Proactive First Response


A two day course designed to familiarize IT professionals with the knowledge to respond to cyber-security incidents

The role of an on-site first responder is critical to the success of any Incident Response investigation.

This course trains your staff to quickly contain an incident and to make appropriate decisions based on the potential severity of the impact to your business. Proficient application of the principles taught in this training significantly reduces the risk associated to a compromise and increases the success of later investigative activity.

Course Highlights

  • You will gain an in-depth understanding of the Incident Response process and the lifespan of an incident.
  • You will learn to make critical decisions that will affect the business continuity of your network estate.
  • You will learn the technical skills required to support the incident investigation (disk and memory acquisition, network capture and triaging).
  • You will understand the process and importance of evidence tracking and handling throughout an incident.

Key Topics

  • Introduction to Key Principles
  • Incident Response
  • Policies and Procedures
  • Data Acquisition
  • Analysis & Triaging

Benefits to your organization

  • Ensure you are prepared to respond effectively to incidents threatening your organization, reducing response times and increasing the ability of your business to survive an attack.
  • Maximize the value of an investigation – having first responders who can perform the acquisition tasks allows experienced investigators to conduct analysis and investigate much sooner.
  • Reduce the impact of an attack – time is of the essence when there is an active threat actor in your network estate, your first responders can greatly reduce the time during which hostiles remain in control and ensure optimum containment and remediation.

Who should attend?

The training is aimed at IT staff who are on the frontlines defending their systems and responding to attacks.

First responder training does not require any prior knowledge of digital forensics or cyber-security techniques but does require a user-level proficiency with the basics of UNIX/Windows systems and network fundamentals.


Download the Proactive First Response Brochure below for the full syllabus




MWR IR Training Course Brochure ONLINE


Interested in our Proactive First Response course?

Enter your details below and a member of the team will contact you with more information and to find out what your requirements are:

In house courses

We also offer in-house courses for up to 50 members of your staff, which can be customized to suit your unique requirements.

For private courses in the UK, call +44 (0)1256 300 920.

For private courses in South Africa, call +27 (0)10 100 3157.

For private courses in the US, call +1-888-742-9528.

You can also send us a message and we will get back to you to discuss your requirements.

Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.