Digital Defense Institute
Learn More

Our Training Philosophy

At Digital Defense Institute, we believe that the best way to learn is by doing. Our training philosophy is centered around experiential learning, where hands-on practice takes precedence over passive listening. Unlike traditional academic formats that rely heavily on lengthy slideshow presentations, our approach is dynamic and interactive. We design our courses to be immersive and engaging, providing real-world scenarios that allow participants to apply what they learn immediately. This approach ensures that the knowledge gained is not only theoretical but also practical and applicable in real-world cybersecurity environments.

Our trainings are advanced and cater to professionals who are serious about enhancing their skills in cybersecurity. While we do utilize a variety of tools in our courses, our primary focus is on teaching the methodology behind these tools. By understanding the underlying principles and strategies, our participants can adapt to any tool or challenge they may encounter in their professional roles.

Courses We Offer

Advanced Security Operations and Threat Hunting (ASOTH)

Our flagship course, Advanced Security Operations & Threat Hunting, is a comprehensive training program designed for cybersecurity defenders. This course is perfect for those specializing in detection engineering, threat hunting, adversary detection, and incident response. Participants will engage with cutting-edge strategies and techniques essential for identifying, tracking, and neutralizing sophisticated cyber threats.

What You Will Learn:

  • Detection Engineering Foundations
    Dive into the principles of detection engineering. Learn how to create robust detection systems that can adapt to evolving cyber threats. This day covers the key components of effective detection frameworks, including data collection, behavioral analysis, and alert system design.
  • Advanced Threat Hunting Techniques
    Move from reactive to proactive. Discover how to use advanced threat-hunting methods to seek out and identify latent threats within your environment. This session includes practical exercises in creating threat hypotheses, leveraging threat intelligence, and conducting deep-dive analyses.
  • Adversary Detection and Analysis
    Understand the tactics and mindset of modern cyber adversaries. Learn how to profile attackers, recognize patterns of compromise, and strengthen your organization’s defenses by anticipating and neutralizing attacks before they happen.
  • Incident Response and Mitigation
    Apply everything you’ve learned in real-world scenarios. This hands-on day focuses on incident response, covering everything from initial detection to containment, eradication, and post-incident analysis. Participants will leave with a strong ability to manage and mitigate cyber incidents effectively.

Why Attend This Course?

  1. Hands-On Experience with Real-World Scenarios: ASOTH is not just about learning theories; it's about applying them. Participants will engage in hands-on labs that simulate real-world cyber threats, providing practical experience that can be directly applied in your organization. This immersive approach ensures that you leave the course with skills that are not only learned but mastered.
  2. Stay Ahead of the Curve: In the constantly evolving field of cybersecurity, staying ahead of threats is crucial. ASOTH covers the latest trends in detection engineering, threat hunting, and incident response. By understanding and anticipating the tactics of modern adversaries, you will be better equipped to protect your organization from emerging cyber threats.
  3. Comprehensive Skill Development: This course provides a well-rounded approach to cybersecurity defense, covering everything from detection system design to advanced threat hunting and incident response. You'll learn how to build and refine robust detection systems, proactively hunt for threats, and respond effectively to incidents, ensuring comprehensive protection for your network.
  4. Learn from Industry Experts: Taught by seasoned professionals with extensive experience in security operations and incident response, ASOTH provides valuable insights that go beyond textbook knowledge. Benefit from the expertise of instructors who have faced real-world cybersecurity challenges and learn the strategies and techniques they use to safeguard organizations.
  5. Immediate Application: The skills and techniques you learn in ASOTH are designed for immediate application. Whether you’re looking to enhance your current security operations or implement new threat detection and response strategies, this course will empower you to make an immediate impact in your organization’s cybersecurity posture.

Threat Hunting & Incident Response with Velociraptor

Velociraptor is rapidly gaining recognition as a powerful tool for incident response and threat hunting, yet many cybersecurity practitioners have only scratched the surface of its capabilities. This in-depth, hands-on course is designed to unlock the full potential of Velociraptor, transforming it from a useful tool into an indispensable part of your cybersecurity arsenal.

Over the course of this immersive training, led by industry experts Eric Capuano and Whitney Champion, you will learn how to harness the latest features of Velociraptor to conduct effective threat hunting and incident response. The course will cover a broad spectrum of use cases, from rapid triage of systems to deep-dive forensic analysis, providing you with practical skills that can be immediately applied in real-world scenarios.

