Group-IB Cyber Education

Leading-edge educational programs on cyber security

25%of cyber incidents are not investigated properly, which leads to repeated network compromise
+40%growth in the number of response requests
in 2019
73%of all successful cyberattacks involve social engineering

Group-IB’s approach to learning

We seek to enhance cybersecurity within companies. We tackle this problem by managing and honing skills. We cater for all key user groups, including technical specialists, senior executives, the general public, and kids.

Our comprehensive approach helps us protect companies from threats targeting employees, improve technical staff’s incident response and investigation skills, and ensure a high level of cybersecurity.

Interactive training format — Threat Hunting Game

The Threat Hunting Game is an educational individual competition that simulates the experience of threat hunting in a real environment. Players can test their skills in analyzing malware and network traffic, handling alerts, hunting for threats based on real-life cases, and win prizes using Group-IB Threat Hunting Framework.

Participants will receive

  • Access to Group-IB’s advanced threat hunting tool
  • Video guide on how to use this tool for threat hunting and malware analysis
  • Opportunity to demonstrate your skills
  • Personal certificate

Why Group-IB?

Experience in international investigations

Our training courses are based on 1300+ successful investigations worldwide.

Practicing experts

The course instructors are current Group-IB specialists, which translates to the most up-to-date and first-hand information for course participants.

Technical expertise

All courses are led by GCFA-, EnCE- and MCFE-certified experts.

Stimulating practical training

Practical exercises based on real-life cases make up 70% of the course.

Continuously updated program

Course materials are regularly updated with new cases from Group-IB’s experience, which ensures that the course program always reflects the latest trends.

Comprehensive development

Group-IB’s training courses provide a wide range of competencies for creating an effective information security department in any company.

Group-IB’s trainers

Vesta Matveeva

Head of the Investigation Department, Singapore

  • Vesta is a cybersecurity expert specializing in computer crime investigation, digital research, digital forensics, and incident response.
  • Vesta has investigated international cases involving financially motivated and state-sponsored APT groups such as Buhtrap, Cobalt, Silence, Lazarus, and more. During more than 50 incident response operations, she has investigated hacker techniques that allow cybercriminals to circumvent security measures. Vesta monitors cybercriminal gangs from the perspective of TTPs and attributes their activity.
  • She has also designed a range of training courses, computer forensics teaching methods, and cybersecurity tips. Since 2016, Vesta has organized training for banks, industrial enterprises, universities, and law enforcement agencies in various countries, including the UK, the Netherlands, Bahrain, Thailand and Singapore. In 2016-2017, she conducted forensic training for Europol.

Sergey Nikitin

Chief Operating Officer, Global HQ, Singapore

  • Sergey has been working internationally in digital forensics and incident investigation and response for nine years, including cases that involved Carbanak, Buhtrap, Lurk, Cobalt, Fin7, APT3, MoneyTaker, DarkVishnya, Silence, BlackEnergy, and other cybercriminal groups. He was one of the first experts to respond to global attacks such as NotPetya, BadRabbit, and WannaCry.
  • Sergey has been awarded a GCFA certificate and is an ISO/IEC 27001-certified auditor. He is also an official speaker for Group-IB on information security matters, with over 100 media articles, interviews, and TV appearances.

Feixiang He

Senior Threat Intelligence & Attribution Researcher

  • Feixiang conducts research on threat intelligence areas including malware behaviors, threat actor TTPs, malicious campaign operations, and attribution theory. He has extensive experience in topics related to the financial sector and Asian threat actors. He regularly presents the latest threat research to security conferences, law enforcement, and financial institutions. His interests included automated intelligence gathering in the wild and information source evaluation.

Andrey Kolmakov

Head of the High-Tech Crime Investigation Department

  • Shawn has been working in the field of cybersecurity for more than 4 years. He currently works in Group-IB’s Threat Intelligence & Attribution department to actively tracks the threat intelligence lifecycle. Shawn’s work focuses on underground forums, and the deep and dark web, where he interacts with threat actors to obtain critical information.
  • Shawn has deep interest in automated intelligence gathering and has developed tools to help him in his work. He is an Offensive Security Certified Professional (OSCP), and a GREM- and GCIH-certified specialist.

Igor Mikhailov

Digital Forensics Specialist

  • Igor has been working in digital forensics and computer incident investigation for more than 20 years and has conducted over 100 forensic investigations, many of which became sources of key digital evidence.
  • Igor is an EnCE-certified specialist, the author of Mobile Forensics Cookbook, and the creator of Cyber Forensicator, an international portal, and Computer Forensics, the biggest online resource of its kind in CIS.

