The TRANSITS II course is aimed at experienced personnel working for established CSIRTs. It provides an advanced knowledge and experience of key areas in incident handling and response operations, training in how to improve communications with constituents, along with practical exercises.

At the moment, the following modules are offered:

  • NetFlow Analysis – covers how to analyse traffic flow log data captured in routers and switches. The nfsen and nfdump software can provide detailed anomaly detection and enable further forensic investigations to be undertaken.
  • Forensics – covers how to collect evidence when network and systems are compromised. Data recovery from both disk and memory is also covered.
  • Communication – communication skills are key in a CSIRT environment. The module covers how to liaise with constituents, formulate requests for funding, and communicate successes to management.
  • CSIRT Exercises – this module selects ‘fire drills’ from the ENISA CSIRT Handbook and works through them as a group to highlight areas that may require attention in your operations.

The variety and selection of TRANSITS II modules is constantly expanding. We welcome suggestions around advanced topics and and initiatives in developing the curriculum – transits-contacts@lists.geant.org.

TRANSITS II course is open to individuals familiar with incident handling and response techniques who are currently working for a CSIRT or network security related organisations. Applications are welcome from commercial, governmental, law enforcement and military organisations, as well as national research and education networks (NRENs) and research and education institutes. Please note – those (fairly) new to incident handling and response work are advised to follow TRANSITS I first.

The trainers are amongst the most experienced members of the European CSIRT community. Therefore TRANSITS II is an excellent opportunity for CSIRT personnel to improve and hone their skills as well as to expand their network.

More information on TRANSITS II experience from participants’ perspective can be found in this blog post.

Admission Requirements

Applicants to TRANSITS II courses are subject to a vetting procedure and are usually required to provide references. This is to ensure that individuals fulfil the course requirements and have a legitimate interest in network security. Application forms should therefore be completed as fully as possible.

Participants are typically CSIRT employees with a least one year of experience, although other qualified persons from other backgrounds are welcome to contact the organisers to discuss their suitability for the course. They are expected to have a good working knowledge of incident handling and response techniques, and must be committed to using their skills to improve the security of computers and networks. Familiarity with Internet protocols, addresses and port numbers is assumed, and experience with Linux (using the command line) is an advantage.

Dates & Locations

There is usually one TRANSITS II course per year. It is three full days in duration and involves 15 – 20 participants at a time.

Because of COVID-19 situation, the training planned for November 2020 had to be cancelled. More information to follow.

Course Fees

TRANSITS II course fees are €1,450 for commercial companies, or €1,100 for non-commercial organisations.

These fees include three lunches, one evening meal, coffee breaks, and course materials.

Please note – unlike TRANSITS I courses, hotel accommodation is not included in the fee and students are expected to fund their own travel and accommodation. VAT is in addition to the above fees, if applicable in the host member state.