What You Will Learn:

  • Introduction to Velociraptor
    Get an overview of Velociraptor's architecture and capabilities. Learn how to set up and configure Velociraptor in various environments to maximize its effectiveness.
  • Effective Threat Hunting Techniques
    Discover how to proactively search for indicators of compromise using Velociraptor. Learn how to craft and execute custom queries to detect suspicious activity across multiple endpoints.
  • Incident Response Workflow
    Develop a comprehensive incident response strategy leveraging Velociraptor’s powerful features. Learn to quickly triage and isolate compromised systems, collect critical forensic data, and contain active threats.
  • Advanced Features and Customization
    Explore the latest enhancements to Velociraptor that nearly double its potential as an IR tool. Understand how to customize and extend Velociraptor to fit your specific organizational needs.
  • Real-World Scenarios and Hands-On Labs
    Engage in practical exercises that simulate real-world attacks. Apply what you’ve learned to identify, analyze, and respond to complex threats using Velociraptor in a controlled environment.

Why Attend This Course?

This course goes beyond basic tool usage, focusing on practical application and mastery of Velociraptor in the context of threat hunting and incident response. By the end of this training, you will have a solid understanding of how to deploy Velociraptor effectively in your security operations, allowing you to respond to incidents swiftly and accurately. Whether you are a seasoned security professional or looking to enhance your incident response capabilities, this course will provide you with valuable insights and hands-on experience.

This is the type of professional team you want to take training from. My trip report to my government overlords will reflect that this team can truly teach their expertise.
- Former Black Hat student

Events

Where We've Been And Where We'll Be

This was my first Black Hat experience, and this course exceeded my expectations. I will be going back to my job with several new skills.
- Former Black Hat student

Private Training Options

If your team can't attend one of our training sessions at a conference, we offer private training options tailored to your needs. Whether you prefer virtual sessions or on-site training at your location, we can bring our expertise directly to your team. Reach out to us to discuss how we can customize a private training session that works for your schedule and specific requirements.

Find Us

Find us at an upcoming conference. We won't necessarily be running trainings at all of these events, but plan to be in attendance.

Our Team

Eric

Eric Capuano

Eric Capuano is a Director at LimaCharlie and a SANS DFIR Instructor with over a decade of experience in Security Operations, Digital Forensics, and Incident Response. He began his Information Security career as a Tactics Developer for the United States Air Force, later transitioning to Cyber Warfare Operations. After his military service, Eric led cybersecurity operations across private and government sectors, including serving as CTO of Recon Infosec, a company he founded to deliver enterprise-grade security to organizations of all sizes. In 2016, he developed OpenSOC, a blue team CTF that has trained thousands of SOC and IR professionals worldwide. Eric also managed the Security Operations Center for the Texas Department of Public Safety, where he established the agency's first CSIRT. In his spare time, Eric shares technical training labs on his blog at https://blog.ecapuano.com. His certifications include GIAC, GCFE, GCFA, CEH, Security+, Linux+, LPIC-1, PCNSE, and A+.

Whitney

Whitney Champion

Whitney is the lead solutions architect at LimaCharlie and a co-founder and former lead architect of Recon InfoSec. She is a seasoned security architect and engineer with over 15 years of experience in designing and automating large-scale security infrastructure. She began her journey as a web and flash developer and sysadmin in the 90s and early 2000s, and after college became a security analyst for the Navy. Her work spans across building advanced security platforms, managing complex multi-environment deployments, and architecting comprehensive solutions that integrate cutting-edge tools and technologies. This includes building, automating, and maintaining the range environments and platforms used to drive and support our trainings. With extensive experience in both the private and public sectors, she excels at automating and orchestrating massive environments and streamlining security operations. Whitney’s passion for security and infrastructure drives her to continuously innovate and enhance the efficiency of security teams and operations. Her certifications include RHCA, RHCE, RHCVA, CISSP, CEH, Security+, Linux+, among others.

Matt

Matt Bromiley

Matt Bromiley, currently serving as the Lead Solutions Engineer at LimaCharlie, brings a wealth of experience in digital forensics, incident response, and cybersecurity. At LimaCharlie, he helps organizations build robust security programs using the best technology available to complement their needs. Previously an incident response consultant at numerous renowned DFIR firms, Matt has a diverse background in assisting clients across various industries with complex cybersecurity challenges. He is recognized for his expertise in digital forensics, malware analysis, network security monitoring, and rapid forensic analysis across large enterprises. As a DFIR SANS instructor, Matt has taught courses on advanced digital forensics, network forensics, and incident response. Matt has held the following certifications: GCFA, GNFA, GCTI.

Contact Us

Connect with us on socials, or shoot us an email at hello@digitaldefenseinstitute.com. :)