Certified CyberDefender (CCD)

Certified CyberDefender is a vendor-neutral, hands-on cyber defense training and certification. This course will jumpstart and empower those on their way to becoming the next generation of SOC analysts, blue teams, and security engineers.

We currently accept candidates for the beta run at a 50% discount. Beta students get an exclusive opportunity to work directly with us to test drive the content, labs, and exam and become one of the first few certified CyberDefenders 🛡️ 🔥. Limited number of beta seats...first come, first served.
Enroll now. Use promo code "Beta0275" to apply a $400 discount!


Are you looking for a quick and effective way to acquire modern real-world CyberDefense skills and be a competent security analyst, engineer, or blue teamer?

This course introduces students to real-world threats defenders experience in their networks and the tools used to defend against these threats. It provides the essential foundation of modern cyber defense operations. Students will learn the inner working of the three core pillars of CyberDefense; prevention, detection, and response. In addition, how to defend an enterprise using essential blue team incident response tools and techniques. The course focuses on CyberDefense techniques that are:

  • Applicable; realistic, and can be applied to most organizations.
  • Lean: achieves better results with minimal effort.
  • Impactful: has a bigger impact on security and significantly enhances overall security posture.

In other words, things that the majority of defenders can smoothly apply to get security off the ground and maintain a reasonable level of cyber hygiene.


Who is this training for?

This training is for aspiring SOC analysts, blue teams, incident responders, and forensic analysts who want to learn the essential skills of CyberDefense; prevention, detection, and response.

Course objectives:

  • Minimize attack surface.
  • Engineer a solid detection functionality.
  • Prepare SOC analysts with tools, techniques, and knowledge to perform their job efficiently.
  • Perform efficient threat hunting.
  • Prioritize what to work on to achieve a better return on investments.
  • Develop a solid analytical, problem-solving and persistent mindset.



  • Chiheb Chebbi is the course lead instructor and a BlackHat speaker with core interests in incident response, threat hunting, cloud security, and detection engineering. He spent the past years investigating advanced cyber attacks and researching cyber espionage, and APT attacks. He authored multiple security books, such as Mastering Machine Learning for Penetration Testing and Advanced Infrastructure Penetration Testing, and was awarded the Microsoft Most Valuable Professional (MVP) for his contributions.
  • Muhammad Alharmeel is a CyberDefense consultant with 15+ years of experience. He helped multiple organizations improve their security, performed numerous security assessments, and responded to attacks for clients in government, financial, high technology, healthcare, and other industries. He holds multiple hands-on respected certifications within defensive and offensive domains, such as the prestigious GIAC Security Expert, Offensive Security Certified Expert OSCE, and the Certified Information Security Manager - CISM designation.
  • Ahmed Shawky is a Lead ThreatHunter @IBM and application security expert with a high commitment to open-source. He authored multiple SOC-related tools, such as Detection Lab ELK and Mail Header Analyzer, and is a big fan of Detection Engineering & SecOps automation.


  • Module 1: Security Operation (SecOps) Fundamentals
    • SOC Overview
    • SOC components - tools and technologies
    • SOC components - people
    • SOC components - processes
    • Labs:
      • Microsoft Defender for cloud
      • OSSEC Host Intrusion Detection System (HIDS)
      • Nessus for vulnerability assessment
      • Microsoft Sentinel SIEM / SOAR
      • Canary tokens
  • Module 2: Incident Response
    • IR Overview
    • Preparation
    • Detection and analysis
    • Containment
    • Eradication
    • Recovery
    • Post-incident activities
    • Labs:
      • Suricata - network detection
      • C2 traffic detection with RealIntelligenceThreatAnalytics (RITA)
      • Application detection - web shells
      • Sysmon: endpoint perimeter/system detection
      • Velociraptor - enterprise incident response
  • Module 3: Threat Intelligence
    • Introduction
    • Collection and storage
    • Modeling and analysis
    • MITRE ATT&CK for CTI
    • Attribution and Intel Sharing
    • Labs:
      • Shodan open source intelligence
      • IOC extraction
      • OpenCTI: open cyber threat intel platform
      • Threat profiling using MITRE ATT&CK Navigator
      • MISP: malware information sharing platform
  • Module 4: Digital Forensics
    • Introduction
    • Data acquisition
    • Windows forensics
    • Linux forensics
    • Memory forensics
    • Network forensics
    • Labs:
      • Evidence collection (memory, triage, and disk images)
      • Windows forensics investigation case
      • Linux forensics investigation case
      • Memory forensics investigation case
  • Module 5: Threat Hunting and Emulation
    • Introduction
    • Tools and technologies
    • Security information and event management SIEM
    • Network-level threat hunting
    • Endpoint-level threat hunting
    • Application-level threat hunting
    • Threat emulation
    • Labs:
      • Elastic SIEM
      • Network hunting case
      • Endpoint hunting case
      • Application hunting case
  • Module 6: Perimeter Defense - Email Security
    • Spoofing threats and defenses
    • Attachments threats and defenses
    • URLs threats and defenses
    • Extra mile controls
    • Labs:
      • SPF, DKIM, and DMARC deployment
      • GoPhish phishing simulator
      • Detecting phishing attacks using Canarytokens



  • Solid understanding of Windows and Linux operating systems
  • Reasonable research and problem-solving skills.
  • Familiarity with basic entry-level technology, networks, and security concepts.
  • Access to an enterprise environment is a plus.

Get Certified

No fluff! The course is straightforward, focused, and to the point, ensuring that every explained topic can be practically applied in your work environment. Challenge the exam after completing the course to validate your knowledge.




3 days 100% Money Back Guarantee

If you are not satisfied for ANY reason, simply request a refund, and we will return your money.  No questions asked!  

Frequently Asked Questions (FAQ)

Two exam attempts. You can purchase additional exam attempts, though.

The exam is 100% practical scenarios (e.g., intrusion analysis and digital forensics).

70% is the minimum score to pass the exam.

All Beta candidates get 8 months of access to course materials, unlike future students (stable release) who will have 4 months only. All Beta candidates will have access to the latest up-to-date, stable release.

No. Course labs are cloud-based, and you can start/stop anytime. No need to set up anything on your side. Don't worry about labs...it's the most convenient, realistic, and exciting part of the course.

We admit that CCD is a relatively new cert. However, we are 100% confident of the quality and effort we have put into it. In particular, the realistic application and practicality of what students learn, which comes from what we have seen in big enterprises and service providers. Give it some time, and get back to this later!

We can speak only for ourselves. Please check the course syllabus, details, depth, and instructors and see if it meets your expectations.

Yes, Credly badges will be awarded to certified cyberdefenders and an electronic PDF certificates.

We might consider printed certificates and coins, but no guarantee. Our core focus is on the skills you can utilize right away. Having a coin/printed cert is nice and shiny, but it's not something you can take with you in a real-world investigation or a job interview! That was one reason behind our Motto, 'Less Hype, More Value'....we hope you perceive us as a mindset changer.

Yes we do. The next run is at BlackHat 2022

The 50% beta discount is available for beta candidates only and will expire once the beta period ends. Unfortunately, we cannot enroll everybody in beta. A limited number of beta seats...first come, first served.