Welcome to Cyber First Aid

What is Cyber First Aid?

Cyber First Aid (CFA) offers first responder training to non-technical staff, providing them with the skills and resources they need to deal with the immediate effects of a cyber incident occurring.

The CFA training covers both technical and mental health aspects and focuses on capacity building of staff to effectively contribute to responding and resolving a cyber security incident.

Principles of Cyber First Aid

Cyber First Aid is built on the following principles:

  • “to err is human”. Most people do not wake up in the morning thinking “today I will click on that link to bring my organisation down”;
  • no blame. Hindsight is not constructive when handling an incident. Living in the past and rehearsing mistakes feeds depression. Stressing about the future consequences feeds anxiety. Incident response is about living in the present.
  • democratisation of cyber incident response. This is acheived through diversification and inclusivity, investing on the technical and pscyhological strengths and capabilities of individuals and reinforcing them; 
  • limited size training cohorts, to build a safe, trust environment and to encourage support groups to develop organically.

Informed by the Human Layer Kill Chain...

The Human Layer Kill Chain, developed by the creators of Cyber First Aid, is one of the core tools for modelling and studying the modus operandi of the attacker and identifying the human vulnerabilities.

...and the Socio-Technical Kill Plane

By combining the Human Layer Kill Chain orthogonally with Lockheed Martin’s Cyber Kill Chain, we study the attacks on the right level of detail and allow individuals to contribute to parts of the attack they feel they can make a difference with their knowledge and skills.

Incident Response (IR) playbooks for the crowd

CFA advocates for the co-creation and open sharing of incident response playbooks.
The broader the uptake of standardised playbooks, the more effectively organisations can coordinate and respond during real-world cyber incidents.

Click here to view an example CFA playbook on ransomware.

Development through our affiliate trainer programme

If you believe in our mission to democratise incident response, why not become a certified CFA trainer? Through our Train-the-Trainer programme, you’ll be equipped to deliver engaging, evidence-based sessions that empower others to respond with confidence.

Interested? Use our contact form to start the conversation.

Choose your course

CFA Basic

Introduction to Cyber First Aid
A crash course into the basics of CFA.

What you’ll learn: CFA principles; preparing for the invevitable; the path to resilience; risk and the point of no return; coping under pressure; attacker’s MO and the Human Layer Kill Chain

Format: In-person (4 hours).

Book a course

CFA Essentials

Foundation-Level Training for Teams
A deeper dive into the CFA, including the option for CFA certification.

What you’ll learn: All CFA Basic, accompanied with additional participatory hands-on exercises, incident response playbooks for different incidents and scams; psychological resilience exercises.

Format: In-person, online (two full days or four half-days).

Book a course

CFA Business

Designed for larger teams or industries with existing cyber security incident handling capabilities, CFA Business provides solutions to onboard end users and other non-cyber security personnell into your incident response.

What you’ll learn: CFA Essentials; integration with your organisation’s existing incident handling processes.

Format: Fully flexible, with consultations for tailored material development.

Book a course
Scroll to Top