Investigation Theory: The Mind of an Analyst
- March 20th SOLD OUT
- June 5th (Registration Deadline: 5/31)
My name is Chris Sanders, and I’m a security analyst. When I first started out, learning how to investigate threats was challenging because there was no formal training available. Even in modern SOCs today, most training is centered around specific tools and centers too much around on the job training. There has never been a course dedicated exclusively to the fundamental art and science of the investigation process…until now.
If you’re a security analyst responsible for investigating alerts, performing forensics, or responding to incidents then this is the course that will help you gain a deep understanding how to most effectively catch bad guys and kick them out of your network. Investigation Theory is designed to help you overcome the challenges commonly associated finding and catching bad guys.
- I’ve got so many alerts to investigate and I’m not sure how to get through them quickly.
- I keep getting overwhelmed by the amount of information I have to work with an investigation.
- I’m constantly running into dead ends and getting stuck. I’m afraid I’m missing something.
- I want to get started threat hunting, but I’m not sure how.
- I’m having trouble getting my management chain to understand why I need the tools I’m requesting to do my job better.
- Some people just seem to “get” security, but it just doesn’t seem to click for me.
Investigation Theory is not like any online security training you’ve taken. It is modeled like a college course and consists of two parts: lecture and lab. The course is delivered on-demand so you can proceed through it at your convenience. However, it’s recommended that you take a standard 10-week completion path, or an accelerated 5-week path. Either way, there are ten modules in total, and each module typically consists of the following components:
- 1 Core Lecture: Theory and strategy is discussed in a series of video lectures. Each lecture builds on the previous one.
- 1 Bonus Lecture: Standalone content to address specific topics is provided in every other module.
- 1 Reading Recommendation: While not meant to be read on pace with the course, I’ve provided a curated reading list along with critical questions to consider to help develop your analyst mindset.
- 1 Quiz: The quiz isn’t meant to test your knowledge, but rather, to give you an opportunity to apply it to reinforce learning through critical thinking and knowledge retrieval.
- 1 Lab Exercise: The Investigation Ninja system is used to provide labs that simulate real investigations for you to practice your skills.
Investigation Ninja Lab Environment
This course utilizes the Investigation Ninja web application to simulate real investigation scenarios. By taking a vendor agnostic approach, Investigation Ninja provides real world inputs and allows you to query various data sources to uncover evil and decide if an incident has occurred, and what happened. You’ll look through real data and solve unique challenges that will test your newly learned investigation skills. A custom set of labs have been developed specifically for this course. No matter what toolset you work with in your SOC, Investigation Ninja will prepare you to excel in investigations using a data-driven approach.
Get stuck in a lab? I’m just an e-mail away and can help point you in the right direction. Enjoy the labs and want to go farther? You can purchase additional access to more labs, including our upcoming “Story Mode” where you create a character and progress through eight levels of investigation scenarios while trying to attain the rank of Investigation Ninja!
This isn’t a typical online course where we just give you a bunch of videos and you’re own your own. The results of your progress, quizzes, and labs are reviewed by me and I provide real time feedback as you progress. I’m available as a resource to answer questions throughout the course.
- Metacognition: How to Approach an Investigation
- Evidence: Planning Visibility with a Compromise in Mind
- Investigation Playbooks: How to Analyze IPs, Domains, and Files
- Open Source Intel: Understanding the Unknown
- Mise en Place: Mastering Your Environment with Any Toolset
- The Timeline: Tracking the Investigation Process
- The Curious Hunter: Finding Investigation Leads without Alerts
- Your Own Worst Enemy: Recognizing and Limiting Bias
- Reporting: Effective Communication of Breaches and False Alarms
- Case Studies in Thinking Like an Analyst
Plus, several bonus lectures!
Introductory pricing for the course and lab access are $597 for a single user license. Discounts are available for multiple user licenses where at least 10 seats are purchased (please contact me to discuss payment). A portion of the purchase price will go to support multiple charities including the Rural Technology Fund, the Against Malaria Foundation, and others.
- 6-mo Access to Course Videos and Content
- 6-mo Access to Investigation Ninja
- A Certification of Course Completion
- Continuing Education Credits (CPEs/CEUs)
Sign Up Now!
This course is only taught periodically and space is limited.
Spring 2017 Session 1 – Beings January 9th SOLD OUT Spring 2017 Session 2 – Begins March 20 SOLD OUT
Summer 2017 Session – Begins June 5 (Registration Deadline 5/31)
Effective Information Security Writing
I used to hate writing. I got into security because I wanted to catch bad guys and break into things – not because I liked writing reports. I eventually learned that writing is an important part of every security job, and I embraced it. Fifteen years later, I’ve written five books and more security reports than I can count. During this time, I learned that effective writing in security is rare, but when done correctly, it’s one of the best tools in your arsenal.
Effective writing can be a tool that helps you advance your career, set yourself apart from your peers, get more business, and justify resources you need to make your network secure. What I’ve learned, however, is that good writing isn’t about grammar or the things you learned in fourth grade English. Good writing is about understanding your audience, being persuasive, and using a repeatable system that helps you achieve your goals. Effective Information Security Writing is the only online course dedicated to helping you become better at achieving your goals by using writing as a tool in your arsenal.
Whether you struggle with writing and you’re looking for a way to get better at it, or if you’re just looking to take your writing to the next level, you’ll find it in this course. You’ll learn:
- My repeatable system for faster, more effective information security writing.
- Techniques to bridge the gap between technical and non-technical audiences.
- How to tell a story and make your reader empathize with your needs.
- The critical components of a penetration testing report and how to write one so that network owners will finally take your findings and recommendations to heart.
- How to write compromise reports that aren’t boring, and help stakeholders understand the scope of an attack that has occurred.
- How to write more effective short-form communication, including e-mails, case notes, and chat messages.
I’ll also provide templates I use for writing penetration testing reports, case notes, and compromise reports. You’re free to use these as they are, or combine them with your current template. These are templates with a purposeful structure I’ve refined over many years.
The Effective Information Security Writing course is delivered using video lectures that are online and on-demand so you can proceed through it at your convenience. Once registered, you’ll be given immediate access and will have that access for three months. The course also includes a discussion forum where you can ask questions and share tips and tricks with other students. The estimate time to complete the course is ~5 hours.
This course has no prerequisites. It is delivered in English.
* Subject to change as things are added
Module 1: Telling a Story
- My system for effective writing
- Elements of a story
- Theme and plot in security
- The process of writing
Module 2: Writing Penetration Testing Reports
- Preparing for writing while performing the assessment
- Assessment report structure
- Describing findings and recommendations
- Going to extra mile to deliver value with pen test reports
Module 3: Forensic Writing
- A formula for writing case notes
- Compromise assessment structure
- Malware analysis report structure
Module 4: Most Common Writing Mistakes
- Aimless writing and how to recognize it
- Zombie words
- Common language mistakes
- Active vs. Passive voice
- Highlighting technical deficiencies without talking down to people
- Recognizing and eliminating unnecessary words
- Supporting conclusions with evidence
Introductory pricing for the course and lab access are $97 for a single user license. Site licenses are available for organizations that want to train their entire staff (please contact me to discuss payment). A portion of the purchase price will go to support multiple charities including the Rural Technology Fund, the Against Malaria Foundation, and others.
- 3 month access to course video lectures
- Multiple report templates you can start using immediately, without restriction
- A Certification of Course Completion
- Continuing Education Credits (CPEs/CEUs)
Sign Up Now!
This course is open continuously starting on March 7th. Register any time.