate their workflows, scale reconnaissance efforts, and uncover complex vulnerabilities across multiple targets.

By the end of this training, participants will be able to:

• Automate reconnaissance and scanning processes for multiple targets.
• Utilize cutting-edge tools and scripts for bounty automation.
• Identify complex, logic-based vulnerabilities that go beyond standard scans.
• Develop custom workflows for subdomain enumeration, fuzzing, and reporting.

Format of the Course

• Interactive lectures and discussions.
• Hands-on use of advanced tools and scripting for automation.
• Guided labs focused on real-world bounty workflows and advanced attack chains.

Course Customization Options

• To request a customized training for government or other specific contexts based on your unique bounty targets, automation needs, or internal security challenges, please contact us to arrange.

Bug Bounty Hunting is the practice of identifying security vulnerabilities in software, websites, or systems and responsibly reporting them for rewards or recognition.

This instructor-led, live training (online or onsite) is designed for government agencies and aimed at beginner-level security researchers, developers, and IT professionals who wish to learn the fundamentals of ethical bug hunting and how to participate in bug bounty programs.

By the end of this training, participants will be able to:

• Understand the core concepts of vulnerability discovery and bug bounty programs for government systems.
• Utilize key tools such as Burp Suite and browser development tools for testing applications.
• Identify common web security flaws, including XSS, SQLi, and CSRF.
• Submit clear, actionable vulnerability reports to bug bounty platforms.

Format of the Course

• Interactive lecture and discussion.
• Hands-on use of bug bounty tools in simulated testing environments.
• Guided exercises focused on discovering, exploiting, and reporting vulnerabilities.

Course Customization Options

• To request a customized training for this course based on your organization's applications or testing needs, please contact us to arrange.

This instructor-led, live training in Georgia (online or onsite) is designed for intermediate-level duty managers and operational leaders who aim to develop robust cyber resilience strategies to protect their organizations from cyber threats.

By the end of this training, participants will be able to:

• Understand the fundamentals of cyber resilience and their importance for government duty management.
• Develop comprehensive incident response plans to ensure operational continuity.
• Identify potential cyber threats and vulnerabilities within their organizational environment.
• Implement security protocols to reduce risk exposure.
• Coordinate team responses during cyber incidents and recovery processes.

This instructor-led, live training in [location] (online or onsite) is aimed at intermediate-level IT security professionals who wish to enhance their skills in security monitoring, analysis, and response for government agencies. By the end of this training, participants will be able to: - Understand the role of a Blue Team in cybersecurity operations for government. - Utilize SIEM tools for comprehensive security monitoring and log analysis. - Identify, analyze, and respond effectively to security incidents. - Conduct network traffic analysis and gather threat intelligence. - Implement best practices in security operations center (SOC) workflows for government.

This instructor-led, live training (available online or on-site) is designed for intermediate to advanced cybersecurity professionals who aim to enhance their skills in AI-driven threat detection and incident response for government. By the end of this training, participants will be able to: - Implement advanced AI algorithms for real-time threat detection. - Customize AI models to address specific cybersecurity challenges. - Develop automation workflows for efficient threat response. - Ensure the security of AI-driven tools against adversarial attacks.

This instructor-led, live training in [location] (online or onsite) is designed for beginner-level cybersecurity professionals who wish to learn how to leverage artificial intelligence (AI) for enhanced threat detection and response capabilities. By the end of this training, participants will be able to: - Comprehend AI applications in cybersecurity. - Apply AI algorithms for threat detection. - Automate incident response using AI tools. - Integrate AI into existing cybersecurity infrastructure for government.

Learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. This course is designed to help you mitigate cyberthreats using these technologies, specifically by configuring and utilizing Azure Sentinel and Kusto Query Language (KQL) for detection, analysis, and reporting. It is tailored for individuals in Security Operations roles and helps prepare learners for the exam SC-200: Microsoft Security Operations Analyst.

