Edafio cybersecurity analyst Seth McGee received the GIAC Certified Incident Handler (GCIH) SEC504 Certification and Capture The Flag (CTF) Coin.
The GIAC Incident Handler certification validates a practitioner’s ability to detect, respond, and resolve computer security incidents using various essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.
- Incident Handling and Computer Crime Investigation
- Computer and Network Hacker Exploits
- Hacker Tools (Nmap, Metasploit and Netcat)
After completing the program, McGee can now effectively respond to breaches using indicators of compromise concerning Windows, Linux, and cloud platforms during an incident response. 50% of the course was hands-on, where the tester had to attack, defend, and assess the damage done by threat actors within complex network environments, real-world host platforms and applications.
In the hands-on environment, Seth used the attackers’ tools to understand how they are applied and the artifacts the attackers leave behind. By getting into the mindset of attackers, he learned how they apply their trade against organizations and used that insight to anticipate their moves and build better defenses.
The last day of the program was dedicated to a Capture the Flag (CTF) event, where they applied all the material learned throughout the week to an interactive game. The goal of the Capture the Flag Event was to learn how to prevent compromise and recognize how critically important detection and response are to keeping organizations out of the breach headlines.
Teams had access to the CTF network and a series of questions that required the player to know how to collect the flag or information from various websites and servers. Each question, when answered correctly, would give the team a specified number of points. As first-time CTF players, McGee’s team ended up winning the game with a score of 270 leaving second placing trailing by 20 points and third finishing at 203.
Through the rigorous process, his team examined real-world emerging threats that organizations experience, from watering hole attacks to cloud application service MFA bypass. These exercises allowed them to get into the mindset of attackers and learn how to anticipate their next move. With these in-demand skills, McGee can now conduct cyber investigations and comprehend how attackers scan, exploit, pivot, and establish persistence in the cloud and conventional systems.