New Establishing Cybersecurity Defense Lines and Incident Management

According to the 2025 cybersecurity reports and forecasts, the number and sophistication of cyber threats have significantly increased in recent times. The total damage caused by cybercrime is now so large that if it were a country, its GDP would be the third largest in the world, after the United States and China. Artificial intelligence and large language models (LLMs) are increasingly integrated into phishing and social engineering attacks, significantly increasing the risks. Compliance with the European Union’s NIS2 directive and domestic regulations also puts pressure on companies and organizations to implement and develop appropriate organizational and technical measures.

The goal of the Training360 CyberSecurity Connect training series is to provide useful, up-to-date, and practically applicable technical and management knowledge in cybersecurity, delivered and supported by professional senior security experts, thereby promoting proactive preparation and more effective operation of companies. The first course in this series is the blended learning course titled "Establishing Cybersecurity Defense Lines and Incident Management."

The approximately 40-hour training is based on self-paced, modular video materials, guided and independent practical tasks, live instructor-led consultations (mentoring), and asynchronous forum support. All of this is offered in a time-flexible format, with a learning path, replayable materials, and a professionally prepared remote access lab environment.

The total duration of the training material, including consultations, is 8 weeks, which means 4-6 hours of commitment per week (the e-learning materials and exercises can be completed according to the recommended schedule, but flexibly and freely in terms of time; live consultation sessions are held in the afternoons between 5:00 PM and 7:00 PM). The live consultation sessions are recorded and can be replayed for up to one month after the end of the training.

The training is primarily recommended for employees and teams responsible for the technical implementation and information security management in small and medium-sized organizations and companies.

• It can be ideal for system administrators, network operators, junior security experts, and security analysts whose tasks will include establishing and supporting defense lines and who wish to acquire comprehensive theoretical and practical knowledge.
• The training is also recommended for information security managers and technical leaders with an IT operations background who want to learn about appropriate organizational measures in addition to technical implementation options.
• For IT professionals who want to acquire valuable and marketable knowledge and build their careers in the field of defense line establishment and security incident management.

The goal of the training titled “Establishing Cybersecurity Defense Lines and Incident Management” is to

• provide a complete and comprehensive overview of the establishment and operation of cybersecurity defense lines and incident management at both technical and organizational levels
• introduce participants to how they can establish and operate their organization’s or company’s security defense lines and integrate incident management solutions into them
• present the organizational measures, legal frameworks, and steps necessary for incident handling
• demonstrate in practice the operation, planning, implementation, and use of logging and analysis tools, protocols, and related security systems
• explain the relationship between business continuity and incident management, and how to develop an appropriate BCP plan
• cover the basics of security testing
• introduce the principles of Red, Blue, and Purple Teaming solutions, various attack tools, and the applicability of logging systems for detecting and uncovering these attacks

Main topics and structure of the training:

• Module 0: Introduction. Presentation of the experts (instructors), the structure of the training, and the recommended learning methodology, materials, and tools (live, online format).
• Module 1: Basics of Incident Management. Introduction to the basic concepts and processes of incident management, along with a brief overview of domestic and international regulations governing incident handling (video e-learning format).
• Module 2: Organizational Frameworks of Incident Management, CSIRTs and SOCs. Organizational background of incident handling at corporate, governmental, and international levels. How these organizations and teams are structured, their roles, how they operate, and how they interconnect (video e-learning format).
• Module 3: Technical Toolkit for Incident Management, Log Sources and SIEM Systems. Explanation of architectural aspects and the full lifecycle of log management within organizations. What logs are, what types are generated, and how they are created. How to manage and protect logs. Practical log management. How AI can support logging and log analysis tasks (video e-learning format).
• Live online consultation session, 1 hour (Modules 1-3).
• Module 4: Design Considerations of SIEM Systems. Presentation of a corporate log management infrastructure and its components, description of goals, functions, design considerations, and recommendations (video e-learning format).
• Module 5: Incident Management Process with EDR, XDR, MDR, and CTI in Practice. Comprehensive overview of the role of EDR, XDR, and MDR technologies in modern cybersecurity, and their practical use in incident management. How these solutions complement each other in threat detection, investigation, and response, and how CTI (Cyber Threat Intelligence) can be used to contextualize and prioritize incidents (video e-learning format).
• Module 6: Business Continuity and Incident Management. Outline of the knowledge and steps necessary to prepare a Business Continuity Plan (BCP). What goals to set, what documentation and resources are needed to create a functional BCP (video e-learning format).
• Live online consultation session, 1 hour (Modules 4-6).
• Module 7: Use of Logging Protocols and Tools. Detailed introduction and evaluation of logging protocols used in the market. History of logging protocols, currently used standardized and non-standardized protocols, message formats, and processing options. Technical challenges and solutions for building logging infrastructures. In the practical part, participants install Linux-based log servers, connect Windows devices, convert message formats, and install and configure archiving systems (video e-learning format, guided and independent exercises in a remote lab environment).
• Live online consultation session, 2 hours (Module 7).
• Module 8: Log Storage Devices in Practice. Installation of a log storage appliance into the previously assembled environment, capable of storing incoming messages, classifying and interpreting them, producing various statistics from parsed data, and visualizing these through different solutions (video e-learning format, guided and independent exercises in a remote lab environment).
• Live online consultation session, 2 hours (Module 8).
• Module 9: Use of Log Analysis Tools in Practice. Presentation and comparison of a log analysis tool with traditional log server functions. Participants install the tool and integrate it with the previously installed system. Later exercises include testing various attacks detectable (or not) by the installed log analyzer (video e-learning format, guided and independent exercises in a remote lab environment).
• Live online consultation session, 2 hours (Module 9).
• Module 10: Security Testing. The process and methodology of cyber attacks, from exploiting the human factor (social engineering) to IT-based attacks. The significance of the digital footprint and OSINT, advantages and risks of anonymity, and the Dark Web world. Types of vulnerabilities, OWASP Top 10 list, vulnerability scanning and ethical hacking practice, roles of Red Team / Blue Team / Purple Team. Testing methodologies and the legal-professional background of domestic assessments (video e-learning format, guided exercises in a remote lab environment).
• Module 11: Red/Blue/Purple Teaming in Practice. Introduction of various offensive tools in a pre-built lab environment. The goal is for participants to try some attack tools and observe the "noise" generated and how detectable they are with various logging systems (video e-learning format, guided and independent exercises in a remote lab environment).
• Live online consultation session, 2 hours (Module 11).
• Module 12: Summary and Knowledge Assessment. The final part is a self-study revision phase, allowing participants to review, process, and repeat all recorded training material, submit questions to experts via chat, which are answered live during a session summarizing the entire course. The training ends with a 50-question online knowledge test, offered in two time slots. Successful completion (above 70%) results in a certificate according to adult education law.

To effectively and comprehensively complete the course and technical exercises, the following prerequisites are required:

• Knowledge of basic information security concepts and principles
• Basic networking knowledge
• Basic Linux operational knowledge in some Linux distribution is highly recommended (operation, file system, basic commands, file management, process management, package management, user and permission management basics, logging basics, SSH)
• Basic Windows operational knowledge on some Windows Server system is highly recommended (file management, basic knowledge of network and AD DS tools, program management)
• Previous participation in IT projects is an advantage
• Since much of the information security terminology is in English, basic professional English knowledge is an advantage but not required to participate. The training is conducted in Hungarian.

Laptop or PC with a modern operating system and browser, preferably with local administrator privileges. PDF reader, broadband internet connection, speakers/headphones, and microphone. For laptops, an additional monitor is recommended; for PCs, two monitors are suggested to follow exercises and video materials in parallel.