Perched | Security Education, Consulting, and Support
Security Solutions

Education Services

Learn Security In-Depth


Developing a successful security program and designing/building/scaling security solutions is no small feat. Lean on our team's experience and partnerships to build something that meets your needs.

  • Make Elastic Stack work for you

  • Build your stack to be secure from the start

  • Enable your analysts

  • Identify your security gaps

  • Scale your operations

  • Build the right team

  • Use intelligence to find bad guys faster and make your data work for you

While we have some pre-developed education tracks, you can definitely contact us if you have something custom in mind. We'll happily create a class or series of classes for you.

Download full Perched Course Catalog (PDF)


Training Tracks


This is the jumping off point for all other tracks and the basis for all other specialized training.

  • Linux CLI

  • Introduction to Bro

  • Introduction to Kafka

  • Introduction to the File Scanning Framework

  • Introduction to the Elastic Stack

  • Introduction to CAPES

  • Introduction to Git


Operators love catching bad guys and are experts at figuring out where they are hiding in the data.

  • Introduction to Packet Analysis

  • Advanced Bro

  • Intrusion Detection Systems

  • Kibana for Operators

  • Guided Hunt


Engineers are the wrench turners that deploy security solutions and keep them running in the heat of the battle.

  • Ansible

  • Bro Install, Operate, and Maintain

  • Bro Performance Tuning
    Kafka Install, Operate, and Maintain

  • Passive Operations and Tapping

  • CAPES Install, Operate, and Maintain

  • Elastic Stack Install, Operate, and Maintain

  • Suricata Rule Management and Tuning

  • Sensor Troubleshooting and Engineer Capstone Event



If you love collecting data and using it to tell a story, this is probably the track for you.

  • Intelligence in a Cyber World

  • Intelligence Pipelines, Modeling, and Application

  • Intelligence Tools Sets

  • Intelligence Research and Analysis

  • Kibana for Analysts

Network Operations Center

Network sensors can provide valuable insights beyond the security use-case. This course teaches how to perform network ops tasks such as: flow monitoring, service availability, performance bottlenecks, and overall network health.

  • Elastic Stack Operate and Maintain

  • Platform Health Monitoring

  • Kibana for Network Operations


A lab-intensive course designed for Operators and Analysts that serve on a Hunt team that focuses on the best of breed open source security tools. Progresses from discussion of operations process models and works up to evaluating multiple threat scenarios.

  • Hunt Preparation

  • Individual Hunt

  • Team Hunt


CVA/H Operator Course

This 10 day course builds individual and team skills starting from little to no experience. It's very comprehensive in scope and covers the following:

  • Linux CLI

  • The Bro Protocol Analyzer

  • The Elastic Stack

  • Data Transformation with Logstash

  • Active On Network Operations

  • Packet Analysis

  • Intrusion Detection Systems

  • Kibana for Operators

  • Assisted Hunt

Security Monitoring with SOC Prime

SOC Prime provides an OEM plugin for Kibana that delivers SIEM functionality for event and indicator enrichment, workflows, SOC dashboards, and security use cases. 

  • Introduction to Elastic

  • Kibana Basics

  • Introduction to SOC Prime

  • Building Visualizations

  • Dashboards and Use Cases

  • Machine Learning and Alerting

  • Case Management

  • Guided Hunt

Threat Hunting With Corelight

The Corelight Sensor is an NSM platform built on Bro. This course focuses on operationalizing and visualizing the network metadata to hunt for adversaries.

  • Passive Operations and Tapping

  • Introduction to Bro

  • Bro Performance Tuning

  • Advanced Bro

  • Data Ingestion

  • Introduction to Elastic

  • Building Visualizations

  • Dashboards and Use Cases

  • Machine Learning and Alerting

  • Guided Hunt


Static Malware Analysis with OMEGA316

An interactive two-day course designed to teach and apply malware analysis fundamentals and adversary (TTPs Techniques, Tactics, and Procedures). Students will work in practical lab environment with simulated and real-world malware.

  • Applied Kill Chain Analysis

  • Static Malware Analysis

  • Dynamic Malware Analysis