Department of Defense Cyber Operator


Course Summary

The Department of Defense Cyber Operator course is presented by Perched, an Elastic company. This instructor-led course teaches network and endpoint security monitoring in a simple, practical way that builds incrementally. You will learn to use the Elastic Stack along with security tools like Zeek (formerly Bro) and Suricata to perform full-spectrum threat detection and hunting. The course ends with a 2-day, guided hunt capstone containing multiple scenarios — both as an individual hunter and as part of a DoD team — that will engage the newly learned skills to find the adversary in the traffic.

The course focuses on the Department of Defense's mission of threat hunting in unique contested networks.

Topics Covered

  • Linux foundations and security
  • Networking foundations
  • Packet analysis
  • The Elastic Stack
  • The Suricata Intrusion Detection System
  • Zeek Protocol Analyzer
  • Kibana for operators
  • Platform architecture and engineering
  • Endpoint detection and response
  • Assisted hunt

Course Details


Cybersecurity operators within the Department of Defense who need to analyze data to find bad actors in their network as part of a machine-assisted, human-driven operation.


10 Days | 8 hours per day

Upcoming Classes

This course is only offered privately. Please contact your sales representative or email us at to schedule a training.


There are no prerequisites for this course.


  • An OpenSSH-compatible secure-shell client
  • Mac, Linux, or Windows
  • Stable internet connection
  • Latest version of Chrome or Firefox (other browsers not supported)
  • Disable any ad blockers and restart your browser before class