Vitalii Trifonov

Creative Technical Director, Dubai

  • Vitalii is a reverse engineer with more than 8 years of experience in the field of malware research. His main interests include proactive protection technologies, incident response, threat hunting, threat intelligence, and malware analysis. Since 2011, he has trained many malware analysts and incident responders and led a team of reverse engineers. The extensive knowledge of APT group TTPs he has obtained during investigations and incident response activities allows him to provide the best services to the largest banks of Russia, Europe, and Asia.

Artyom Artyomov

Head of Digital Forensics Laboratory, Europe

  • With 13 years of international experience in digital forensics, incident investigation, and complex incident response, Artyom has taken part in the arrests of Carberp, Anunak, Buhtrap, Corcow, Cobalt, Moneytaker, Cron, and other criminal groups.
  • Artyom was the lead forensic specialist in high-profile investigations into the voting process of The Voice Kids and unauthorized access to Philipp Kirkorov’s personal information. Artyom teaches original digital forensics courses at several top schools and universities, including Bauman Moscow State Technical University, Higher School of Economics, MIREA Russian Technological University, the Russian Presidential Academy of National Economy and Public Administration, and the Academy of Russian Ministry of Internal Affairs.

Oleg Skulkin

Senior Digital Forensics Specialist

  • Oleg has been working in digital forensics, incident investigation, and response to complex cyberattacks worldwide for eight years. He is a regular participant and speaker at cybersecurity conferences, a GCFA-certified specialist, and a MITRE ATT&CK contributor.
  • Oleg is the author of more than 100 articles on digital forensics, incident response, threat hunting, and threat information collection and analysis. He is also the co-author of Windows Forensics Cookbook, Practical Mobile Forensics, and Learning Android Forensics.

Anastasia Barinova

Digital Forensics Specialist

  • Anastasia conducts digital forensics research, regularly participates in conferences, and develops training courses on digital forensics, incident response, threat hunting, and threat information collection and analysis.
  • Anastasia has held more than 60 training sessions in five countries and teaches original courses on digital forensics and fighting cybercrime at the Higher School of Economics, MGIMO, Moscow Institute of Physics and Technology, and Bauman Moscow State Technical University.

Svetlana Ostrovskaya

Digital Forensics Specialist

  • Svetlana conducted research on security analysis of smart home systems, web and mobile applications, and malware analysis for Android. She taught at Innopolis University, published in the IEEE international journal, and co-authored articles on information security and computer forensics.
  • Now Svetlana develops and updates courses on digital forensics, monitoring and incident response, attends professional conferences, regularly conducts trainings and master classes in Russia and around the world.

Anatoly Tykushin

Digital Forensics Specialist

  • Anatoly conducted a research study on digital forensics, the results of which have been presented at conferences and used in real incident response cases. He teaches digital forensics at Innopolis University and Skolkovo.
  • Anatoly regularly participates in complex incident response operations, conducts digital forensic investigations, develops methodologies, and assesses organizations’ incident response readiness.

Roman Rezvukhin

Malware Analyst

  • Roman has been working in malware analysis and reverse engineering for more than six years and regularly takes part in complex incident response operations worldwide.
  • Roman reverse engineers tools and malware used in complex attacks and develops utilities that automate incident response and malware analysis processes.


We conduct our courses and workshops either online or in-person at external venues or on-site.

How are the courses delivered?

We train the following groups:

  • General groups (employees from different companies)
  • Corporate groups (training for one company’s employees only)

Learn more about the current schedule and dates of upcoming courses at our course web pages or from Group-IB mailings.

Do the courses include practical exercises?

All our courses and workshops are practice-oriented and include real cases and lab sessions. As part of our courses for technical specialists, participants work on case studies independently under the trainer’s supervision.

What skills do you need to successfully complete a course?

Our technical courses require knowledge of information security and IT. Learn more about our requirements on our course web pages.

Workshops for children and wider audiences do not require special knowledge and are suitable for participants with any level of training.

Awards and recognition

Cybersecurity Training - Group-IB Education

Security Education – Group-IB Education

Best Cybersecurity Education Provider – Group-IB

Individual learning approach

Contact us to learn more about Group-IB educational programs

Get new report
Ransomware Uncovered 2021/2022

The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Get new report Ransomware Uncovered 2021/2022