The eCIR is a certification for individuals with highly technical understanding of networks, systems and cyber attacks. Everyone can attempt the certification exam, however here are the advised skills to possess for a successful outcome:

  • Understanding a letter of engagement and the basics related to an Incident Response engagement
  • Deep understanding of networking concepts
  • Knowledge of Incident Response processes and methodologies
  • Good knowledge of packet/traffic analysis
  • Ability in correlating events and logs
  • Familiarly with tools such as Wireshark, ELK & Splunk
  • Good understanding of attacker Techniques, Tactics & Procedures
  • Good knowledge on how to detect all stages of the “Cyber Kill Chain”
  • Familiarity with ELK and Splunk searches
  • Ability in effectively analyzing thousands of events within a SIEM
  • Good understanding of Windows (and Sysmon) events
  • Attacker activity detection through process analysis
Go to top of page