TRANSITS II courses are aimed at more experienced personnel working for established CSIRTs. They provide an in-depth study of network monitoring techniques, forensic analysis, the use of 'fire drills' for improving response and coordination, as well as providing training in how to improve communications with constituents. The trainers are amongst the most experienced members of the European CSIRT community, and these courses represent an excellent opportunity for CSIRT personnel to improve and hone their skills.

TRANSITS II courses are open to individuals familiar with incident handling and response techniques who are currently working for a CSIRT or network security related organisation. Applications are welcomed from commercial, governmental, law enforcement and military organisations, as well as NRENs and research and education institutes. Please note - those (fairly) new to incident handling and response work are advised to follow TRANSITS I first.

TERENA normally organises one TRANSITS II course per year. These are three full days in duration and involve 10-15 trainees at a time. The following modules are covered:

  • NetFlow Analysis - Covers how to analyse traffic flow log data captured in routers and switches. The nfsen and nfdump software can provide detailed anomaly detection and enable further forensic investigations to be undertaken.
  • Forensics - Covers how to collect evidence when network and systems are compromised. Data recovery from both disk and memory is also covered.
  • Communication - Communication skills are key in a CSIRT environment, This module covers how to liaise with constituents, formulate requests for funding, and communicate successes to management.
  • CSIRT Exercises - The worst time to try and develop a procedure is during an incident. This module selects 'fire drills' from the ENISA CSIRT Handbook and works through them as a group to highlight areas that may require attention in your operations.

Here is a nice blog post by a previous attendee to TRANSITS II from the Oxford University CSIRT Team.

Forthcoming Courses

The following courses will be announced here as soon as the details are known. To be among the first to hear about the next course, please sign up to the TRANSITS Announcements list.

Course Fees

TRANSITS II course fees are €1,450 for commercial companies, or €1,100 for non-commercial organisations.

These fees include three lunches, two evening meals, coffee breaks, and course materials. Please note - unlike TRANSITS I courses, hotel accommodation is not included in the fee and students are expected to fund their own travel and accommodation. VAT is in addition to the above fees, if applicable in the host member state.


Applicants to TRANSITS II courses are subject to a vetting procedure and are usually required to provide references. This is to ensure that individuals fulfil the course requirements and have a legitimate interest in network security. Application forms should therefore be completed as fully as possible.

Trainees are typically CSIRT employees with a least one year of experience, although other qualified persons from other backgrounds are welcome to contact the organisers to discuss the suitability of the course for them. They are expected to have a good working knowledge of incident handling and response techniques, and must be committed to using their skills to improve the security of computers and networks. Familiarity with Internet protocols, addresses and port numbers is assumed, and experience with Linux (using the command line) is an advantage.