A week-long, hands-on computer
security training and exercise for cyber
defenders in the Department of Energy,
other government agencies, government contractors,
and related critical infrastructure.
The event consists of 3 days of intensive, hands-on training,
followed by a 2-day exercise
designed to reinforce the training and introduce more new concepts.
Introduce fundamental concepts in the four elements of incident response: network archaeology, host forensics, malware analysis, and incident coordination.
Inspect network traffic and log files to find evidence, malware, or behavior. Reverse engineer unknown binary protocols.
Investigate and retrieve malicious software artifacts from Windows systems.
Analyze malware using static and dynamic analysis techniques. Monitor the actions of executing malware and extract indicators of compromise.
Coordinate a large-scale incident; tying together analysts, management, IT, and other parties.
How it works
Participants self-organize into teams.
The teams are then let loose on a free-form
set of challenges spanning multiple categories.
Teammates work together to solve puzzles,
sharing tips and making new professional contacts.
Instructors will be available to help if your team gets stuck.
In addition to puzzles developed to test
techniques taught in the previous days' tracks,
participants can unlock hidden puzzle categories
to further develop their skills in new areas through
In previous events,
participants reported making an average of 5 new
The quality of the training tracks and exercise were each rated at greater than 4.5 out of 5.
6-10 Feb 2017
20-22 Jan 2017
6-9 Dec 2016
Oak Ridge TN
22-23 Oct 2016
19-21 Jul 2016
20-24 Jun 2016
22-26 Feb 2016
Las Vegas NV
24-26 Jan 2016
22-24 Jul 2015
1-5 Jun 2015
20-24 Apr 2015
Kansas City KS
4-8 Feb 2013
6-10 Febr 2012
Santa Fe NM
7-10 Mar 2011
Santa Fe NM
Santa Fe NM
Frequently Asked Questions
How much does this event cost?
We do not charge participants to attend this training, but you'll need to arrange your own transportation and hotel. A government-rate block of rooms may be available for the event, and instructions to reserve a room in that block will be provided at the time of registration and in your confirmation email.
Is this a conference?
No, this is not a conference. This is a training event. This event has been exempted in iPortal.
Am I registered?
You should receive a confirmation email shortly after registering. If you don't receive one or are unsure, email firstname.lastname@example.org and we'll verify your registration status.
Can I change my registration after submitting?
Yes, you can submit a new registration to replace the old one, or send an email to email@example.com with the corrections.
What do I need to bring?
You should bring a laptop with an Ethernet port, preferably running both Ubuntu and Windows. You'll also need an Ethernet cable. We recommend bringing your own Internet connection (e.g. cellular hotspot) just in case the venue's connection is poor/non-existent. Any other software/supplies should be specified in the syllabus for your track, and you should download, install, and configure any software before coming to the event.
Can you help me set up my laptop?
Yes, instructors will be available Sunday evening to help with configuration issues.
What is the dress code?
Human Subjects Research Notice
We use Cyber Fire as an opportunity to conduct research on training effectiveness, teamwork, and how
to build a community of computer security professionals. During the Cyber Fire exercise, we may observe
your activities, record when your team checks out a puzzle, your team's puzzle solutions and times they
were submitted, and your team's written comments (if any) on the puzzles. You may choose whether or not
to participate in other research activities, including talking directly to researchers and/or filling out
questionnaires and evaluation forms. We will not record your name or other information that could identify
you as an individual in any material collected for research purposes. If you have any questions or concerns
about your rights as a human subject, please contact us via the link on this page, or contact the Los Alamos
National Laboratory Human Subjects Research Review Board at (505) 667-1848 or HSRRBfirstname.lastname@example.org.