Our TRANSITS I course is 3 days of training covering the basic knowledge you might need to work as a CSIRT team member.  You can see an example schedule here. In order to make the most of the course, here are some tips from our trainers.


For TRANSITS I courses organised by GÉANT and TF-CSIRT your accommodation, welcome drinks, lunches and one dinner is included.

Materials and Laptops

You can see most of the course materials here and you are free to review the material before the course.

You are encouraged to not use your laptop for work during the course – that way you will learn the most and get the best results from our training.

The course includes interactive sessions as part of the PGP keysigning, a group exercise and discussions in the core modules – please come prepared to participate.

Training Preparation

Ask yourself the following questions before the training, seen from your own perspective:

  • How does the “information security incident management” function in your organisation or for your constituency (= the people/organisations we work for) – that is, how do we prevent security incidents? And when they do happen, how do we solve them – and who does that?
  • If a serious/critical incident happens, do you have enough options and resources to solve the problem? Do you know what you are allowed to do *and* what you are expected to do (or must do)? Does the higher management support us when we need to take unpopular measures like filtering, or blocking, and when users or managers complain or get angry?
  • Is the leadership of your organisation aware of the challenge of security and security incidents, and do they understand and acknowledge that *they* and no one else are responsible for overall security? Do they appreciate that serious security flaws and incidents can have direct negative consequences for the primary process of the organisation, and all other processes?
  • Can your people who solve security incidents (usually referred to as the CERT or CSIRT, sometimes NCSC, SOC or otherwise) quickly and effectively escalate to the following parties, in the case of critical incidents:
    • their own manager
    • the leadership of the organisation (highest level management)
    • the department of communication/PR
    • the legal department
  • Does this still work on Sunday, in holidays, or when e.g. their manager or the CISO (Chief Information Security Officer) is otherwise unavailable?
  • Do your CERT/CSIRT people have sufficient training to do their job well? Do they have enough resources to do so? Are they 100% free to deal with a critical security incident when that occurs?