How to Become an Incident Responder

August 12, 2017 | Views: 7097

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

It’s often thought that after acquiring expensive and famous IT security certifications, you can be an Incident Responder right away. Even when someone has graduated with the highest honor, and a medal as big as a Viking’s plate, from the top 10 IT security universities in the world could not easily get into it.

To become one in my humble opinion, it takes a positive attitude and passion on both knowing defensive and offensive Cybersecurity. It is not an on-the-dot job where you sit in the office from 9am-5pm every day and wait for an attack to happen. It is an operational and proactive profession where either you detect breaches to lessen down time or prevent the zero-day attack.


Knowing all the arsenals would not mean becoming as effective as an incident responder but would definitely help for detection and threat hunting. Even though you have different SIEMS (security incident and event management systems) and a million dollar EPP (endpoint protection platforms) plus EDR (endpoint detection and response), it is not bulletproof. There is no cyber threat intelligence yet that can feed APT’s (advanced persistent threats) even though most providers have sources from the dark web.

There are too many to mention here, but it is more important to understand the Threat Modelling to be able to come up with the right solution.

But then again, I will be going back to basics where attitude and passion are the keys to becoming a true Blue Team.

Motivation and Skillset

Mindset is very important from day 0, that, in operations, time is very important since it is not a typical routine clerical job. Every day in Cybersecurity, there is something new to learn.

If your background is in Red Team, that would be useful for identifying possible attacks based on the “kill chain” and will be able to defend your turf against APT’s. While if you are a Programmer, Malware Analysis and Reverse Engineering would be easy for you when analyzing Phishing attacks against exploits and ransomware.

A former Network engineer would also be helpful in analyzing network traffic against DDOS, lateral movements, and other suspicious attacks from both outside and inside threats. And if you are a System Administrator on either Windows, Unix, or Linux then Forensics would be easy for you to handle.

What it is Not…

In some companies when they form CERT (computer emergency and response team) or DFIR (digital forensics and incident response) teams, they prefer individual members who are from different backgrounds and then create table top exercises so that all will be ready and efficient when real attacks occur.

IR is not a 24×7 monitoring, it’s SOC’s (security operation center) job. They are exclusive so to speak. There is an overlapping with the SOC but just on the basic tasks. Hence remaining is an advance, with broader knowledge and understanding on different Cyber threats.


When I am to ask if what skills or tools needed to become an Incident Responder, I would stick to what I have mentioned in my previous Cyberblog (Is SOC an IR or IR is SOC?); Networking, Systems Administration, and Scripting/Programming are the recipes of becoming a successful Cybersecurity professional.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. It’s really an awesome article.

    Thak you STRAINER

  2. I am glad you mentioned mindset. That is one thing that I am always stressing to anyone that I am mentoring or that asks about cyber security. A security mindset is the rarest of all types. There are so many aspects or facets to it, and technology knowledge is one small part. The mindset is what will keep most analyst as analysts and not true Incident Response.
    Great article!

    • KLeBlanc > thank you so much for liking my article. Though there is an update on this, I don;t know how to modify it but I am very much thankful for your kind thoughts. Godspeed!

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?