Audience Profile

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for government and private organizations. Their primary goal is to reduce risk by rapidly remediating active attacks, advising on improvements to threat protection practices, and referring policy violations to appropriate stakeholders. Responsibilities include threat management, monitoring, and response using a variety of security solutions across the environment. The role primarily involves investigating, responding to, and hunting for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. As these tools are critical for operational output, Security Operations Analysts are also key stakeholders in their configuration and deployment.

Job Role: Security Engineer

Preparation for Exam: SC-200

Features: None

Skills Gained

• Explain how Microsoft Defender for Endpoint can mitigate risks in your environment
• Create a Microsoft Defender for Endpoint environment
• Configure Attack Surface Reduction rules on Windows 10 devices
• Perform actions on a device using Microsoft Defender for Endpoint
• Investigate domains and IP addresses in Microsoft Defender for Endpoint
• Investigate user accounts in Microsoft Defender for Endpoint
• Configure alert settings in Microsoft Defender for Endpoint
• Explain the evolving threat landscape
• Conduct advanced hunting in Microsoft 365 Defender
• Manage incidents in Microsoft 365 Defender
• Explain how Microsoft Defender for Identity can mitigate risks in your environment
• Investigate DLP alerts in Microsoft Cloud App Security
• Explain the types of actions you can take on an insider risk management case
• Configure auto-provisioning in Azure Defender
• Remediate alerts in Azure Defender
• Construct KQL statements
• Filter searches based on event time, severity, domain, and other relevant data using KQL
• Extract data from unstructured string fields using KQL
• Manage an Azure Sentinel workspace
• Use KQL to access the watchlist in Azure Sentinel
• Manage threat indicators in Azure Sentinel
• Explain the differences between Common Event Format and Syslog connectors in Azure Sentinel
• Connect Azure Windows Virtual Machines to Azure Sentinel
• Configure Log Analytics agent to collect Sysmon events
• Create new analytics rules and queries using the analytics rule wizard
• Create a playbook to automate incident response
• Use queries to hunt for threats
• Observe threats over time with livestream

This instructor-led, live training (online or onsite) is designed for government security analysts and system administrators at the beginner to intermediate level who seek to establish a foundational understanding of Cyber Defence analysis within Security Operations Centers (SOCs).

By the end of this training, participants will be able to:

• Understand the principles of Security Management in the context of Cyber Defence.
• Execute effective Incident Response strategies to mitigate security incidents for government agencies.
• Implement Security Education practices to enhance organizational awareness and preparedness within public sector organizations.
• Manage and analyze Security Information for proactive threat identification in government environments.
• Utilize Event Management techniques to monitor and respond to security events effectively.
• Implement Vulnerability Management processes to identify and address system vulnerabilities in government systems.
• Develop skills in Threat Detection to identify and respond to potential cyber threats within government networks.
• Participate in Simulated Attacks to test and improve incident response capabilities for government operations.

The Certified Digital Forensics Examiner (CDFE) vendor-neutral certification is designed to equip Cyber Crime and Fraud Investigators with the skills necessary for electronic discovery and advanced investigation techniques. This training is essential for anyone who encounters digital evidence during an investigation. The CDFE training program instructs participants on the methodology for conducting a computer forensic examination. Students will learn to employ forensically sound investigative methods, including evaluating the scene, collecting and documenting relevant information, interviewing key personnel, maintaining chain of custody, and preparing detailed findings reports. The CDFE course is beneficial for organizations, individuals, government offices, and law enforcement agencies that are interested in pursuing litigation, proving guilt, or taking corrective action based on digital evidence. This certification supports the need for rigorous and reliable forensic practices for government and other sectors.

This course addresses the management of an incident response team, emphasizing the role of the first responder. Given the frequency and complexity of today's cyber attacks, incident response is a critical function for organizations, including those in the public sector. Incident response serves as the last line of defense, and detecting and efficiently responding to incidents necessitates robust management processes. Managing an incident response team requires specialized skills and knowledge, particularly for government agencies where governance and accountability are paramount.

This instructor-led, live training, available online or on-site, provides a comprehensive overview of enterprise security for government, encompassing topics from artificial intelligence to database protection. The course also delves into the most recent tools, procedures, and strategic thinking required to safeguard against cyber threats.

