eLearnSecurity Blog

How To Get Started in Incident Response

With the growing concern over cyber security and the potential losses related to successful attacks, Incident Handling and Response professionals are seeing their career opportunities rise up. Is this career path of interest to you? Here’s how to get started in this field.

1. Understand Modern Cyber Attacks

As Information Security professionals and solutions get smarter, so are malicious hackers. To stay ahead, cybercriminals are always on the hunt for new ways to hack into your infrastructure, network, WiFi, smart objects and – let’s not forget – your brain. Sometimes, humans can be your weakest link. Indeed, malicious hackers are now targeting their attacks to specific individuals. This takes more time, as they need to research you via google, social media, etc. but has proven to be financially rewarding. This technique is called spear-phishing. Some other ways hackers might target your company are via:


  • Cryptojacking is defined as the secret use of your computing device to mine cryptocurrency. Cryptojacking used to be confined to the victim unknowingly installing a program that secretly mines cryptocurrency.

  • Advanced Persistent Threat (APT) is where an attacker can breach a network and stay undetected for a long period of time. The goal of these attacks is not to cause instant damage or immediately ask for ransom, drawing attention to your breach, but rather to insidiously steal information or security data in an unobtrusive way.

  • Internet of Things (IoT) devices are yet to prove themselves in terms of security as they are still incredibly insecure and can cause enormous damage (Ex. Smart cars, medical devices, etc.)

  • Point-of-sale (POS) attacks happen when cybercriminals use malware to target point of sale and payment terminals with the intent to obtain credit card and debit card information. (Read more about last year’s POS attack on Tim Horton)

  • Artificial Intelligence (AI) Information Warfare attacks is when an AI-generated video (commonly referred to as “deepfakes”) use machine-learning algorithms to create highly believable forgeries that can be used to depict individuals saying or doing things that never occurred. This technique is appealing to threat actors interested in weaponizing data for influence operations.

  • Fileless Malware is a dangerous type of attack that is typically found as part of an APT. As the name suggests, a file is never created, so standard antivirus file-based detection does not work against these breaches.

  • Mobile applications are increasingly used by companies as part of a smoother and mobile-adapted user experience strategy. For this reason, cybercriminals are particularly interested in mobile apps as customers now upload most of their personal and financial information on them.

Of course, there are endless ways by which cybercriminals can get their hands on your personal information. That’s why it’s important to stay informed about the new techniques to stay secure.

2. Understand The Responsibilities

As the Incident Handling and Response field is still evolving, job titles for its professionals are still a little blurry. However, all have key responsibilities related to the 4 main phases of Incident Handling and Response, as follow:

  • Preparation: In this initial phase, professionals plan how to handle incidents and attempt to limit the number of potential incidents by selecting and implementing a set of controls based on the results of risk assessments.

  • Detection & Analysis: In this phase, professionals analyze all the symptoms reported and confirm whether or not the situation would be classified as an incident.

  • Containment, Eradication & Recovery: In this phase, it’s now time to gather intel and create signatures that will help identify each compromised system. With this information, the organization can mitigate the impact of incidents by containing them and set up countermeasures to neutralize the attacker and restore systems/data back to normal.

  • Post-Incident Activities: This is more of a ‘lesson learned’ phase where professionals have to find ways to improve the overall security posture of the organization and ensure that similar incidents don’t happen again.

3. Build Your Skillset

Part of being a great Incident Handling and Response professional is being up to date on the latest threats, as well as the tools and techniques to counter them. Of course, in today’s digital age, it’s easy to surf the internet and have a look at the various range of (free) resources it offers.

Here are some ways you can build your skillset and stay up-to-date:

  • Read books and blog articles about the different cyber threats and techniques to defend against them.

  • Watch webinars led by professionals in this industry and ask related questions to understand the topic better. Catch a replay of last month’s EH-Net Live! webinar with Mechele, Security Program Manager at the MSRC, to discover how Microsoft handles cyber incidents, blue team work, community outreach, and more.

  • Attend InfoSec conferences to get the latest insight on industry news, threats, tools, techniques, etc. and participate in their various training and challenges.

  • Enroll in a training course, online or in real life, that can help you understand how to analyze, detect, and respond to cyber incidents better and get your hands on life-like scenarios. This is the best way to prepare for real-life events.

4. Get Practical Experience

If you are already employed in a company where there is an IT Security department, ask your managers if you can spend a day or week training with the rest of the team. That way, you’ll be able to get an inside look at how everything works, the different roles and what best fits your career path and ambitions.

If you have not yet assumed any InfoSec role, don’t worry, there are other ways for you to get valuable practical experience. For example, you can get started with a hands-on training course that will get you the knowledge and know-how, then allow you to become certified to assess your skills. Another way to get your practical experience is volunteering, getting an internship, or also requesting the help of a mentor. In any cases, practice makes perfect!

The path to cyber Incident Handling and Response is not an easy one, but it’s not impossible. With hard work and dedication, there’s no doubt you’ll lead a successful career.

Aspiring to build a career in this field?

Our newly-launched Incident Handling & Response Professional (IHRP) training course will help you understand modern cyber attacks and how to detect them, as well as how to analyze, handle and respond to cyber incidents. In the occasion of this new course launch, we’re offering a free Edition upgrade until April 30. Get it now to get upgraded to the higher Edition or try it out for free before enrolling


Connect with us on Social Media:

Twitter | Facebook | LinkedIn | Instagram

Tags: , , , ,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page