There are a lot of tools to learn in the cybersecurity trade. There are a lot of sources willing to teach you about those tools. There are not many people interested in teaching you how to think like an analyst.
I just finished the 3rd course in my Chris Sanders’ Applied Network Defense trilogy: Investigation Theory. Before this course, I’d taken and reviewed Chris’ Effective Information Security Writing and Practical Packet Analysis.
Investigation Theory is a course designed to help an analyst develop a mindset to investigate any type of security event or alert. The course is built to take roughly 10 weeks and you can pace yourself to finish faster or slower. Although it is offered fully online, Chris organizes the course so that a new group starts it together every few months. The benefit of this is that no only do you have the ability to interact with the instructor Chris Sanders in the online course board, you also have the opportunity to post thoughts to and respond to questions from other students. I definitely took something away from reading other students’ answers to Chris’s posted questions at the end of many lectures.
In addition to lectures, the course includes student community discussion, recommended reading, bonus lectures, and interactive investigation labs.
Nothing helps ideas stick better than hands-on practice.
The labs were challenging. I had to try most of them several times before I submitted the correct answer. But I learned ideas of questions to ask and places to look for leads to those answers.
One of my favorite sections in the Investigation Theory course was built around explaining the value provided by different types of analysis data. It focused on the likely available sources in an investigation like packet captures, netflow data, IDS alerts, OSINT, and an armful of different log types. The lecture described the pros and cons of the source and highlighted opportunities to aggregate and pivot on data attributes provided.
I’m proud to have finished this course. I would recommend it. It is less technically specific than Practical Packet Analysis, but it is full of insights that will work for a security analyst no matter what tools and tactics you have experienced.
You can a course description, pricing, and registration information at the Applied Network Defense site.