ISC2 Aims to Bridge DFIR Skills Gap With New Certificate - Dark Reading

CYBERSECURITY CAREERS NEWS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. ISC2 Aims to Bridge DFIR Skills Gap With New Certificate The nonprofit training organization's new program addresses digital forensics, incident management, and network threat hunting. Arielle Waldman,Features Writer,Dark Reading September 4, 2025 2 Min Read BRIAN LIGHT VIA ALAMY STOCK PHOTO ISC2 has rolled out a Threat Handling Foundations Certificate to help cybersecurity professionals improve digital forensics and incident response (DFIR) in the wake of increasingly disruptive attacks — many of which can lead to breaches. DFIR is a specialist area of incident response and therefore highly complex. The four-course offering provides hands-on experience about how to build an effective DFIR program, the foundations of digital forensics, incident management, and network threat hunting. Topics include DFIR, security program management, evidence requirements, communication, security operations, and the difference between an incident and a breach. Organizations are inundated by attacks but, at the same time, have fewer resources. The program teaches techniques used by security teams in the field. Prior experience is recommended but not required, according to ISC2. What's On the Course Agenda? Related:Mentorship & Diversity: Shaping the Next Generation of Cyber Experts Threats are rising fast, with attack surfaces expanding even faster. Organizations grapple with visibility, vulnerability patch management, and supply chain issues, which can make DFIR tricky. New security tools continue to emerge, but knowing which ones to buy and how to use them effectively can be tough. Learning how to "evaluate emerging tools, trends, and technologies in digital forensics" is one aspect of the certificate. Another aspect is how to differentiate incidents from events and breaches. The definitions are important to understand because the fallout and response widely vary. For example, breaches have additional disclosure, legal, and data privacy considerations. Similarly, the courses will outline how to recognize both the most common types of network threats and penetration testing versus network threat hunting. Spending time on high-risk threats is critical, especially when time is something many security teams lack.  Research Revealed DFIR Skills Gap ISC2 launched the certificate because research conducted by the nonprofit showed a significant DFIR skills gap, explains COO Casey Marks. More specifically, 60% of cybersecurity professionals said that skill gaps affected their ability to secure their organizations, and 25% reported that their teams lacked sufficient DFIR expertise. ISC2 collaborated with members and experts to identify the topics and skills that needed to be addressed prior to launching the new certificate. Breaches are not just IT issues anymore; they are now boardroom issues, Marks says. It is crucial for organizations to invest in ongoing skills development across cybersecurity teams to keep pace with attackers who are moving only faster. Being able to respond consistently is key, as threats skyrocket and attackers become more advanced. Related:With AI Reshaping Entry-Level Cyber, What Happens to the Security Talent Pipeline? Effective DFIR is becoming essential in light of more incidents and widespread breaches that emerge across the threat landscape. It is important for organizations to respond quickly and effectively, as well as to use forensics to learn from incidents and bolster security protocols. "While identifying the source of a file server ransomware attack is often within the scope of many IT engineers, the deeper investigative tasks that follow an incident demand specialized expertise, meticulous care, and well-established procedures to ensure the findings are accurate and actionable," Marks says.  About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERSECURITY CAREERS AI Reshaping Entry-Level Security Jobs May Affect the Talent Pipeline by Joan Goodchild NOV 21, 2025 CYBERSECURITY CAREERS Cyber Academy Founder Champions Digital Safety for All by Arielle Waldman OCT 18, 2025 CYBERSECURITY CAREERS Capture-the-Flag Competition Leads to Cybersecurity Career by Arielle Waldman SEP 19, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge THREAT INTELLIGENCE Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 MAR 16, 2026 THREAT INTELLIGENCE The Data Gap: Why Nonprofit Cyber Incidents Go Underreported MAR 13, 2026 CYBER RISK Cyberattackers Don't Care About Good Causes MAR 13, 2026 CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans MAR 12, 2026 Read More The Edge Want more Dark Reading stories in your Google search results?