Cyber Fire Foundry's mission is to train entry to advanced analysts in forensic incident response techniques.
Graduates of Cyber Fire Foundry are prepared to investigate forensic evidence of malware intrusion and exfiltration, efficiently coordinate with other incident responders, effectively communicate findings, and have an understanding of forensic incident response concepts that transcends any specific tool.
Cyber Fire Foundry is typically a 5-day event, consisting of 2 days of classes, 2 days of reinforcing exercises, and a final day of briefings.
Friday: Briefings and workshops
The final day of the event features briefings of interest to cybersecurity analysts, and birds-of-a-feather meetings for like-minded participants to reinforce new professional contacts and discuss common challenges and how to meet them.
More than 1,000 people have participated in Cyber Fire since 2009. The professional relationships forged at Fire events have led to multiple, successful cross-site incident response teams and have set the stage for programs. Participants make an average of five new professional contacts in a setting where “professional contact” means “we spent 16 hours working on technical challenges.” The quality of Cyber Fire Classes and Puzzles consistently ranks around 4.5 out of 5 in post-event surveys.
Cyber Fire Incident Response Model
We teach Incident Response as an organizational pyramid, with three base skills that all interact with one another:
- Network Archaeology
- Host Forensics
- Malware Analysis
At the top of the pyramid is Incident Coordination, which oversees and interacts with all three, as well as acts as the communications point for the entire team with the outside world.