Incident Response
Containment Sprint for Busy SOCs
Rapid isolation drills, evidence tagging, and handoff scripts tuned for overlapping shifts.
- Duration
- 2 days
- Format
- Immersive simulation
- Delivery
- In person
- Skill level
- Intermediate
- Certification track
- SOC coordination
- Team size
- Cohort 12-18
- Price
- KRW 980,000 (informational)
What happens inside
SOC administrators rehearse containment with realistic ticket storms, overlapping ownership, and strict evidence tagging. Instructors inject benign surprises to force re-prioritization without shaming participants.
Included modules
- Shift handoff checklist laminated + digital
- Evidence tagging schema aligned to internal tooling
- Isolation decision tree with rollback notes
- Voice loop etiquette drills for bridge calls
- Warm transfer scripts to desktop teams
- Quiet-room exercises for fatigued analysts
- After-action review template
Outcomes you can show
- Cut median containment chatter by tightening handoffs
- Produce two evidence bundles auditors praised
- Run a cross-shift rehearsal without schedule slip
Lead contact for this program
Elena Rostova
Curriculum editor translating field notes into teachable arcs.
Participant questions
Expect long seated blocks with optional stretch prompts every 90 minutes.
Notes from recent cohorts
Containment Sprint forced us to fix our bridge etiquette. The lunch working session on evidence tagging was the standout.
Wish the Linux lab had another hour, but the warm transfer scripts already saved a Friday night.
Talk with scheduling
Share your roster size and preferred month—no checkout on this site. We respond with calendar options and any private customization scope.
Open contact form