Learning Path

CertNexus CyberSec First Responder

Learn a comprehensive methodology for defending the cybersecurity of organizations.

What you will learn

This learning path covers network defense and incident response methods, tactics, and procedures in alignment with industry frameworks such as NIST 800-61 r.2 (Computer Security Incident Handling), US-CERT’s NCIRP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is ideal for candidates who have been tasked with the responsibility of monitoring and detecting security incidents in information systems and networks, and for executing standardized responses to such incidents. The path introduces tools, tactics, and procedures to manage cybersecurity risks, identify various types of common threats, evaluate the organization’s security, collect and analyze cybersecurity intelligence and remediate and report incidents as they occur.

Ready to take the CertNexus Cyber First Responder® CFR-310 exam? Save 10% by using code VXH93HF4A when purchasing their CertNexus exam voucher here.

After purchasing the exam voucher, you will receive an email with info regarding how to register for and schedule your exam at a Pearson VUE testing center or virtual proctoring platform, OnVUE.

Wistia video thumbnail


CyberSec First Responder Introduction

Course — 00:04:16

K0004, K0233

This course provides a brief overview of CertNexus CyberSec First Responder certification objectives.

Assessing Information Security Risk

Course — 01:44:48

K0002, K0004, K0048, K0149, K0154, K0165, K0169, K0233, K0263, K0379, K0455, K0527

This course teaches how to Identify the strategic value of risk management in the context of information assurance, assess risks that affect the organization, translate risk assessment into specific strategies for mitigation, and integrate documentation into risk management.

Analyzing the Threat Landscape

Course — 00:34:01

K0004, K0165, K0177, K0233, K0362, K0455, K0469, K0474, K0475, K0480, K0543, K0603, K0607, K0612, S0228, S0229, S0256, S0258, S0340

This course teaches how to compare, contrast, and categorize cybersecurity threats and threat profiles and perform ongoing threat landscape research to prepare for incidents.

Analyzing Reconnaissance Threats to Computing and Network Environments

Course — 00:34:11

K0004, K0058, K0165, K0177, K0334, K0362, K0474, K0475, K0480, K0603, K0612, S0046, S0056, S0156, S0228, S0229, S0256, S0258, S0340

This course teaches how to implement threat modeling tools and tactics and assess the impacts of reconnaissance and social engineering.

Analyzing Attacks on Computing and Network Environments

Course — 01:07:00

K0004, K0005, K0006, K0009, K0058, K0070, K0119, K0165, K0177, K0334, K0362, K0474, K0475, K0480, K0603, K0612, K0624, S0056, S0228, S0229, S0256, S0258, S0340

This course teaches how to assess the impact of various attacks, including system hacking attacks, threats to web apps and services, malware, hijacking and impersonation attacks, denial of service incidents, and threats to mobile and cloud infrastructures.

Analyzing Post-Attack Techniques

Course — 00:46:20

K0004, K0005, K0006, K0119, K0177, K0184, K0362, K0447, K0449, K0469, K0474, K0475, K0480, K0536, S0228, S0229, S0293

This lesson teaches how to assess various post-attack techniques, including command and control, persistence, lateral movement and pivoting, data exfiltration, and anti-forensics techniques.

Managing Vulnerabilities in the Organization

Course — 00:29:08

K0004, K0005, K0006, K0009, K0013, K0040, K0070, K0106, K0147, K0165, K0177, K0339, K0362, K0474, K0475, K0480, K0624, S0001, S0051, S0081, S0137, S0141, S0167, S0228, S0229, S0242

This course teaches how to implement a vulnerability management plan, assess common vulnerabilities in the organization, and conduct vulnerability scans.

Implementing Penetration Testing to Evaluate Security

Course — 00:24:14

K0004, K0005, K0009, K0013, K0040, K0070, K0147, K0165, K0177, K0310, K0314, K0339, K0342, K0362, K0480, K0624, S0001, S0051, S0081, S0137, S0141, S0167, S0228, S0242

This course teaches how to conduct authorized penetration tests to evaluate the organization’s security posture and analyze and report the results of a penetration test and make mitigation recommendations.

Collecting Cybersecurity Intelligence

Course — 00:43:57

K0004, K0040, K0131, K0165, K0177, K0339, K0352, K0358, K0388, K0409, K0457, K0460, K0462, K0464, K0480, K0503, K0525, K0544, K0577, S0167, S0210, S0212, S0228, S0247, S0256, S0303, S0316, S0318, S0335, S0339, S0340, S0343, S0372

This course teaches how to design and implement a system of cybersecurity intelligence collection and analysis and collect data from network-based and host-based intelligence sources.

Analyzing Log Data

Course — 00:30:20

K0004, K0058, K0119, K0229, K0334, K0363, K0480, S0005, S0056, S0120

This course teaches how to analyze a wide array of log data by using common Windows- and Linux-based security tools and incorporate a SIEM system into the analysis process.

Performing Active Asset and Network Analysis

Course — 00:53:55

K0004, K0058, K0324, K0334, K0339, K0449, K0480, S0056, S0081, S0181, S0187, S0194, S0197, S0218, S0277, S0288, S0359

This course teaches how to analyze incidents with Windows- and Linux-based tools, use methods and tools for malware analysis, and analyze common indicators of potential compromise.

Responding to Cybersecurity Incidents

Course — 00:47:56

K0001, K0003, K0004, K0006, K0041, K0042, K0150, K0161, K0162, K0179, K0231, K0259, K0287, K0292, K0317, K0343, K0381, K0399, K0480, K0519, K0543, K0586, S0003, S0054, S0077, S0078, S0080, S0173, S0175, S0365

This course teaches how to design and implement a system to respond to urgent situations by mitigating immediate and potential threats, contain and mitigate incidents using various methods and devices, and prepare to move from the incident response phase to the post-mortem forensic investigation phase.

CertNexus CyberSec First Responder Practice Exam

Assessment — 41 questions — 00:20:30

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every lnfosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

You're in good company


We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus


This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson


We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client