May 26 to 28: TRANSITS I – CSIRT Training with FIRST

Course Summary

The CSIRT training course aims to develop the knowledge and skills that are needed by staff who are members of a Computer Security Incident Response Team, who will join such a team, or who are involved in creating such a team.

Trainees are typically experienced system, network or IT managers. (Interested persons from other backgrounds are welcome to contact the organizers to discuss the suitability of the course for them). They are expected to have an awareness of the security issues involved in connecting computers to the Internet. They must be committed to using their skills to improve the security of computers and networks. For the technical side of the course, familiarity with the normal operation of TCP/IP networks, addresses, port numbers and protocols will be assumed.
The following modules are covered:

CSIRT Organization
Describes how CSIRTs fit into their organizations: planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with those outside the organization, staffing the CSIRT, funding. Students will discuss their own organization and how their team fits into it.

Technical Introduction
A basic introduction to the main attack vectors that malicious parties use to attack systems: intruders and their motivations, botnets, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial-of-service attacks.

CSIRT Operations
Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. As an exercise students will discuss and develop incident response plans for their own teams.

Legal Issues
A high level overview of the areas of legislation that are likely to affect CSIRTs in their work and that team members need to be aware of: origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence.

How to Apply:

In order for your application to be processed efficiently, we request that you send your application to project(at) with:
– in the subject : africacert V – Forum of Incident Response and Security Teams Training.
– providing the information specified below:

*** Full Name, address and short description (maximum 200 words) of the organization by which the applicant is employed.

Note: It is very important that you provide us with your personal institutional email address and not a generic one or an online service.
This is to ensure good communications and to verify the validity of the application.

*** Name, job title, postal address, phone and fax number and e-mail address of the person at management level within this organization who supports the application and can provide more information about the applicant.

*** Team Information (if team in operation); contact information and Charter according to RFC 2350 – (

NOTE: Applications will be accepted on a FIRST-COME-FIRST-SERVED basis.

Selection criteria will include the education and experience of the applicants, the contribution that they will be able to make to the overall security of the Internet. The workshop organizers may ask advice on the applications from the managers of the applicants and from appropriate members of the African Internet community.

May 30: APDay: Network Forensics with JPCERT.

This is one day training course on Network Monitoring and Traffic Analysis (Advanced)

CSIRT training for technical staff: advanced network monitoring


This is a one day workshop focusing on Network Monitoring and Traffic Analysisy.


Network Monitoring and Traffic Analysis (Advanced)


Network monitoring is one of the ways to understand what is happening within the network. This session will cover the basic knowledge of network monitoring and issues that we should know (Ex: legal issues, privacy issues, encryption, covert channel, etc.). This training course provide participants hands-on experience on analyzing traffic generated by malware, botnet and other malicious tools.

May: 29: Cybersecurity Talks with Djibouti.


1. The need for cybersecurity

2. A global strategy by multiple stakeholders.

10H-10H05. Welcome Addresses: Jean Robert Hountomey
10H-10H05 Welcome Addresses: Jean Robert Hountomey
10h:05 – 10h15 Djibouti Experience in cybersecurity
10H15-10H30 Introduction to AfricaCERT (Jean Robert)
10H30-10H50 Cybersecurity in Japan (Koichiro Komiyama San)
10h50-11H10 Developing a National Cyber-security Strategies (Prof Nabil).
11H10-11H30 Cybersecurity Strategy, a multistakeholder response (Dr Hashem)
11H30-11H50 Law Enforcement Readiness (Inspector Narayan)
11H50-12H.30 Thank you Note
CEO Djibouti Telecom
Dr NII Quaynor

May 31: AfricaCERTCybersecurity Day.
Theme: Beyond connection: Internetworking for African Development
9:00 – 11:00.Session 1: Opening

  • Welcome Address: Dr NII Quaynor
  • AfricaCERT Update: M. Jean Robert Hountomey
  • APCERT Update: Koichiro Komiyama San (JPCERT/CC)
  • Protecting the right to privacy in Africa in the digital age. M. Arthur Gwagwa
  • CSIRT: a Multi stakeholder Approach: DrSherifHashem
  • Update of EG CERT:DrSherifHashem
  • 11:30 – 13:00. Session 2: Countries Updates
    CSIRT Cameroon, TunCERT Experience on CERT, Update of TZCERT,, BF CSIRT Update, CI CERT Update
    14:00 16:00.Session 3: Challenges and solutions

  • Open source tools and ICT Security Proof of concept. Prof Nabil Sahli.
  • Law Enforcement and CERT collaboration. M. Gangalaramsamy Narayan
  • Open MIC Closing: Jean Robert Hountomey.