For the purpose of this site, “affordable” is under $1,000
I will try to keep up with price changes, however, the prices listed here may not always be accurate.
| Name & Direct Link | Platform/Instructor | Price in US Dollars | Price Frequency | Topics |
|---|---|---|---|---|
| Hands-On Incident Response Fundamentals | Pluralsight - Ryan Chapman | 29 | Monthly (There are also $299 and $449 yearly options) | Defining Incident Response, Common Incident Response Tasks, Analyzing Files, Base64, Threat Intelligence, IOCs |
| Operationalizing Cyber Threat Intel: Pivoting & Hunting | Pluralsight - Ryan Chapman | 29 | Monthly (There are also $299 and $449 yearly options) | Cyber Threat Intelligence (CTI), IOC Extraction, IOC Pivoting, IOC Hunting, Intel Management |
| Security Event Triage Path | Pluralsight - Various Instructors | 29 | Monthly (There are also $299 and $449 yearly options) | Analyzing Network, Application, Machine & Endpoint Data, TTPS, KSAs, Tools, Detecting Malicious Traffic, Monitoring Assets and Topology, Detecting Anomalies, Statistical Baselining with SIEM Data |
| Streamlining Your Incident Response Process with Splunk | Pluralsight - Aaron Rosenmund and Ryan Chapman | 29 | Monthly (There are also $299 and $449 yearly options) | Introduction to Splunk, Log Data, Aggregation, Splunk Resources, Using Splunk. Note: In addition to this one, there are a lot of Splunk courses on Pluralsight including certification paths. |
| Investigation Theory | Applied Network Defense - Chris Sanders | 647 | One Time | Mental Models for Approaching an Investigation, Interpreting Evidence, Asking Investigative Questions, Open Source Intel, Strategies for Tracking the Investigation Process, Finding Leads Without Alerts, Recognizing Negative Bias, Reporting |
| ELK for Security Analysis | Applied Network Defense - Chris Sanders | 497 | One Time | Elasticsearch, Logstash, Kibana, Beats, JSON, Collecting and Manipulating Structured and Unstructured Data, Searching Data, Building Dashboards, Building Data Pipelines, Logs, Netflow, IDS Alerts, CSV Files |
| Building Virtual Labs | Applied Network Defense - Tony Robinson | 197 | One Time | This is a choose your own adventure style course where you can chose to build a lab with Snort, Suricata, or Splunk. IDS/IPS, SIEM, Log Aggregation. |
| Practical Threat Hunting | Applied Network Defense - Chris Sanders | 647 | One Time | Hunting Frameworks, MITRE ATT&CK, Common Types of Anomalies, Effective Note Taking, ELK, Hands-On Threat Hunting Labs |
| Practical Packet Analysis | Applied Network Defense - Chris Sanders | 797 | One Time | How Networking Works at the Packet Level, Interpreting Packet Data, Wireshark, Filters, Network Protocols, Application Layer Protocols, Packet Carving Techniques, How Malware Communicates on the Network |
| Osquery for Security Analysis | Applied Network Defense - Josh Brower | 397 | One Time | Crafting SQL Queries, Interrogating Processes to Determine if They're Malicious, Uncovering Persistence and Lateral Movement, MITRE ATT&CK, Kolide, ELK Stack, Generating Alerts |
| Intrusion Detection with Suricata | Applied Network Defense - Open Information Security Foundation | 497 | One Time | Installing and Configuring Suricata, Techniques for Capturing Network Data, Rules, EveBox, JQ, Alerts |
| Demystifying Regular Expressions | Applied Network Defense - Darrel Rendell | 197 | One Time | How to Apply Regex, Building and Testing Regular Expressions, Writing Host-Based Detection with YARA, Grep, Snort Rules, Matching Host Logs in SIEMs |
| Project Ares | Circadence | 90 | Per Month (There is also a $900/Annual Option) | This is a Hands-On gamified learning platform with paths that include Cyber Defense Analyst. There are also battle rooms that include forensics, Linux, and scripting as well as games to learn about protocols, Regex, and the Cyber Kill Chain. |
| LetsDefend | LetsDefend | 15 | Per Month | This is a SOC Simulation Environment including alerts, case management, log search, endpoint security and threat intelligence. Save 15% off right now using code DFND15. Proceeds using that code go to the Innocent Lives Foundation. |
