This self-paced 16-hour course teaches participants how to perform initial incident response on Linux systems, covering both basic and advanced responder actions to minimize incident impact and cost. The curriculum is tailored for Linux system administrators (e.g. Ubuntu and Red Hat/CentOS environments) at an intermediate (Level 2) proficiency. Through scenario-based lessons and hands-on labs, students will learn to respond to unexpected outages, malicious activities (sabotage, insider threats, ransomware), and perform forensic evidence collection (disk imaging, memory capture) using only open-source tools. Emphasis is placed on secure out-of-band communication during incidents, effective team coordination, and sound tactical decision-making under pressure. By course end, attendees will be equipped to handle Linux security incidents using modern techniques and tools relevant to FY2026, without relying on any commercial software. Designed by operators for operators, this accelerated course is designed to help perform initial incident response activity on Linux systems. NICCS Training Link