TRANSITS I course is aimed at new or potential CSIRT personnel who wish to gain a  solid understanding of the main aspects of working in an incident handling and response team. It offers experience and expertise in Operational, Organizational, Legal and Technical areas which form knowledge basis for CSIRT personnel.

  • Organisational – covers how CSIRTs fit within their organisations and includes planning the team, defining its constituency, determining which services to offer, staffing, communicating with external parties, funding, and obtaining management authority.
  • Technical – covers how intruders attack systems and their motivations, how network protocols can be abused, vulnerabilities of operating systems and services, denial-of-service attacks, hiding traces, and information gathering techniques. Includes several practical exercises.
  • Operational – covers the incident handling process from initial reports, through triage, investigation, resolution, closure, to post-analysis. Includes practical exercises and a survey of useful tools.
  • Legal – covers areas of European legislation likely to affect CSIRTs in their work, and that operatives should be familiar with. This includes data protection, computer misuse, network monitoring, collection of evidence, and working with law enforcement agencies.

Other topics such as PGP keys and relevant RFCs are also covered during the course.

TRANSITS I offers participants a unique opportunity to mix with their peers and discuss security issues in a secured and trusted environment, whilst being tutored by seasoned experts of the European CSIRT community. Therefore TRANSITS I is an excellent opportunity for CSIRT personnel to acquire knowledge and build network. The course is open to individuals currently working for a CSIRT or network security related organisation, and those with bona-fide interest in establishing a CSIRT. Applications are also welcome from commercial, governmental, law enforcement and military organisations, as well as national research and education networks (NRENs) and research and education institutes.

Admission requirements

Applicants to TRANSITS I course are subject to a vetting procedure and are usually required to provide references. This is to ensure that individuals fulfil the course requirements and have a legitimate interest in network security. Application forms should therefore be completed as fully as possible.

Typical participants are usually experienced IT professionals with the growing interest and professional need to become system or network security experts. Familiarity with Internet protocols, addresses and port numbers is assumed. The basic expectation is that all participants are aware of security issues involved in connecting computers to the Internet and are committed to using their skills to improve the security of computers and networks. Individuals from other backgrounds and with other interests are welcome to contact the organisers to discuss their suitability for the course.


Dates & Locations

There are usually two TRANSITS I courses per year, one in spring and one in autumn. The course lasts two and a half days and involves 25-30 participants. You can read more about TRANSITS I experience from participants’ perspective in this blog post.

Because of COVID-19 situation, the face to face events in 2020 had to be cancelled. More information to follow soon. 

For other inquiries, please contact

TRANSITS I licensed courses are also periodically organised by third parties.

Course Fees

As per July 1st, 2016 the course fees for TRANSITS I are

€1,200 for non-commercial organisations

€1,500 for commercial companies

**These fees include accommodation for three nights, three lunches, one evening meal, coffee breaks, and course materials.