| Mastering Wireshark (Video) | Packt | 9.99 | Per Month (For everything on Packt) There is also a one time $124.99 purchase option for this course. | Network Forensics, Wireshark Customization, Capturing and Examining Traffic, Analyzing Network Protocols, Analyzing Application Protocols, Command Line Tools, Expanding & Troubleshooting Wireshark |
| An Introduction to Network Analysis | Security Blue Team | 26.71 | One Time | Networking 101, Wireshark, TCPDump, PCAP Analysis |
| Introduction to Threat Hunting | Security Blue Team | 26.71 | One Time | Threat Hunting Explained, IOCs, Hunting for Malware, Hashing, Mandiant Redline, File Properties |
| Blue Team Level 1 (Training and Certification) | Security Blue Team | 601.07 | One Time (The price includes training and two BTL1 certification exam attempts) | Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Incident Response, SIEM |
| Hands-On Incident Response Analysis | Packt - Suni Gupta | 9.99 | Per Month (For everything on Packt) There is also a $124.99 one time purchase option for the course. | Incident Response Strategy Formulation, Communication, Containment, Documentation, Forensics and Eradication. Detecting and Preventing Attacks, Handling Malicious Code, Insider Threats |
| Introduction to Malware Analysis for Incident Responders | Packt - Jason Dion | 9.99 | Per Month (For everything on Packt) There is also a $188.99 one time purchase option for the course. | Symptoms and Activities, Types of Malware, Infection Vectors, Malware Analysis, FlareVM, |
| Incident Handler Career Path | Cybrary | 49.50 | Per Month - There is also a $299 per year option | Incident Response Steps, Incident Response Planning, Implementing an Incident Response, Log Correlation & Analysis, Recovery, Chain of Custody, Documentation, Legal Concerns |
| SOC Analyst 1, 2, and 3 Career Paths | Cybrary | 49.50 | Per Month - There is also a $299 per year option | Threat Intelligence, Log Analysis, Wireshark, Cryptography, Attack Mitigation, Splunk, SIEM, Incident Response, Digital Forensics, Intrusion Detection, Reverse Engineering |
| The Complete Splunk Enterprise Certified Admin Course | Udemy - Adam Frisbee | 29.99 | One Time | Splunk Admin Basics, License Management, Configuration Files, Indexes, User Management, Authentication Management, Getting Data In, Distributed Search, Forwarders, Monitor Inputs, Network and Scripted Inputs, Agentless Inputs, Fine Tuning Inputs, Parsing Phase and Data, Manipulating Raw Data. |
| The Complete Splunk Beginner Course | Udemy - Adam Frisbee | 29.99 | One Time (Prices on udemy change but they have sales often) | Setting up a Splunk environment, Creating Reports and Dashboards, Understanding SPL (Search Processing Language), Building datasets and data models. |
| MDFIR - Certified DFIR Specialist | Mosse Cybersecurity Institute | 450 | One Time | File Analysis, Windows Forensics, Memory Forensics, Applications Forensics, Network Forensics, Malware Analysis, Enterprise Investigations, Threat Intelligence, Writing Digital Forensics and Incident Reports |
| MBT - Certified Blue Teamer | Mosse Cyber Security Institute | 450 | One Time | Deploy and Manage Incident Mitigation Strategies and Tools, Investigate and Contain Security Intrusions on Windows Systems, Analyze Suspicious Binaries and Malware Samples, Identify Unknown Attacks, Produce Threat Intelligence, Write Custom Tools |
| MTH - Certified Threat Hunter | Mosse Cyber Security Institute | 450 | One Time | Capturing Logs in Large-Scale Computer Networks, Using Python to Hunt for IOCs, Using YARA to Hunt for Malicious Binaries at Scale, Perform Deep-Dive Digital Forensics Investigations and Write Rapid Incident Response Reports |
| Blue Team Boot Camp: Defending Against Hackers | CodeRed | 24.99 | Per Month - There is also a $249 per year option. Both options include access to all courses on CodeRed. | Risk Analysis, Threat Intelligence, Cyber Kill Chain, Endpoint Security, EDR, Windows Hardening, OSQuery, PowerShell, WMI, Linux Hardening, ClamAV, Chkrootkit, HIDS in Linux, MITRE ATT&CK, Network Security, Firewalls, VLAN, Proxy Servers, Log Aggregation & Correlation, Windows Logs, Linux Logs |
| SOC Analyst Prep Workshop | Cover6 Solutions - Tyrone Wilson | 199 | One Time | Threat Management, Vulnerability Management, Cyber Incident Response, Security Architecture and Tool Sets. This is a live, virtual workshop. Dates vary. |
