C)IHE – Certified Incident Handling Engineer

C)IHE - Certified Incident Handling Engineer

CIHE Certified Incident Handling Career Track


Certified Incident Handling Engineer

The Certified Incident Handling Engineer vendor-neutral certification is designed to help Incident Handlers, System Administrators, and any General Security Engineers understand how to plan, create and utilize their systems in order to prevent, detect and respond to attacks. In this in-depth training, students will learn step-by-step approaches used by hackers globally, the latest attack vectors and how to safeguard against them, Incident Handling procedures (including developing the process from start to finish and establishing your Incident Handling team), strategies for each type of attack, recovering from attacks and much more. Furthermore, students will enjoy numerous hands-on laboratory exercises that focus on topics, such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware and using Netcat plus several additional scenarios for both Windows and Linux systems.

Graduates of the mile2 Certified Incident Handling Engineer training obtain real world security knowledge that enables them to recognise vulnerabilities, exploit system weaknesses and help safeguard against threats. This course covers the same objectives as the SANS® Security 504 training and prepares students for the GCIH® and CIHE certifications.

Accreditations & Acknowledgements

Accreditation And Certifications

Mile2 is:

  • ACCREDITED by the NSA CNSS 4011-4016
  • MAPPED to NIST / Homeland Security NICCS's Cyber Security Workforce Framework
  • APPROVED on the FBI Cyber Security Certification Requirement list (Tier 1-3)


Upon Completion

Upon completion of the Certified Incident Handling Engineer course, students will be able to confidently
undertake the CIHE certification examination (recommended).
Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever-changing security world.
This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world.

Key Data

Course Title:

Certified Incident Handling Engineer

Duration: 5 Days

Language: English

Class Format Options:

  • Instructor-led classroom
  • Live Virtual Training


  • A minimum of 12 months' experience in networking technologies
  • Sound knowledge of networking
  • Sound knowledge of TCP/IP
  • Knowledge of Microsoft packages
  • Basic Knowledge of Linux is essential

Student Materials:

  • Student Workbook
  • Student Lab Guide
  • Exam Prep guide

Certification Exam:

  • CIHE- Certified Incident Handling Engineer
  • Covers GCIH- GIAC Certified Incident Handler

CPEs: 40

Course Outline

  • Module I - Incident Handling Explained
  • Module II - Threats, Vulnerabilities, and Exploits
  • Module III – Preparation
  • Module IV - First Response
  • Module V – Containment
  • Module VI – Eradication
  • Module VII – Recovery
  • Module VIII - Follow-Up

Lab Outline

  • Module I Lab - Attacks Under The Microscope
  • Module II Lab - Ticketing System
  • Module III Lab - SysInternals Suite
  • Module IV Lab - Examine System Active processes
  • Final Scenario – 4 hours

Advanced Labs

  • Advanced Module I Lab - Computer Security Incident Response Team
  • Advanced Module II Lab - Log File Analysis: Analyzing a Shell History File
  • Advanced Module III Lab – Log File Analysis: Searching Attacks in your Apache Logs
  • Advanced Module III Lab - Rootkits and Botnets: How to Crash your Roommate's Windows 7 PC
  • Advanced Module III Lab - Rootkits and Botnets: Exploit MS Word to Embed a Listener
  • Advanced Module III Lab - Rootkits and Botnets: Zeus Trojan
  • Advanced Module IV Lab - Artifact Analysis: Processing and Storing Artifacts