TRANSITS-II courses are aimed at more experienced personnel working for established computer security incident response teams (CSIRTs). They provide an in-depth study of network monitoring techniques, forensic analysis, the use of 'fire drills' for improving response and coordination, as well as providing training in how to improve communications with constituents. The trainers are amongst the most experienced members of the European CSIRT community, and these courses represent an excellent opportunity for CSIRT personnel to improve and hone their skills.


TRANSITS-II courses are open to individuals familiar with incident handling and response techniques who are currently working for a CSIRT or network security related organisation. Applications are welcome from commercial, governmental, law enforcement and military organisations, as well as national research and education networking organisations (NRENs) and research and education institutes. Please note - those (fairly) new to incident handling and response work are advised to first follow TRANSITS-I.


GÉANT normally organises one TRANSITS-II course per year. These are three full days in duration and involve 20 train​ees at a time.

The following modules are covered:

  • NetFlow Analysis - how to analyse traffic flow log data captured in routers and switches - nfsen and nfdump software can provide detailed anomaly detection and enable further forensic investigations to be undertaken;
  • Forensics - how to collect evidence when network and systems are compromised, also including data recovery from both disk and memory;
  • Communication - these skills are key and this module covers how to liaise with constituents, formulate requests for funding, and communicate successes to management;
  • CSIRT Exercises - the worst time to try and develop a procedure is during an incident - this module selects 'fire drills' from the ENISA CSIRT Handbook and works through them as a group to highlight areas that may require attention in your operations.


Course fees​​

TRANSITS-II course fees are €1,450 for commercial companies, or €1,100 for non-commercial organisations. These fees include three lunches, one evening meal, coffee breaks, and course materials. Please note - unlike TRANSITS-I courses - hotel accommodation is not included in the fee and students are expected to fund their own travel and accommodation. VAT is in addition to the a​bove fees, if applicable in the host member state.



Applicants to TRANSITS-II courses are subject to a vetting procedure and are usually required to provide references. This is to ensure that individuals fulfil the course requirements and have a legitimate interest in network security. Application forms should therefore be completed as fully as possible.


Trainees are typically CSIRT employees with a least one year of experience, although other qualified persons from other backgrounds are welcome to contact the organisers to discuss the suitability of the course for them. They are expected to have a good working knowledge of incident handling and response techniques, and must be committed to using their skills to improve the security of computers and networks. Familiarity with internet protocols, addresses and port numbers is assumed, and experience with Linux (using the command line) is an advantage.

Forthcoming courses​​

For information about the upcoming courses, please refer to:​

TRANSITS-II materials

It is not possible to grant permission for use of the TRANSITS-II materials outside the GÉANT-run courses. Please, reach out to individual authors.​