Incident Response Lab Intensive

A 4-week intensive that drops you into a 72-hour simulated breach with daily mentor debriefs.

Duration: 4 weeks
Format: Hybrid intensive
Skill level: Intermediate
Certification: GIAC GCIH
Tuition: ₩1,900,000
Next intake: Next intake: 12 May 2026

Request information → Read curriculum approach

About this program

Built for analysts who already triage well but have never coordinated a real incident, this intensive runs three breach simulations across four weeks. Each scenario starts with a partial picture and asks you to scope, contain, and write the after-action — under realistic time pressure. Mentor debriefs happen the day after each scenario and use a structured "what would you do differently" protocol rather than a graded marking sheet.

What is included

Three full incident simulations with timed pressure
Containment, eradication, and recovery decision drills
Forensic triage: memory, disk, and timeline analysis basics
Stakeholder communication exercises with a non-technical mock executive
Structured after-action report writing with template review

By the end of the program

01 Lead a small team through containment without freezing
02 Write a clear, no-blame after-action stakeholders will read
03 Identify the two or three things you keep getting wrong under pressure

Frequently asked questions

Can I do this remotely?

Two of the three simulations are remote-friendly. The 72-hour scenario is significantly better in person — we hold seats for both formats but recommend the in-person path if you can.

Will I get certified?

How realistic is the pressure?

From past cohorts

The "explain it to a non-technical executive" drill was the most useful 40 minutes of my year.

IR analyst (survey)

Ready to talk through fit?

We do a 30-minute scenario walkthrough with admissions before any paid intermediate or advanced track. We will tell you honestly if a different program — or no program — would serve you better right now.

Request a fit call → Read the FAQ first