SNS I515 Active Defense and Incident Response - GIAC Response and Industrial Defense GRID
 
Course Description
This course trains defenders to detect and respond to attacks targeting industrial control systems and operational technology environments. Learners apply active defense principles to build situational awareness, identify threat driven activity, and execute effective incident response actions that protect critical infrastructure and maintain operational continuity.
 
What You Will Learn
Map industrial assets, data flows, and trust boundaries to identify likely attack paths
Implement anomaly detection and continuous monitoring within ICS and OT networks
Detect and analyze malicious activity targeting industrial environments
Conduct forensic analysis of ICS specific malware and intrusion artifacts
Integrate threat intelligence into industrial detection and response workflows
Coordinate response actions across IT and OT teams during incidents
 
Who This Course Is For
This course is designed for OT security professionals, incident responders, industrial engineers, SOC analysts, threat hunters, and security practitioners responsible for defending and responding to attacks against industrial and critical infrastructure systems.
 
Hands On Training Experience
Learners complete extensive hands on labs that simulate real world ICS and OT attack scenarios. Exercises include malware analysis, packet inspection, anomaly detection, and incident containment activities that mirror operational environments and adversary behavior.
 
Course Outcomes
Build resilient active defense strategies for industrial environments
Reduce operational downtime through proactive detection and response
Improve coordination between IT and OT incident handling teams
Strengthen compliance with industrial cybersecurity standards and frameworks