In this course, you will gain an understanding of the principles and techniques essential for digital forensics investigations and the range of available computer forensics tools. The curriculum covers core forensic procedures to ensure that evidence is admissible in court, as well as the legal and ethical considerations relevant to these processes. You will also learn how to conduct a forensic investigation on both Unix/Linux and Windows systems, including various file systems. Advanced topics such as wireless, network, web, database, and mobile crime investigations are thoroughly addressed, ensuring comprehensive preparation for government and private sector roles.

This course will immerse participants into an interactive environment where they will learn how to scan, test, hack, and secure their own systems. The lab-intensive format provides each participant with in-depth knowledge and practical experience with essential security systems currently in use. Participants will start by understanding the mechanics of perimeter defenses before progressing to scanning and attacking their own networks, ensuring no real network is compromised. They will then learn how intruders escalate privileges and the steps necessary to secure a system. The curriculum also covers Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, and Virus Creation. Upon completion of this intensive five-day course, participants will have hands-on understanding and experience in ethical hacking, specifically tailored for government applications. ### Purpose of the Ethical Hacking Training The primary objectives of the Ethical Hacking Training are to: - Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures. - Inform the public that credentialed individuals meet or exceed these minimum standards. - Reinforce ethical hacking as a unique and self-regulating profession. ### Audience This course is ideal for professionals working in positions such as, but not limited to: - Security Engineers - Security Consultants - Security Managers - IT Directors/Managers - Security Auditors - IT Systems Administrators - IT Network Administrators - Network Architects - Developers

Why Should You Attend?

The Certified Lead Ethical Hacker training course equips you with the essential expertise to conduct information system penetration tests by applying recognized principles, procedures, and techniques. This course will help you identify potential threats on computer networks and manage a penetration testing project or team effectively. During the training, you will learn how to plan and perform both internal and external penetration tests in compliance with standards such as the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). Additionally, you will gain a comprehensive understanding of drafting reports and proposing countermeasures. Through practical exercises, you will master penetration testing techniques and develop skills in managing a pentest team, customer communication, and conflict resolution.

This training provides a technical overview of information security through ethical hacking, using common methods like information gathering and vulnerability detection within and outside business networks. The course is aligned with the NICE (National Initiative for Cybersecurity Education) Protect and Defend framework, ensuring that it meets industry standards and best practices.

After acquiring the necessary knowledge and skills in ethical hacking, you can take the exam to earn the "PECB Certified Lead Ethical Hacker" credential. Holding this certificate demonstrates your proficiency in performing and managing penetration tests according to established best practices, which is crucial for government and private sector roles alike.

Who Should Attend?

• Individuals interested in IT security and ethical hacking, whether to deepen their knowledge or explore a career change.
• Information security officers and professionals seeking to master ethical hacking and penetration testing techniques.
• Managers and consultants who want to learn how to oversee the penetration testing process effectively.
• Auditors aiming to conduct professional penetration tests.
• Personnel responsible for maintaining the security of information systems in an organization.
• Technical experts looking to prepare for and execute pentests.
• Cybersecurity professionals and members of information security teams who need advanced skills for their roles.

This instructor-led, live training in Georgia (online or onsite) is aimed at computer users who wish to understand malware and take appropriate measures to minimize its threat for government systems. By the end of this training, participants will be able to: - Understand the concept of malware. - Identify the different types of malware. - Implement necessary steps to mitigate malware threats through procedural, technological, and awareness initiatives.

Format of the Course

• Interactive lecture and discussion sessions.
• Comprehensive exercises and practical activities.
• Hands-on implementation in a live-lab environment.

Course Customization Options for Government

• To request a customized training program tailored to specific agency needs, please contact us to arrange.

The Certified Ethical Hacker (CEH) certification is highly sought after in the field of cybersecurity, both domestically and internationally.

This program includes comprehensive instruction and practical exercises designed to prepare students for the CEH certification exam and the CEH Practical Exam. Successfully passing both exams confers the CEH Master credential along with the CEH certification.