| CompTIA CySA+ Training | Dion Training | 399 | One Time | CySA+ Training, Practice Exams, and Hands-On Labs. |
| Cyber Defense Path | TryHackMe | 10 | Per Month | Security Operations and Monitoring, Threat Emulation, Incident Response, Forensics, Malware Analysis and Reverse Engineering |
| CyberChef for Security Analysts | Applied Network Defense | 397 | One Time | CyberChef, Character Encoding and Encryption, Data Formatting and Parsing, Defeating Malware Obfuscation, Log File and Forensic Analysis Techniques, Image Manipulation, HTTP Requests, JSON Data |
| INE - Incident Handling & Response | INE - Dimitrios Bougioukas | 49 | Monthly (There is also a $499 and $749/year option) | Incident Handling & Response Overview, Network Traffic & Flow Analysis, Practical Incident Handling, SOC 3.0 Operations & Analytics |
| Udemy - Balazs Lendvay | 39.99 | One Time | Investigate Wannacry behavior, Triage and identify IOCs, Static Analysis, Create a summary report of the incident | |
| Blue Team Labs Online | Blue Team Labs Online | 20.72 | Monthly | Incident Response, Digital Forensics, Phishing |
| RangeForce (The price is around $1500 for non-students) | RangeForce | 200 | One Time (Price is approximate for students only) | Security Operations, Suricata, Snort, YARA, Regular Expressions, Digital Forensics, Reverse Engineering, SIEM, SOAR, Splunk, Malware Analysis |
| Analyzing Network Traffic with Wireshark | Pluralsight | 29 | Monthly | Getting Started With Wireshark, Analyzing Network Protocols, TCP Analysis, Intermediate Wireshark Features, Visualizing Network Traffic, Using Wireshark Command Line Tools |
| Cisco Certified CyberOps Associate Path | Pluralsight - Joe Abraham | 29 | Monthly | Security Concepts, Host-Based Analysis, Security Monitoring, Network Intrusion Analysis, Policies and Procedures |
| Threat Hunting with YARA | Pluralsight - Cristian Pascariu | 29 | Monthly | How Signature Detection Works, YARA Rules, Defining Patterns, Installing YARA, Setting up an Analysis Environment, Generating Rules with Yargen, Writing Detection Rules, Analyzing Memory Artifacts with YARA, Detecting Threats Across the Network. |
| IBM QRadar Incident Detection and Response Path | Pluralsight - Ricardo Reimao | 29 | Monthly | Incident Detection and Investigation with QRadar |
| Managing and Responding to Security Events Using Azure Sentinel | Pluralsight - Muhammad Sajid | 29 | Monthly | Getting Data into Azure Sentinel and Using Workbooks, Threat Detection Using Analytics, Managing and Investigating Incidents, SOAR, Security Playbooks, APIs. |
| Business Email Compromise | Pluralsight - Tyler Hudak | 29 | Monthly | Business Email Compromises, BEC Prevention, Detection, and Response. |
| Network Analysis with Arkime | Pluralsight - Josh Stroschein | 29 | Monthly | Getting Started with Arkime, Analyzing Phishing Traffic, Identifying Malware Command and Control, Developing Techniques for Detecting Data Exfiltration, Detecting Malware Use of TLS Connections. |
| Detection Engineering with Sigma | Applied Network Defense - Josh Brower | 397 | One Time | Detection Engineering Process, Structure of Sigma Rules, SOC Prime Sigma UI Plugin for Kibana, Sigmac, How to Write Your Own Detection Rules Using Famliliar Log Sources Like Windows Events, Zeek Logs, Sysmon Logs, AWS, CloudTrail Logs and more. |
| MCSI CyZone Bootcamp | Mossé Cyber Security Institute | 300 | Per Month | This bootcamp incorporates red teaming/pen testing and DFIR related practical training. This includes file analysis, memory forensics, malware analysis, YARA, threat hunting, reverse engineering, incident response challenges, and playbooks. |
| CQure Academy | 599 | One Time (There is also a $799 option with a certificate) | Introduction to Incident Response and Handling, System and Network Security Mechanisms, Handling Malicious Code Incidents, Securing Monitoring Operations, Forensics Basics, Attack Prevention. | |
| Cloud Incident Response & Forensics | Cloud Academy | 39 | Per Month (There is also a $399/year option) | Cloud Forensics, Cloud Incident Response, Forensic Analysis Report, Log Analysis, Docker |
