Certified CyberDefender (CCD)

Certified CyberDefender is a vendor-neutral, hands-on cyber defense training and certification. This course will jumpstart and empower those on their way to becoming the next generation of SOC analysts, blue teams, and security engineers.


Are you looking for a quick and effective way to acquire modern real-world CyberDefense skills and be a competent security analyst, engineer, or blue teamer?

This course introduces students to real-world threats defenders experience in their networks and the tools used to defend against these threats. It provides the essential foundation of modern cyber defense operations. Students will learn the inner working of the three core pillars of CyberDefense; prevention, detection, and response. In addition, how to defend an enterprise using essential blue team incident response tools and techniques. The course focuses on CyberDefense techniques that are:

  • Applicable; realistic, and can be applied to most organizations.
  • Lean: achieves better results with minimal effort.
  • Impactful: has a bigger impact on security and significantly enhances overall security posture.

In other words, things that the majority of defenders can smoothly apply to get security off the ground and maintain a reasonable level of cyber hygiene.


Who is this training for?

This training is for aspiring SOC analysts, blue teams, incident responders, and forensic analysts who want to learn the essential skills of CyberDefense; prevention, detection, and response.

Course objectives:

  • Minimize attack surface.
  • Engineer a solid detection functionality.
  • Prepare SOC analysts with tools, techniques, and knowledge to perform their job efficiently.
  • Perform efficient threat hunting.
  • Prioritize what to work on to achieve a better return on investments.
  • Develop a solid analytical, problem-solving and persistent mindset.



  • Chiheb Chebbi is the course lead instructor and a BlackHat speaker with core interests in incident response, threat hunting, cloud security, and detection engineering. He spent the past years investigating advanced cyber attacks and researching cyber espionage, and APT attacks. He authored multiple security books, such as Mastering Machine Learning for Penetration Testing and Advanced Infrastructure Penetration Testing, and was awarded the Microsoft Most Valuable Professional (MVP) for his contributions.
  • Muhammad Alharmeel is a CyberDefense consultant with 15+ years of experience. He helped multiple organizations improve their security, performed numerous security assessments, and responded to attacks for clients in government, financial, high technology, healthcare, and other industries. He holds multiple hands-on respected certifications within defensive and offensive domains, such as the prestigious GIAC Security Expert, Offensive Security Certified Expert OSCE, and the Certified Information Security Manager - CISM designation.
  • Ahmed Shawky is a Lead ThreatHunter @IBM and application security expert with a high commitment to open-source. He authored multiple SOC-related tools, such as Detection Lab ELK and Mail Header Analyzer, and is a big fan of Detection Engineering & SecOps automation.


  • Module 1: Security Operation (SecOps) Fundamentals
    • SOC Overview
    • SOC components - tools and technologies
    • SOC components - people
    • SOC components - processes
    • Labs:
      • Microsoft Defender for cloud
      • OSSEC Host Intrusion Detection System (HIDS)
      • Nessus for vulnerability assessment
      • Microsoft Sentinel SIEM / SOAR
      • Canary tokens
  • Module 2: Incident Response
    • IR Overview
    • Preparation
    • Detection and analysis
    • Containment
    • Eradication
    • Recovery
    • Post-incident activities
    • Labs:
      • Suricata - network detection
      • C2 traffic detection with RealIntelligenceThreatAnalytics (RITA)
      • Application detection - web shells
      • Sysmon: endpoint perimeter/system detection
      • Velociraptor - enterprise incident response
  • Module 3: Threat Intelligence
    • Introduction
    • Collection and storage
    • Modeling and analysis
    • MITRE ATT&CK for CTI
    • Attribution and Intel Sharing
    • Labs:
      • Shodan open source intelligence
      • IOC extraction
      • OpenCTI: open cyber threat intel platform
      • Threat profiling using MITRE ATT&CK Navigator
      • MISP: malware information sharing platform
  • Module 4: Digital Forensics
    • Introduction
    • Data acquisition
    • Windows forensics
    • Linux forensics
    • Memory forensics
    • Network forensics
    • Labs: in progress
  • Module 5: Threat Hunting and Emulation
    • Introduction
    • Tools and technologies
    • Security information and event management SIEM
    • Network level threat hunting
    • Endpoint level threat hunting
    • Application level threat hunting
    • Threat emulation
    • Labs: in progress
  • Module 6: Perimeter Defense - Email Security
    • Spoofing threats and defenses
    • Attachments threats and defenses
    • URLs threats and defenses
    • Extra mile controls
    • Labs:
      • SPF, DKIM, and DMARC deployment
      • GoPhish phishing simulator
      • Detecting phishing attacks using Canarytokens



  • Solid understanding of Windows and Linux operating systems
  • Reasonable research and problem-solving skills.
  • Familiarity with basic entry-level technology, networks, and security concepts.
  • Access to an enterprise environment is a plus.

Get Certified

No stuffing! The course is straightforward, focused, and to the point, ensuring that every explained topic can be practically applied in your work environment. Challenge the exam after completing the course to validate your knowledge.





7 days 100% Money Back Guarantee

If you are not satisfied for ANY reason, simply request a refund, and we will return your money.  No questions asked!