Students have the option to add either the CPENT or the CHFI course to their training package.

The Certified Penetration Testing Professional (CPENT) course or the Computer Hacking Forensic Investigator (CHFI) course will be provided to each student through EC-Council’s online, self-paced, streaming video program for government use.

CPENT (Pen-test):
This course teaches students how to apply the concepts and tools covered in the CEH program to a penetration testing methodology within a live cyber range environment.

CHFI (Computer Forensics):
This course provides a methodological approach to computer forensics, including techniques for searching and seizing digital evidence, maintaining chain-of-custody, acquiring, preserving, analyzing, and reporting on digital evidence.

Course Description

The CEH program offers an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will equip you with the knowledge to understand how hackers think and operate maliciously, thereby enabling you to better secure your organization’s infrastructure and defend against future attacks. An awareness of system weaknesses and vulnerabilities helps organizations enhance their security controls and minimize the risk of incidents.

The CEH curriculum is designed to provide a hands-on environment and systematic process across each ethical hacking domain and methodology, giving students the opportunity to demonstrate the knowledge and skills necessary to earn the CEH credential. You will gain a new perspective on the responsibilities and measures required to maintain security.

Who Should Attend

• Law enforcement personnel
• System administrators
• Security officers
• Defense and military personnel
• Legal professionals
• Bankers
• Security professionals

About the Certified Ethical Hacker Master

To earn the CEH Master certification, you must pass the CEH Practical exam. The CEH Practical Exam is designed to assess students' ability to apply the principles taught in the CEH course. This practical exam requires you to demonstrate ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, and more.

The CEH Practical does not include simulations; instead, it involves challenging a live range that mimics a corporate network using live virtual machines, networks, and applications. Successfully completing the challenges in the CEH Practical Exam is the next step after obtaining the Certified Ethical Hacker (CEH) certification. Passing both the CEH exam and the CEH Practical will earn you the additional certification of CEH Master.

About the Certified Ethical Hacker Practical

To demonstrate your proficiency in ethical hacking, we assess your abilities through real-world challenges in a realistic environment. This involves using labs and tools to complete specific ethical hacking tasks within a time limit, mirroring real-world scenarios.

The EC-Council CEH (Practical) exam features a complex network that simulates a large organization’s real-life network infrastructure, including various systems such as DMZs and firewalls. You must apply your ethical hacking skills to discover and exploit live vulnerabilities while also auditing the systems.

About CPENT

EC-Council’s Certified Penetration Tester (CPENT) program focuses on penetration testing in an enterprise network environment that requires attack, exploitation, evasion, and defense. If you have experience working only in flat networks, CPENT’s live practice range will elevate your skills by teaching you to test IoT systems, OT systems, write your own exploits, build custom tools, conduct advanced binary exploitation, double pivot to access hidden networks, and customize scripts and exploits to penetrate the innermost segments of a network.

About CHFI

The Computer Hacking Forensic Investigator (CHFI) course provides a vendor-neutral perspective on digital forensics. This comprehensive program covers major forensic investigation scenarios and equips students with hands-on experience in various forensic techniques and standard forensic tools necessary for conducting successful computer forensic investigations.

This instructor-led, live training (online or onsite) is designed for information system analysts who wish to utilize MITRE ATT&CK to reduce the risk of security compromises for government operations. By the end of this training, participants will be able to: - Establish the required development environment to begin implementing MITRE ATT&CK. - Categorize how attackers interact with systems. - Document adversary behaviors within systems. - Monitor attacks, identify patterns, and evaluate existing defense tools.

This instructor-led, live training in [location] (online or onsite) is aimed at information analysts who wish to learn the techniques and processes behind social engineering to better protect sensitive information for government and other organizations. By the end of this training, participants will be able to: - Set up the necessary development environment to start creating custom security tools. - Implement strategies to covertly backdoor legitimate web applications. - Deliver malicious files disguised as common file types. - Utilize social engineering techniques to guide targets into visiting deceptive websites.