CoachnestCoachnest
Sign InGet Started
Back to course

Complete Cybersecurity Bootcamp: Defend, Detect & Respond

…
—
Contents
1

What Is Cybersecurity & Why It Matters

Reading14mFree
2

The CIA Triad & Core Security Principles

Reading16mFree
3

Threat Actors, Motivations & the Attack Surface

Reading14m
4

Setting Up a Safe, Legal Practice Lab

Reading12m
5

Security Domains & Career Paths Overview

Video15m
6

Chapter 1 — Quiz

Quiz10m
7

TCP/IP, the OSI Model & How Data Travels

Reading18m
8

Common Protocols & Their Weaknesses

Reading16m
9

Firewalls, IDS/IPS & Network Segmentation

Reading16m
10

VPNs, TLS in Transit & Secure Remote Access

Reading14m
11

Reading Network Traffic with Wireshark

Video17m
12

Chapter 2 — Networking Quiz

Quiz12m
13

Symmetric vs Asymmetric Encryption

Reading16m
14

Hashing, Salting & Password Storage

Reading16m
15

Digital Signatures, Certificates & PKI

Reading16m
16

Crypto in Practice & Common Mistakes

Reading14m
17

How HTTPS & TLS Work — Visual Walkthrough

Video15m
18

Chapter 3 — Cryptography Quiz

Quiz12m
19

Linux Security Fundamentals & Hardening

Reading18m
20

Windows Security & Active Directory Basics

Reading16m
21

Endpoint Protection: Antivirus, EDR & Application Control

Reading14m
22

Data Protection, Backups & Ransomware Resilience

Reading14m
23

Hardening a Linux Server — Demo

Video16m
24

Chapter 4 — Endpoint Security Quiz

Quiz12m
25

How the Web Works & The HTTP Request Lifecycle

Reading16m
26

Injection Attacks: SQL Injection & Command Injection

Reading18m
27

Broken Access Control & Authentication Failures

Reading16m
28

Cross-Site Scripting (XSS), CSRF & Security Headers

Reading18m
29

Finding Web Vulnerabilities Safely — Demo

Video17m
30

Chapter 5 — Web Security Quiz

Quiz12m
31

Authentication Factors, MFA & Passwordless

Reading16m
32

OAuth 2.0, OpenID Connect, SAML & JWTs

Reading18m
33

Access Control Models: RBAC, ABAC & Least Privilege

Reading16m
34

Identity Threats: Phishing & Social Engineering

Reading14m
35

Setting Up MFA & SSO — Walkthrough

Video14m
36

Chapter 6 — Identity & Access Quiz

Quiz12m
37

Malware Taxonomy: Viruses, Worms, Trojans & Ransomware

Reading16m
38

The Cyber Kill Chain & MITRE ATT&CK

Reading16m
39

Network Attacks: DoS/DDoS, MITM & Sniffing

Reading14m
40

Vulnerability Management & Penetration Testing

Reading16m
41

Understanding the MITRE ATT&CK Framework — Overview

Video15m
42

Chapter 7 — Threats & Attacks Quiz

Quiz12m
43

The SOC, SIEM & Log Management

Reading16m
44

Detection, Threat Hunting & Threat Intelligence

Reading16m

The Incident Response Lifecycle

Reading18m
46

Digital Forensics Fundamentals

Reading14m
47

Inside a SOC: Analyst Workflow — Walkthrough

Video16m
48

Chapter 8 — SecOps & IR Quiz

Quiz12m
49

Cloud Security & the Shared Responsibility Model

Reading16m
50

Container & Kubernetes Security

Reading16m
51

DevSecOps: Shifting Security Left

Reading16m
52

Secure SDLC & Threat Modeling

Reading14m
53

Securing a CI/CD Pipeline — Demo

Video15m
54

Chapter 9 — Cloud & DevSecOps Quiz

Quiz12m
55

Risk Management Fundamentals

Reading16m
56

Security Frameworks, Standards & Compliance

Reading16m
57

Security Awareness, Policy & the Human Factor

Reading14m
58

Cybersecurity Careers, Certifications & Next Steps

Reading16m
59

Cybersecurity Career Roadmap — Overview

Video14m
60

Chapter 10 — GRC & Careers Quiz

Quiz12m
←→navigate lessons
Chapter 8 of 10·Chapter 8 — Security Operations, Monitoring & Incident Response
Lesson 45 of 60Reading18 min

The Incident Response Lifecycle

The Incident Response Lifecycle¶

When detection fires, incident response (IR) kicks in. A calm, practiced process is the difference between a contained event and a catastrophe.

The NIST IR Lifecycle¶

1. Preparation 2. Detection & Analysis 3. Containment, Eradication & Recovery 4. Post-Incident Activity (Lessons Learned) ↺ feeds back into Preparation

1. Preparation (before anything happens)¶

  • An IR plan and playbooks for common scenarios.
  • A defined IR team with roles and contacts.
  • Tools, logging, and access ready in advance.
  • Training and tabletop exercises — practice under calm conditions.

The work you do before an incident determines how well you handle it. You can't write the plan during the fire.

2. Detection & Analysis¶

  • Validate the alert: is it a real incident or a false positive?
  • Determine scope and severity (what/who is affected).
  • Classify and prioritize. Begin documenting a timeline immediately.

3. Containment, Eradication & Recovery¶

Containment — stop the bleeding:

  • Short-term: isolate affected hosts, block C2, disable compromised accounts.
  • Long-term: temporary fixes to keep operating while you clean up.

Eradication — remove the threat: delete malware, close the vulnerability, reset credentials.

Recovery — restore to normal: rebuild from known-good, restore data, monitor closely for recurrence before declaring "all clear."

4. Post-Incident (Lessons Learned)¶

  • A blameless post-mortem: what happened, what worked, what didn't.
  • Concrete improvements: new detections, control gaps, plan updates.
  • The goal is learning, not blame — blame drives people to hide problems.

Preserve Evidence¶

During containment, preserve forensic evidence — don't power off a machine (memory is lost); capture memory and disk images first if investigation/legal action is likely. Maintain chain of custody.

Roles, Communication & Legal¶

  • Designate an incident commander to coordinate.
  • Plan internal and external communications in advance (legal, PR, customers).
  • Know your regulatory notification deadlines (e.g., GDPR's 72-hour breach notification).
  • Engage legal/compliance early for reportable incidents.

Key Metrics¶

  • MTTD — Mean Time to Detect.
  • MTTR — Mean Time to Respond/Recover.

Driving these down is the SOC's north star — speed limits the damage an attacker can do.

Previous

Detection, Threat Hunting & Threat Intelligence

Next

Digital Forensics Fundamentals

Use ← → arrow keys to navigate between lessons